aboutsummaryrefslogtreecommitdiff
path: root/tests/sys/acl/tools-nfs4-psarc.test
diff options
context:
space:
mode:
Diffstat (limited to 'tests/sys/acl/tools-nfs4-psarc.test')
-rw-r--r--tests/sys/acl/tools-nfs4-psarc.test562
1 files changed, 562 insertions, 0 deletions
diff --git a/tests/sys/acl/tools-nfs4-psarc.test b/tests/sys/acl/tools-nfs4-psarc.test
new file mode 100644
index 000000000000..9ab0b51eedf5
--- /dev/null
+++ b/tests/sys/acl/tools-nfs4-psarc.test
@@ -0,0 +1,562 @@
+# Copyright (c) 2008, 2009 Edward Tomasz NapieraƂa <trasz@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# This is a tools-level test for NFSv4 ACL functionality with PSARC/2010/029
+# semantics. Run it as root using ACL-enabled kernel:
+#
+# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4-psarc.test
+#
+# WARNING: Creates files in unsafe way.
+
+$ whoami
+> root
+$ umask 022
+
+# Smoke test for getfacl(1).
+$ touch xxx
+$ getfacl xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+
+$ getfacl -q xxx
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+
+# Check verbose mode formatting.
+$ getfacl -v xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:read_data/write_data/append_data/read_attributes/write_attributes/read_xattr/write_xattr/read_acl/write_acl/write_owner/synchronize::allow
+> group@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow
+> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow
+
+# Test setfacl -a.
+$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> user:0:-----------C--:-------:allow
+> group:1:----------c---:-------:deny
+> everyone@:r-----a-R-c--s:-------:allow
+
+# Test user and group name resolving.
+$ rm xxx
+$ touch xxx
+$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx
+$ getfacl xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> user:root:-----------C--:-------:allow
+> group:daemon:----------c---:-------:deny
+> everyone@:r-----a-R-c--s:-------:allow
+
+# Check whether ls correctly marks files with "+".
+$ ls -l xxx | cut -d' ' -f1
+> -rw-r--r--+
+
+# Test removing entries by number.
+$ setfacl -x 1 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> user:0:-----------C--:-------:allow
+> group:1:----------c---:-------:deny
+> everyone@:r-----a-R-c--s:-------:allow
+
+# Test setfacl -m.
+$ setfacl -a0 everyone@:rwx:deny xxx
+$ setfacl -a0 everyone@:rwx:deny xxx
+$ setfacl -a0 everyone@:rwx:deny xxx
+$ setfacl -m everyone@::deny xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> everyone@:--------------:-------:deny
+> everyone@:--------------:-------:deny
+> everyone@:--------------:-------:deny
+> owner@:rw-p--aARWcCos:-------:allow
+> user:0:-----------C--:-------:allow
+> group:1:----------c---:-------:deny
+> everyone@:r-----a-R-c--s:-------:allow
+
+# Test getfacl -i.
+$ getfacl -i xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> everyone@:--------------:-------:deny
+> everyone@:--------------:-------:deny
+> everyone@:--------------:-------:deny
+> owner@:rw-p--aARWcCos:-------:allow
+> user:root:-----------C--:-------:allow:0
+> group:daemon:----------c---:-------:deny:1
+> everyone@:r-----a-R-c--s:-------:allow
+
+# Make sure cp without any flags does not copy copy the ACL.
+$ cp xxx yyy
+$ ls -l yyy | cut -d' ' -f1
+> -rw-r--r--
+
+# Make sure it does with the "-p" flag.
+$ rm yyy
+$ cp -p xxx yyy
+$ getfacl -n yyy
+> # file: yyy
+> # owner: root
+> # group: wheel
+> everyone@:--------------:-------:deny
+> everyone@:--------------:-------:deny
+> everyone@:--------------:-------:deny
+> owner@:rw-p--aARWcCos:-------:allow
+> user:0:-----------C--:-------:allow
+> group:1:----------c---:-------:deny
+> everyone@:r-----a-R-c--s:-------:allow
+
+$ rm yyy
+
+# Test removing entries by... by example?
+$ setfacl -x everyone@::deny xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> user:0:-----------C--:-------:allow
+> group:1:----------c---:-------:deny
+> everyone@:r-----a-R-c--s:-------:allow
+
+# Test setfacl -b.
+$ setfacl -b xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+
+$ ls -l xxx | cut -d' ' -f1
+> -rw-r--r--
+
+# Check setfacl(1) and getfacl(1) with multiple files.
+$ touch xxx yyy zzz
+
+$ ls -l xxx yyy zzz | cut -d' ' -f1
+> -rw-r--r--
+> -rw-r--r--
+> -rw-r--r--
+
+$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz
+> setfacl: nnn: stat() failed: No such file or directory
+
+$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
+> ls: nnn: No such file or directory
+> -rw-r--r--+
+> -rw-r--r--+
+> -rw-r--r--+
+
+$ getfacl -nq nnn xxx yyy zzz
+> getfacl: nnn: stat() failed: No such file or directory
+> user:42:--x-----------:-------:allow
+> group:43:-w------------:-------:allow
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+>
+> user:42:--x-----------:-------:allow
+> group:43:-w------------:-------:allow
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+>
+> user:42:--x-----------:-------:allow
+> group:43:-w------------:-------:allow
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+
+$ setfacl -b nnn xxx yyy zzz
+> setfacl: nnn: stat() failed: No such file or directory
+
+$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
+> ls: nnn: No such file or directory
+> -rw-r--r--
+> -rw-r--r--
+> -rw-r--r--
+
+$ rm xxx yyy zzz
+
+# Test applying mode to an ACL.
+$ touch xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx
+$ chmod 600 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:------a-R-c--s:-------:allow
+> everyone@:------a-R-c--s:-------:allow
+
+$ ls -l xxx | cut -d' ' -f1
+> -rw-------
+
+$ rm xxx
+$ touch xxx
+$ chown 42 xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
+$ chmod 600 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: 42
+> # group: wheel
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:------a-R-c--s:-------:allow
+> everyone@:------a-R-c--s:-------:allow
+$ ls -l xxx | cut -d' ' -f1
+> -rw-------
+
+$ rm xxx
+$ touch xxx
+$ chown 43 xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
+$ chmod 124 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: 43
+> # group: wheel
+> owner@:rw-p----------:-------:deny
+> group@:r-------------:-------:deny
+> owner@:--x---aARWcCos:-------:allow
+> group@:-w-p--a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+$ ls -l xxx | cut -d' ' -f1
+> ---x-w-r--
+
+$ rm xxx
+$ touch xxx
+$ chown 43 xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
+$ chmod 412 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: 43
+> # group: wheel
+> owner@:-wxp----------:-------:deny
+> group@:-w-p----------:-------:deny
+> owner@:r-----aARWcCos:-------:allow
+> group@:--x---a-R-c--s:-------:allow
+> everyone@:-w-p--a-R-c--s:-------:allow
+$ ls -l xxx | cut -d' ' -f1
+> -r----x-w-
+
+$ mkdir ddd
+$ setfacl -a0 group:44:rwapd:allow ddd
+$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
+$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
+$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
+$ getfacl -n ddd
+> # file: ddd
+> # owner: root
+> # group: wheel
+> user:42:r-x-----------:f-i----:allow
+> group:42:-w--D---------:-d-----:allow
+> group:43:-w--D---------:-d-----:deny
+> group@:-----da-------:-------:allow
+> group:44:rw-p-da-------:-------:allow
+> owner@:rwxp--aARWcCos:-------:allow
+> group@:r-x---a-R-c--s:-------:allow
+> everyone@:-w-p--a-R-c--s:f-i----:allow
+
+$ chmod 777 ddd
+$ getfacl -n ddd
+> # file: ddd
+> # owner: root
+> # group: wheel
+> owner@:rwxp--aARWcCos:-------:allow
+> group@:rwxp--a-R-c--s:-------:allow
+> everyone@:rwxp--a-R-c--s:-------:allow
+
+# Test applying ACL to mode.
+$ rmdir ddd
+$ mkdir ddd
+$ setfacl -a0 u:42:rwx:fi:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> drwxr-xr-x+
+
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr----x---+
+
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr---wx---+
+
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr--------+
+
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr--------+
+
+# Test inheritance.
+$ rmdir ddd
+$ mkdir ddd
+$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd
+$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd
+$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd
+$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd
+$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd
+$ getfacl -qn ddd
+> user:41:-w-----A------:f--n---:allow
+> group:41:r-----a-------:-din---:allow
+> user:42:-----------Co-:f-i----:allow
+> user:42:r-x-----------:f-i----:allow
+> group:42:-w--D---------:-d-n---:deny
+> group:43:-w---------C--:f-in---:deny
+> user:43:rwxp----------:-------:allow
+> owner@:rwxp--aARWcCos:-------:allow
+> group@:r-x---a-R-c--s:-------:allow
+> everyone@:r-x---a-R-c--s:-------:allow
+
+$ cd ddd
+$ touch xxx
+$ getfacl -qn xxx
+> user:41:--------------:------I:allow
+> user:42:--------------:------I:allow
+> user:42:r-------------:------I:allow
+> group:43:-w---------C--:------I:deny
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+
+$ rm xxx
+$ umask 077
+$ touch xxx
+$ getfacl -qn xxx
+> user:41:--------------:------I:allow
+> user:42:--------------:------I:allow
+> user:42:--------------:------I:allow
+> group:43:-w---------C--:------I:deny
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:------a-R-c--s:-------:allow
+> everyone@:------a-R-c--s:-------:allow
+
+$ rm xxx
+$ umask 770
+$ touch xxx
+$ getfacl -qn xxx
+> owner@:rw-p----------:-------:deny
+> group@:rw-p----------:-------:deny
+> user:41:--------------:------I:allow
+> user:42:--------------:------I:allow
+> user:42:--------------:------I:allow
+> group:43:-w---------C--:------I:deny
+> owner@:------aARWcCos:-------:allow
+> group@:------a-R-c--s:-------:allow
+> everyone@:rw-p--a-R-c--s:-------:allow
+
+$ rm xxx
+$ umask 707
+$ touch xxx
+$ getfacl -qn xxx
+> owner@:rw-p----------:-------:deny
+> user:41:-w------------:------I:allow
+> user:42:--------------:------I:allow
+> user:42:r-------------:------I:allow
+> group:43:-w---------C--:------I:deny
+> owner@:------aARWcCos:-------:allow
+> group@:rw-p--a-R-c--s:-------:allow
+> everyone@:------a-R-c--s:-------:allow
+
+$ umask 077
+$ mkdir yyy
+$ getfacl -qn yyy
+> group:41:------a-------:------I:allow
+> user:42:-----------Co-:f-i---I:allow
+> user:42:r-x-----------:f-i---I:allow
+> group:42:-w--D---------:------I:deny
+> owner@:rwxp--aARWcCos:-------:allow
+> group@:------a-R-c--s:-------:allow
+> everyone@:------a-R-c--s:-------:allow
+
+$ rmdir yyy
+$ umask 770
+$ mkdir yyy
+$ getfacl -qn yyy
+> owner@:rwxp----------:-------:deny
+> group@:rwxp----------:-------:deny
+> group:41:------a-------:------I:allow
+> user:42:-----------Co-:f-i---I:allow
+> user:42:r-x-----------:f-i---I:allow
+> group:42:-w--D---------:------I:deny
+> owner@:------aARWcCos:-------:allow
+> group@:------a-R-c--s:-------:allow
+> everyone@:rwxp--a-R-c--s:-------:allow
+
+$ rmdir yyy
+$ umask 707
+$ mkdir yyy
+$ getfacl -qn yyy
+> owner@:rwxp----------:-------:deny
+> group:41:r-----a-------:------I:allow
+> user:42:-----------Co-:f-i---I:allow
+> user:42:r-x-----------:f-i---I:allow
+> group:42:-w--D---------:------I:deny
+> owner@:------aARWcCos:-------:allow
+> group@:rwxp--a-R-c--s:-------:allow
+> everyone@:------a-R-c--s:-------:allow
+
+# There is some complication regarding how write_acl and write_owner flags
+# get inherited. Make sure we got it right.
+$ setfacl -b .
+$ setfacl -a0 u:42:Co:f:allow .
+$ setfacl -a0 u:43:Co:d:allow .
+$ setfacl -a0 u:44:Co:fd:allow .
+$ setfacl -a0 u:45:Co:fi:allow .
+$ setfacl -a0 u:46:Co:di:allow .
+$ setfacl -a0 u:47:Co:fdi:allow .
+$ setfacl -a0 u:48:Co:fn:allow .
+$ setfacl -a0 u:49:Co:dn:allow .
+$ setfacl -a0 u:50:Co:fdn:allow .
+$ setfacl -a0 u:51:Co:fni:allow .
+$ setfacl -a0 u:52:Co:dni:allow .
+$ setfacl -a0 u:53:Co:fdni:allow .
+$ umask 022
+$ rm xxx
+$ touch xxx
+$ getfacl -nq xxx
+> user:53:--------------:------I:allow
+> user:51:--------------:------I:allow
+> user:50:--------------:------I:allow
+> user:48:--------------:------I:allow
+> user:47:--------------:------I:allow
+> user:45:--------------:------I:allow
+> user:44:--------------:------I:allow
+> user:42:--------------:------I:allow
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+
+$ rmdir yyy
+$ mkdir yyy
+$ getfacl -nq yyy
+> user:53:--------------:------I:allow
+> user:52:--------------:------I:allow
+> user:50:--------------:------I:allow
+> user:49:--------------:------I:allow
+> user:47:--------------:fd----I:allow
+> user:46:--------------:-d----I:allow
+> user:45:-----------Co-:f-i---I:allow
+> user:44:--------------:fd----I:allow
+> user:43:--------------:-d----I:allow
+> user:42:-----------Co-:f-i---I:allow
+> owner@:rwxp--aARWcCos:-------:allow
+> group@:r-x---a-R-c--s:-------:allow
+> everyone@:r-x---a-R-c--s:-------:allow
+
+$ setfacl -b .
+$ setfacl -a0 u:42:Co:f:deny .
+$ setfacl -a0 u:43:Co:d:deny .
+$ setfacl -a0 u:44:Co:fd:deny .
+$ setfacl -a0 u:45:Co:fi:deny .
+$ setfacl -a0 u:46:Co:di:deny .
+$ setfacl -a0 u:47:Co:fdi:deny .
+$ setfacl -a0 u:48:Co:fn:deny .
+$ setfacl -a0 u:49:Co:dn:deny .
+$ setfacl -a0 u:50:Co:fdn:deny .
+$ setfacl -a0 u:51:Co:fni:deny .
+$ setfacl -a0 u:52:Co:dni:deny .
+$ setfacl -a0 u:53:Co:fdni:deny .
+$ umask 022
+$ rm xxx
+$ touch xxx
+$ getfacl -nq xxx
+> user:53:-----------Co-:------I:deny
+> user:51:-----------Co-:------I:deny
+> user:50:-----------Co-:------I:deny
+> user:48:-----------Co-:------I:deny
+> user:47:-----------Co-:------I:deny
+> user:45:-----------Co-:------I:deny
+> user:44:-----------Co-:------I:deny
+> user:42:-----------Co-:------I:deny
+> owner@:rw-p--aARWcCos:-------:allow
+> group@:r-----a-R-c--s:-------:allow
+> everyone@:r-----a-R-c--s:-------:allow
+
+$ rmdir yyy
+$ mkdir yyy
+$ getfacl -nq yyy
+> user:53:-----------Co-:------I:deny
+> user:52:-----------Co-:------I:deny
+> user:50:-----------Co-:------I:deny
+> user:49:-----------Co-:------I:deny
+> user:47:-----------Co-:fd----I:deny
+> user:46:-----------Co-:-d----I:deny
+> user:45:-----------Co-:f-i---I:deny
+> user:44:-----------Co-:fd----I:deny
+> user:43:-----------Co-:-d----I:deny
+> user:42:-----------Co-:f-i---I:deny
+> owner@:rwxp--aARWcCos:-------:allow
+> group@:r-x---a-R-c--s:-------:allow
+> everyone@:r-x---a-R-c--s:-------:allow
+
+$ rmdir yyy
+$ rm xxx
+$ cd ..
+$ rmdir ddd
+
+$ rm xxx
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-26 15:40:07 +0000