From: Tim Shimmin Date: Tue, 6 Feb 2001 05:41:13 +0000 (+0000) Subject: Choose new uid/gid and filter them appropriately. X-Git-Tag: v1.1.0~1314 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=84727f6253ebbf1040925ee8f44557502277f67c;p=users%2Fhch%2Fxfstests-dev.git Choose new uid/gid and filter them appropriately. --- diff --git a/051 b/051 index a67869e43..a4fc39543 100755 --- a/051 +++ b/051 @@ -59,9 +59,45 @@ _cleanup() _ls() { - ls -ln $* | awk '{ print $1, $3, $4, $NF }' + ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id } +_get_newid() +{ + cat /etc/passwd /etc/group $tmp.ids | gawk -F: ' + { ids[$3]=1 } + END { + for(i=1;i<1000000;i++){ + if (! (i in ids)) { + print i; + exit + } + } + }' +} + +_setup_ids() +{ + touch $tmp.ids + acl1=`_get_newid`; echo "::$acl1" >>$tmp.ids + acl2=`_get_newid`; echo "::$acl2" >>$tmp.ids + acl3=`_get_newid`; echo "::$acl3" >>$tmp.ids +} + +_filter_id() +{ + sed \ + -e "s/u:$acl1/u:id1/" \ + -e "s/u:$acl2/u:id2/" \ + -e "s/u:$acl3/u:id3/" \ + -e "s/g:$acl1/g:id1/" \ + -e "s/g:$acl2/g:id2/" \ + -e "s/g:$acl3/g:id3/" \ + -e "s/ $acl1 / id1 /" \ + -e "s/ $acl2 / id2 /" \ + -e "s/ $acl3 / id3 /" \ +} + # ----- # minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ # This is set with chacl(1) and can be changed by chmod(1). @@ -85,11 +121,10 @@ _ls() # -> this would be done by simultaneously matching on ACEs # -> interesting if it allows user to specify ACEs in any order # -_need_to_be_root - rm -f $seq.full -acl1=1001;acl2=1002;acl3=1003 +_need_to_be_root +_setup_ids [ -x /bin/chacl ] || _notrun "chacl command not found" [ -x $runas ] || _notrun "$runas executable not found" @@ -130,24 +165,24 @@ _ls file1 echo "" echo "--- Test get and set of ACL ---" -chacl -l file1 +chacl -l file1 | _filter_id echo "Expect to FAIL" chacl u::r--,g::rwx,o:rw- file1 2>&1 echo "Expect to PASS" chacl u::r--,g::rwx,o::rw- file1 2>&1 -chacl -l file1 +chacl -l file1 | _filter_id echo "" echo "--- Test sync of ACL with std permissions ---" _ls file1 chmod u+w file1 _ls file1 -chacl -l file1 +chacl -l file1 | _filter_id echo "" echo "--- Test owner permissions ---" chacl u::r-x,g::---,o::--- file1 2>&1 -chacl -l file1 +chacl -l file1 | _filter_id # change to owner echo "Expect to PASS" $runas -u $acl1 -g $acl1 ./file1 2>&1 @@ -157,7 +192,7 @@ $runas -u $acl2 -g $acl2 ./file1 2>&1 echo "" echo "--- Test group permissions ---" chacl u::---,g::r-x,o::--- file1 2>&1 -chacl -l file1 +chacl -l file1 | _filter_id echo "Expect to FAIL - acl1 is owner" $runas -u $acl1 -g $acl1 ./file1 2>&1 echo "Expect to PASS - acl2 matches group" @@ -170,7 +205,7 @@ $runas -u $acl3 -g $acl3 ./file1 2>&1 echo "" echo "--- Test other permissions ---" chacl u::---,g::---,o::r-x file1 2>&1 -chacl -l file1 +chacl -l file1 | _filter_id echo "Expect to FAIL - acl1 is owner" $runas -u $acl1 -g $acl1 ./file1 2>&1 echo "Expect to FAIL - acl2 is in group" @@ -190,10 +225,10 @@ echo "--- Test adding a USER ACE ---" echo "Expect to FAIL as no MASK provided" chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 echo "Ensure that ACL has not been changed" -chacl -l file1 +chacl -l file1 | _filter_id echo "Expect to PASS - USER ACE matches user" chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1 -chacl -l file1 +chacl -l file1 | _filter_id $runas -u $acl2 -g $acl2 ./file1 2>&1 echo "Expect to FAIL - USER ACE does not match user" $runas -u $acl3 -g $acl3 ./file1 2>&1 @@ -203,9 +238,9 @@ echo "--- Test adding a GROUP ACE ---" echo "Expect to FAIL as no MASK provided" chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 echo "Ensure that ACL has not been changed" -chacl -l file1 +chacl -l file1 | _filter_id chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1 -chacl -l file1 +chacl -l file1 | _filter_id echo "Expect to PASS - GROUP ACE matches group" $runas -u $acl2 -g $acl2 ./file1 2>&1 echo "Expect to PASS - GROUP ACE matches sup group" @@ -218,7 +253,7 @@ $runas -u $acl3 -g $acl3 ./file1 2>&1 echo "" echo "--- Test MASK ---" chacl u::---,g::---,o::---,g:$acl2:r-x,m::-wx file1 2>&1 -chacl -l file1 +chacl -l file1 | _filter_id echo "Expect to FAIL as MASK prohibits execution" $runas -u $acl2 -g $acl2 ./file1 2>&1 chacl u::---,g::---,o::---,u:$acl2:r-x,m::-wx file1 2>&1 @@ -250,8 +285,7 @@ echo "=== Test can read ACLs without access permissions ===" # This was a bug in kernel code where syscred wasn't being used # to override the capabilities chacl o::---,g::---,u::--- file1 2>&1 -chacl -l ./file1 - +chacl -l file1 | _filter_id #------------------------------------------------------- @@ -259,12 +293,12 @@ echo "" echo "=== Test Default ACLs ===" mkdir acldir chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" ./acldir 2>&1 -chacl -l ./acldir +chacl -l acldir | _filter_id cd acldir touch file2 _ls file2 -chacl -l ./file2 +chacl -l file2 | _filter_id cd .. #------------------------------------------------------- diff --git a/051.out b/051.out index 3b3672f33..0d84941b5 100644 --- a/051.out +++ b/051.out @@ -2,7 +2,7 @@ QA output created by 051 === Test minimal ACE === Setup file --rwxrw-r-- 1001 1002 file1 +-rwxrw-r-- id1 id2 file1 --- Test get and set of ACL --- file1 [] @@ -12,8 +12,8 @@ Expect to PASS file1 [u::r--,g::rwx,o::rw-] --- Test sync of ACL with std permissions --- --r--rwxrw- 1001 1002 file1 --rw-rwxrw- 1001 1002 file1 +-r--rwxrw- id1 id2 file1 +-rw-rwxrw- id1 id2 file1 file1 [u::rw-,g::rwx,o::rw-] --- Test owner permissions --- @@ -53,7 +53,7 @@ chacl: error setting access acl on "file1": Invalid argument Ensure that ACL has not been changed file1 [u::---,g::---,o::r-x] Expect to PASS - USER ACE matches user -file1 [u::---,g::---,o::---,u:1002:r-x,m::rwx] +file1 [u::---,g::---,o::---,u:id2:r-x,m::rwx] Test was executed Expect to FAIL - USER ACE does not match user sh: ./file1: Permission denied @@ -62,8 +62,8 @@ sh: ./file1: Permission denied Expect to FAIL as no MASK provided chacl: error setting access acl on "file1": Invalid argument Ensure that ACL has not been changed -file1 [u::---,g::---,o::---,u:1002:r-x,m::rwx] -file1 [u::---,g::---,o::---,g:1002:r-x,m::rwx] +file1 [u::---,g::---,o::---,u:id2:r-x,m::rwx] +file1 [u::---,g::---,o::---,g:id2:r-x,m::rwx] Expect to PASS - GROUP ACE matches group Test was executed Expect to PASS - GROUP ACE matches sup group @@ -72,7 +72,7 @@ Expect to FAIL - GROUP ACE does not match group sh: ./file1: Permission denied --- Test MASK --- -file1 [u::---,g::---,o::---,g:1002:r-x,m::-wx] +file1 [u::---,g::---,o::---,g:id2:r-x,m::-wx] Expect to FAIL as MASK prohibits execution ./file1: ./file1: Permission denied Expect to FAIL as MASK prohibits execution @@ -87,9 +87,9 @@ Expect to PASS as should match on user Test was executed === Test can read ACLs without access permissions === -./file1 [o::---,g::---,u::---] +file1 [o::---,g::---,u::---] === Test Default ACLs === -./acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---] +acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---] -r--r----- 0 0 file2 -./file2 [u::r--,g::r--,o::---] +file2 [u::r--,g::r--,o::---]