xref: /freebsd/tests/sys/acl/tools-posix.test (revision 6be3386466ab79a84b48429ae66244f21526d3df)
1# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
2#
3# Redistribution and use in source and binary forms, with or without
4# modification, are permitted provided that the following conditions
5# are met:
6# 1. Redistributions of source code must retain the above copyright
7#    notice, this list of conditions and the following disclaimer.
8# 2. Redistributions in binary form must reproduce the above copyright
9#    notice, this list of conditions and the following disclaimer in the
10#    documentation and/or other materials provided with the distribution.
11#
12# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
13# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
20# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
21# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
22# SUCH DAMAGE.
23#
24# $FreeBSD$
25#
26
27# This is a tools-level test for POSIX.1e ACL functionality.  Run it as root
28# using ACL-enabled kernel:
29#
30# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
31#
32# WARNING: Creates files in unsafe way.
33
34$ whoami
35> root
36$ umask 022
37
38# Smoke test for getfacl(1).
39$ touch xxx
40$ getfacl -n xxx
41> # file: xxx
42> # owner: root
43> # group: wheel
44> user::rw-
45> group::r--
46> other::r--
47
48$ getfacl -q xxx
49> user::rw-
50> group::r--
51> other::r--
52
53$ setfacl -m u:42:r,g:43:w xxx
54$ getfacl -n xxx
55> # file: xxx
56> # owner: root
57> # group: wheel
58> user::rw-
59> user:42:r--
60> group::r--
61> group:43:-w-
62> mask::rw-
63> other::r--
64
65# Check whether ls correctly marks files with "+".
66$ ls -l xxx | cut -d' ' -f1
67> -rw-rw-r--+
68
69# Same as above, but for symlinks.
70$ ln -s xxx lll
71$ getfacl -h lll
72> # file: lll
73> # owner: root
74> # group: wheel
75> user::rwx
76> group::r-x
77> other::r-x
78
79$ getfacl -qh lll
80> user::rwx
81> group::r-x
82> other::r-x
83
84$ getfacl -q lll
85> user::rw-
86> user:42:r--
87> group::r--
88> group:43:-w-
89> mask::rw-
90> other::r--
91
92$ setfacl -hm u:44:x,g:45:w lll
93$ getfacl -h lll
94> # file: lll
95> # owner: root
96> # group: wheel
97> user::rwx
98> user:44:--x
99> group::r-x
100> group:45:-w-
101> mask::rwx
102> other::r-x
103
104$ ls -l lll | cut -d' ' -f1
105> lrwxrwxr-x+
106
107# Check whether the original file is left untouched.
108$ ls -l xxx | cut -d' ' -f1
109> -rw-rw-r--+
110
111$ rm lll
112
113# Test removing entries.
114$ setfacl -x user:42: xxx
115$ getfacl xxx
116> # file: xxx
117> # owner: root
118> # group: wheel
119> user::rw-
120> group::r--
121> group:43:-w-
122> mask::rw-
123> other::r--
124
125$ setfacl -m u:42:r xxx
126$ getfacl -n xxx
127> # file: xxx
128> # owner: root
129> # group: wheel
130> user::rw-
131> user:42:r--
132> group::r--
133> group:43:-w-
134> mask::rw-
135> other::r--
136
137# Test removing entries by number.
138$ setfacl -x 1 xxx
139$ getfacl -n xxx
140> # file: xxx
141> # owner: root
142> # group: wheel
143> user::rw-
144> group::r--
145> group:43:-w-
146> mask::rw-
147> other::r--
148
149$ setfacl -m g:43:r xxx
150$ getfacl -n xxx
151> # file: xxx
152> # owner: root
153> # group: wheel
154> user::rw-
155> group::r--
156> group:43:r--
157> mask::r--
158> other::r--
159
160# Make sure cp without any flags does not copy the ACL.
161$ cp xxx yyy
162$ ls -l yyy | cut -d' ' -f1
163> -rw-r--r--
164
165# Make sure it does with the "-p" flag.
166$ rm yyy
167$ cp -p xxx yyy
168$ getfacl -n yyy
169> # file: yyy
170> # owner: root
171> # group: wheel
172> user::rw-
173> group::r--
174> group:43:r--
175> mask::r--
176> other::r--
177
178$ rm yyy
179
180# Test removing entries by...  by example?
181$ setfacl -m u:42:r,g:43:w xxx
182$ setfacl -x u:42: xxx
183$ getfacl -n xxx
184> # file: xxx
185> # owner: root
186> # group: wheel
187> user::rw-
188> group::r--
189> group:43:-w-
190> mask::rw-
191> other::r--
192
193# Test setfacl -b.
194$ setfacl -b xxx
195$ getfacl -n xxx
196> # file: xxx
197> # owner: root
198> # group: wheel
199> user::rw-
200> group::r--
201> mask::r--
202> other::r--
203
204$ ls -l xxx | cut -d' ' -f1
205> -rw-r--r--+
206
207$ setfacl -nb xxx
208$ getfacl -n xxx
209> # file: xxx
210> # owner: root
211> # group: wheel
212> user::rw-
213> group::r--
214> other::r--
215
216$ ls -l xxx | cut -d' ' -f1
217> -rw-r--r--
218
219# Check setfacl(1) and getfacl(1) with multiple files.
220$ touch xxx yyy zzz
221
222$ ls -l xxx yyy zzz | cut -d' ' -f1
223> -rw-r--r--
224> -rw-r--r--
225> -rw-r--r--
226
227$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz
228> setfacl: nnn: acl_get_file() failed: No such file or directory
229
230$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
231> ls: nnn: No such file or directory
232> -rw-rwxr--+
233> -rw-rwxr--+
234> -rw-rwxr--+
235
236$ getfacl -nq nnn xxx yyy zzz
237> getfacl: nnn: stat() failed: No such file or directory
238> user::rw-
239> user:42:--x
240> group::r--
241> group:43:-w-
242> mask::rwx
243> other::r--
244>
245> user::rw-
246> user:42:--x
247> group::r--
248> group:43:-w-
249> mask::rwx
250> other::r--
251>
252> user::rw-
253> user:42:--x
254> group::r--
255> group:43:-w-
256> mask::rwx
257> other::r--
258
259$ setfacl -b nnn xxx yyy zzz
260> setfacl: nnn: acl_get_file() failed: No such file or directory
261
262$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
263> ls: nnn: No such file or directory
264> -rw-r--r--+
265> -rw-r--r--+
266> -rw-r--r--+
267
268$ setfacl -bn nnn xxx yyy zzz
269> setfacl: nnn: acl_get_file() failed: No such file or directory
270
271$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
272> ls: nnn: No such file or directory
273> -rw-r--r--
274> -rw-r--r--
275> -rw-r--r--
276
277$ rm xxx yyy zzz
278
279# Check whether chmod actually does what it should do.
280$ touch xxx
281$ setfacl -m u:42:rwx,g:43:rwx xxx
282$ chmod 600 xxx
283$ getfacl -n xxx
284> # file: xxx
285> # owner: root
286> # group: wheel
287> user::rw-
288> user:42:rwx		# effective: ---
289> group::r--		# effective: ---
290> group:43:rwx		# effective: ---
291> mask::---
292> other::---
293
294$ chmod 060 xxx
295$ getfacl -n xxx
296> # file: xxx
297> # owner: root
298> # group: wheel
299> user::---
300> user:42:rwx		# effective: rw-
301> group::r--
302> group:43:rwx		# effective: rw-
303> mask::rw-
304> other::---
305
306# Test default ACLs.
307$ umask 022
308$ mkdir ddd
309$ getfacl -qn ddd
310> user::rwx
311> group::r-x
312> other::r-x
313
314$ ls -l | grep ddd | cut -d' ' -f1
315> drwxr-xr-x
316
317$ getfacl -dq ddd
318$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
319$ getfacl -dqn ddd
320> user::rwx
321> group::r-x
322> mask::rwx
323> other::r-x
324
325# No change - ls(1) output doesn't take into account default ACLs.
326$ ls -l | grep ddd | cut -d' ' -f1
327> drwxr-xr-x
328
329$ setfacl -dm g:42:rwx,u:42:r ddd
330$ setfacl -dm g::w ddd
331$ getfacl -dqn ddd
332> user::rwx
333> user:42:r--
334> group::-w-
335> group:42:rwx
336> mask::rwx
337> other::r-x
338
339$ setfacl -dx group:42: ddd
340$ getfacl -dqn ddd
341> user::rwx
342> user:42:r--
343> group::-w-
344> mask::rw-
345> other::r-x
346
347$ ls -l | grep ddd | cut -d' ' -f1
348> drwxr-xr-x
349
350$ rmdir ddd
351$ rm xxx
352
353# Test inheritance.
354$ mkdir ddd
355
356$ touch ddd/xxx
357$ getfacl -q ddd/xxx
358> user::rw-
359> group::r--
360> other::r--
361
362$ mkdir ddd/ddd
363$ getfacl -q ddd/ddd
364> user::rwx
365> group::r-x
366> other::r-x
367
368$ rmdir ddd/ddd
369$ rm ddd/xxx
370
371$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
372$ setfacl -dm g:42:rwx,u:43:r ddd
373$ getfacl -dq ddd
374> user::rwx
375> user:43:r--
376> group::r-x
377> group:42:rwx
378> mask::rwx
379> other::r-x
380
381$ touch ddd/xxx
382$ getfacl -q ddd/xxx
383> user::rw-
384> user:43:r--
385> group::r-x		# effective: r--
386> group:42:rwx		# effective: r--
387> mask::r--
388> other::r--
389
390$ mkdir ddd/ddd
391$ getfacl -q ddd/ddd
392> user::rwx
393> user:43:r--
394> group::r-x
395> group:42:rwx		# effective: r-x
396> mask::r-x
397> other::r-x
398
399$ rmdir ddd/ddd
400$ rm ddd/xxx
401$ rmdir ddd
402
403# Test if we deal properly with fifos.
404$ mkfifo fff
405$ ls -l fff | cut -d' ' -f1
406> prw-r--r--
407
408$ setfacl -m u:42:r,g:43:w fff
409$ getfacl fff
410> # file: fff
411> # owner: root
412> # group: wheel
413> user::rw-
414> user:42:r--
415> group::r--
416> group:43:-w-
417> mask::rw-
418> other::r--
419
420$ ls -l fff | cut -d' ' -f1
421> prw-rw-r--+
422
423$ setfacl -bn fff
424$ getfacl fff
425> # file: fff
426> # owner: root
427> # group: wheel
428> user::rw-
429> group::r--
430> other::r--
431
432$ ls -l fff | cut -d' ' -f1
433> prw-r--r--
434
435$ rm fff
436
437# Test if we deal properly with device files.
438$ mknod bbb b 1 1
439$ setfacl -m u:42:r,g:43:w bbb
440> setfacl: bbb: acl_get_file() failed: Operation not supported
441$ ls -l bbb | cut -d' ' -f1
442> brw-r--r--
443
444$ rm bbb
445
446$ mknod ccc c 1 1
447$ setfacl -m u:42:r,g:43:w ccc
448> setfacl: ccc: acl_get_file() failed: Operation not supported
449$ ls -l ccc | cut -d' ' -f1
450> crw-r--r--
451
452$ rm ccc
453