xref: /freebsd/contrib/pjdfstest/tests/granular/03.t (revision 2008043f386721d58158e37e0d7e50df8095942d)
1#!/bin/sh
2# vim: filetype=sh noexpandtab ts=8 sw=8
3# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/03.t 211352 2010-08-15 21:24:17Z pjd $
4
5desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD"
6
7dir=`dirname $0`
8. ${dir}/../misc.sh
9
10[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit
11
12echo "1..65"
13
14n0=`namegen`
15n1=`namegen`
16n2=`namegen`
17n3=`namegen`
18
19expect 0 mkdir ${n2} 0755
20expect 0 mkdir ${n3} 0777
21cdir=`pwd`
22cd ${n2}
23
24# Unlink allowed on writable directory.
25expect 0 create ${n0} 0644
26expect EACCES -u 65534 -g 65534 unlink ${n0}
27expect 0 prependacl . user:65534:write_data::allow
28expect 0 -u 65534 -g 65534 unlink ${n0}
29
30# Moving file elsewhere allowed on writable directory.
31expect 0 create ${n0} 0644
32expect 0 prependacl . user:65534:write_data::deny
33expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
34expect 0 prependacl . user:65534:write_data::allow
35expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
36
37# Moving file from elsewhere allowed on writable directory.
38expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
39expect 0 -u 65534 -g 65534 unlink ${n0}
40
41# Moving file from elsewhere overwriting local file allowed
42# on writable directory.
43expect 0 create ${n0} 0644
44expect 0 create ../${n3}/${n0} 0644
45expect 0 prependacl . user:65534:write_data::deny
46expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
47expect 0 prependacl . user:65534:write_data::allow
48expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
49expect 0 -u 65534 -g 65534 unlink ${n0}
50
51# Denied DELETE changes nothing wrt removing.
52expect 0 create ${n0} 0644
53expect 0 prependacl ${n0} user:65534:delete::deny
54expect 0 -u 65534 -g 65534 unlink ${n0}
55
56# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
57expect 0 create ${n0} 0644
58expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
59expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
60expect 0 -u 65534 -g 65534 unlink ${n0}
61
62# DELETE_CHILD denies unlink on writable directory.
63expect 0 create ${n0} 0644
64expect 0 prependacl . user:65534:delete_child::deny
65expect EPERM -u 65534 -g 65534 unlink ${n0}
66expect 0 unlink ${n0}
67
68# DELETE_CHILD denies moving file elsewhere.
69expect 0 create ${n0} 0644
70expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
71expect 0 rename ${n0} ../${n3}/${n0}
72
73# DELETE_CHILD does not deny moving file from elsewhere
74# to a writable directory.
75expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
76
77# DELETE_CHILD denies moving file from elsewhere
78# to a writable directory overwriting local file.
79expect 0 create ../${n3}/${n0} 0644
80expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
81
82# DELETE allowed on file allows for unlinking, no matter
83# what permissions on containing directory are.
84expect 0 prependacl ${n0} user:65534:delete::allow
85expect 0 -u 65534 -g 65534 unlink ${n0}
86
87# Same for moving the file elsewhere.
88expect 0 create ${n0} 0644
89expect 0 prependacl ${n0} user:65534:delete::allow
90expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
91
92# Same for moving the file from elsewhere into a writable
93# directory with DELETE_CHILD denied.
94expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
95expect 0 unlink ${n0}
96
97# DELETE does not allow for overwriting a file in a unwritable
98# directory with DELETE_CHILD denied.
99expect 0 create ${n0} 0644
100expect 0 create ../${n3}/${n0} 0644
101expect 0 prependacl . user:65534:write_data::deny
102expect 0 prependacl . user:65534:delete_child::deny
103expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
104expect 0 prependacl ${n0} user:65534:delete::allow
105expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
106
107# But it allows for plain deletion.
108expect 0 -u 65534 -g 65534 unlink ${n0}
109
110# DELETE_CHILD allowed on unwritable directory.
111expect 0 create ${n0} 0644
112expect 0 prependacl . user:65534:delete_child::allow
113expect 0 -u 65534 -g 65534 unlink ${n0}
114
115# Moving things elsewhere is allowed.
116expect 0 create ${n0} 0644
117expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
118
119# Moving things back is not.
120expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
121
122# Even if we're overwriting.
123expect 0 create ${n0} 0644
124expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
125
126# Even if we have DELETE on the existing file.
127expect 0 prependacl ${n0} user:65534:delete::allow
128expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
129
130# Denied DELETE changes nothing wrt removing.
131expect 0 prependacl ${n0} user:65534:delete::deny
132expect 0 -u 65534 -g 65534 unlink ${n0}
133
134cd ${cdir}
135expect 0 rmdir ${n2}
136