diff options
Diffstat (limited to 'tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh')
-rwxr-xr-x | tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh b/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh new file mode 100755 index 000000000000..3a8ef5e6251b --- /dev/null +++ b/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh @@ -0,0 +1,194 @@ +#!/bin/ksh -p +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# + +# +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# + +# +# Copyright (c) 2013, 2016 by Delphix. All rights reserved. +# + +. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib + +# +# DESCRIPTION: +# Scan the following permissions one by one to verify privileged user +# has correct permission delegation in datasets. +# +# STRATEGY: +# 1. Delegate all the permission one by one to user on dataset. +# 2. Verify privileged user has correct permission without any other +# permissions allowed. +# + +verify_runnable "both" + +log_assert "Verify privileged user has correct permissions once which was "\ + "delegated to him in datasets" +log_onexit restore_root_datasets + +if is_linux; then +# +# Results in Results in +# Permission Filesystem Volume +# +# Removed for Linux: +# - mount - mount(8) does not permit non-superuser mounts +# - mountpoint - mount(8) does not permit non-superuser mounts +# - canmount - mount(8) does not permit non-superuser mounts +# - rename - mount(8) does not permit non-superuser mounts +# - zoned - zones are not supported +# - destroy - umount(8) does not permit non-superuser umounts +# - sharenfs - sharing requires superuser privileges +# - share - sharing requires superuser privileges +# - readonly - mount(8) does not permit non-superuser remounts +# +set -A perms create true false \ + snapshot true true \ + send true true \ + allow true true \ + quota true false \ + reservation true true \ + dnodesize true false \ + recordsize true false \ + checksum true true \ + compression true true \ + atime true false \ + devices true false \ + exec true false \ + volsize false true \ + setuid true false \ + snapdir true false \ + userprop true true \ + aclinherit true false \ + rollback true true \ + clone true true \ + promote true true \ + xattr true false \ + receive true false + +elif is_freebsd; then +# Results in Results in +# Permission Filesystem Volume +# +# Removed for FreeBSD +# - jailed - jailing requires superuser privileges +# - sharenfs - sharing requires superuser privileges +# - share - sharing requires superuser privileges +# - xattr - Not supported on FreeBSD +# +set -A perms create true false \ + snapshot true true \ + mount true false \ + send true true \ + allow true true \ + quota true false \ + reservation true true \ + dnodesize true false \ + recordsize true false \ + mountpoint true false \ + checksum true true \ + compression true true \ + canmount true false \ + atime true false \ + devices true false \ + exec true false \ + volsize false true \ + setuid true false \ + readonly true true \ + snapdir true false \ + userprop true true \ + aclmode true false \ + aclinherit true false \ + rollback true true \ + clone true true \ + rename true true \ + promote true true \ + receive true false \ + destroy true true + +else + +set -A perms create true false \ + snapshot true true \ + mount true false \ + send true true \ + allow true true \ + quota true false \ + reservation true true \ + dnodesize true false \ + recordsize true false \ + mountpoint true false \ + checksum true true \ + compression true true \ + canmount true false \ + atime true false \ + devices true false \ + exec true false \ + volsize false true \ + setuid true false \ + readonly true true \ + snapdir true false \ + userprop true true \ + aclmode true false \ + aclinherit true false \ + rollback true true \ + clone true true \ + rename true true \ + promote true true \ + zoned true false \ + xattr true false \ + receive true false \ + destroy true true + +if is_global_zone; then + typeset -i n=${#perms[@]} + perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false" + perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false" +fi +fi + +for dtst in $DATASETS; do + typeset -i k=1 + typeset type=$(get_prop type $dtst) + [[ $type == "volume" ]] && k=2 + + typeset -i i=0 + while (( i < ${#perms[@]} )); do + log_must zfs allow $STAFF1 ${perms[$i]} $dtst + + if [[ ${perms[((i+k))]} == "true" ]]; then + log_must verify_perm $dtst ${perms[$i]} $STAFF1 + else + log_must verify_noperm $dtst ${perms[$i]} $STAFF1 + fi + + log_must restore_root_datasets + + ((i += 3)) + done +done + +log_pass "Verify privileged user has correct permissions " \ + "in datasets passed." |