xref: /freebsd/contrib/pjdfstest/tests/granular/03.t (revision 38d120bc13ac1de5b739b67b87016b9122149374) 
1#!/bin/sh
2# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/03.t 211352 2010-08-15 21:24:17Z pjd $
3
4desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD"
5
6dir=`dirname $0`
7. ${dir}/../misc.sh
8
9[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit
10
11echo "1..65"
12
13n0=`namegen`
14n1=`namegen`
15n2=`namegen`
16n3=`namegen`
17
18expect 0 mkdir ${n2} 0755
19expect 0 mkdir ${n3} 0777
20cdir=`pwd`
21cd ${n2}
22
23# Unlink allowed on writable directory.
24expect 0 create ${n0} 0644
25expect EACCES -u 65534 -g 65534 unlink ${n0}
26expect 0 prependacl . user:65534:write_data::allow
27expect 0 -u 65534 -g 65534 unlink ${n0}
28
29# Moving file elsewhere allowed on writable directory.
30expect 0 create ${n0} 0644
31expect 0 prependacl . user:65534:write_data::deny
32expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
33expect 0 prependacl . user:65534:write_data::allow
34expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
35
36# Moving file from elsewhere allowed on writable directory.
37expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
38expect 0 -u 65534 -g 65534 unlink ${n0}
39
40# Moving file from elsewhere overwriting local file allowed
41# on writable directory.
42expect 0 create ${n0} 0644
43expect 0 create ../${n3}/${n0} 0644
44expect 0 prependacl . user:65534:write_data::deny
45expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
46expect 0 prependacl . user:65534:write_data::allow
47expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
48expect 0 -u 65534 -g 65534 unlink ${n0}
49
50# Denied DELETE changes nothing wrt removing.
51expect 0 create ${n0} 0644
52expect 0 prependacl ${n0} user:65534:delete::deny
53expect 0 -u 65534 -g 65534 unlink ${n0}
54
55# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
56expect 0 create ${n0} 0644
57expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
58expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
59expect 0 -u 65534 -g 65534 unlink ${n0}
60
61# DELETE_CHILD denies unlink on writable directory.
62expect 0 create ${n0} 0644
63expect 0 prependacl . user:65534:delete_child::deny
64expect EPERM -u 65534 -g 65534 unlink ${n0}
65expect 0 unlink ${n0}
66
67# DELETE_CHILD denies moving file elsewhere.
68expect 0 create ${n0} 0644
69expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
70expect 0 rename ${n0} ../${n3}/${n0}
71
72# DELETE_CHILD does not deny moving file from elsewhere
73# to a writable directory.
74expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
75
76# DELETE_CHILD denies moving file from elsewhere
77# to a writable directory overwriting local file.
78expect 0 create ../${n3}/${n0} 0644
79expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
80
81# DELETE allowed on file allows for unlinking, no matter
82# what permissions on containing directory are.
83expect 0 prependacl ${n0} user:65534:delete::allow
84expect 0 -u 65534 -g 65534 unlink ${n0}
85
86# Same for moving the file elsewhere.
87expect 0 create ${n0} 0644
88expect 0 prependacl ${n0} user:65534:delete::allow
89expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
90
91# Same for moving the file from elsewhere into a writable
92# directory with DELETE_CHILD denied.
93expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
94expect 0 unlink ${n0}
95
96# DELETE does not allow for overwriting a file in a unwritable
97# directory with DELETE_CHILD denied.
98expect 0 create ${n0} 0644
99expect 0 create ../${n3}/${n0} 0644
100expect 0 prependacl . user:65534:write_data::deny
101expect 0 prependacl . user:65534:delete_child::deny
102expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
103expect 0 prependacl ${n0} user:65534:delete::allow
104expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
105
106# But it allows for plain deletion.
107expect 0 -u 65534 -g 65534 unlink ${n0}
108
109# DELETE_CHILD allowed on unwritable directory.
110expect 0 create ${n0} 0644
111expect 0 prependacl . user:65534:delete_child::allow
112expect 0 -u 65534 -g 65534 unlink ${n0}
113
114# Moving things elsewhere is allowed.
115expect 0 create ${n0} 0644
116expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
117
118# Moving things back is not.
119expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
120
121# Even if we're overwriting.
122expect 0 create ${n0} 0644
123expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
124
125# Even if we have DELETE on the existing file.
126expect 0 prependacl ${n0} user:65534:delete::allow
127expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
128
129# Denied DELETE changes nothing wrt removing.
130expect 0 prependacl ${n0} user:65534:delete::deny
131expect 0 -u 65534 -g 65534 unlink ${n0}
132
133cd ${cdir}
134expect 0 rmdir ${n2}
135