1# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> 2# All rights reserved. 3# 4# Redistribution and use in source and binary forms, with or without 5# modification, are permitted provided that the following conditions 6# are met: 7# 1. Redistributions of source code must retain the above copyright 8# notice, this list of conditions and the following disclaimer. 9# 2. Redistributions in binary form must reproduce the above copyright 10# notice, this list of conditions and the following disclaimer in the 11# documentation and/or other materials provided with the distribution. 12# 13# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23# SUCH DAMAGE. 24# 25# $FreeBSD$ 26# 27 28# This is a tools-level test for POSIX.1e ACL functionality. Run it as root 29# using ACL-enabled kernel: 30# 31# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test 32# 33# WARNING: Creates files in unsafe way. 34 35$ whoami 36> root 37$ umask 022 38 39# Smoke test for getfacl(1). 40$ touch xxx 41$ getfacl -n xxx 42> # file: xxx 43> # owner: root 44> # group: wheel 45> user::rw- 46> group::r-- 47> other::r-- 48 49$ getfacl -q xxx 50> user::rw- 51> group::r-- 52> other::r-- 53 54$ setfacl -m u:42:r,g:43:w xxx 55$ getfacl -n xxx 56> # file: xxx 57> # owner: root 58> # group: wheel 59> user::rw- 60> user:42:r-- 61> group::r-- 62> group:43:-w- 63> mask::rw- 64> other::r-- 65 66# Check whether ls correctly marks files with "+". 67$ ls -l xxx | cut -d' ' -f1 68> -rw-rw-r--+ 69 70# Same as above, but for symlinks. 71$ ln -s xxx lll 72$ getfacl -h lll 73> # file: lll 74> # owner: root 75> # group: wheel 76> user::rwx 77> group::r-x 78> other::r-x 79 80$ getfacl -qh lll 81> user::rwx 82> group::r-x 83> other::r-x 84 85$ getfacl -q lll 86> user::rw- 87> user:42:r-- 88> group::r-- 89> group:43:-w- 90> mask::rw- 91> other::r-- 92 93$ setfacl -hm u:44:x,g:45:w lll 94$ getfacl -h lll 95> # file: lll 96> # owner: root 97> # group: wheel 98> user::rwx 99> user:44:--x 100> group::r-x 101> group:45:-w- 102> mask::rwx 103> other::r-x 104 105$ ls -l lll | cut -d' ' -f1 106> lrwxrwxr-x+ 107 108# Check whether the original file is left untouched. 109$ ls -l xxx | cut -d' ' -f1 110> -rw-rw-r--+ 111 112$ rm lll 113 114# Test removing entries. 115$ setfacl -x user:42: xxx 116$ getfacl xxx 117> # file: xxx 118> # owner: root 119> # group: wheel 120> user::rw- 121> group::r-- 122> group:43:-w- 123> mask::rw- 124> other::r-- 125 126$ setfacl -m u:42:r xxx 127$ getfacl -n xxx 128> # file: xxx 129> # owner: root 130> # group: wheel 131> user::rw- 132> user:42:r-- 133> group::r-- 134> group:43:-w- 135> mask::rw- 136> other::r-- 137 138# Test removing entries by number. 139$ setfacl -x 1 xxx 140$ getfacl -n xxx 141> # file: xxx 142> # owner: root 143> # group: wheel 144> user::rw- 145> group::r-- 146> group:43:-w- 147> mask::rw- 148> other::r-- 149 150$ setfacl -m g:43:r xxx 151$ getfacl -n xxx 152> # file: xxx 153> # owner: root 154> # group: wheel 155> user::rw- 156> group::r-- 157> group:43:r-- 158> mask::r-- 159> other::r-- 160 161# Make sure cp without any flags does not copy the ACL. 162$ cp xxx yyy 163$ ls -l yyy | cut -d' ' -f1 164> -rw-r--r-- 165 166# Make sure it does with the "-p" flag. 167$ rm yyy 168$ cp -p xxx yyy 169$ getfacl -n yyy 170> # file: yyy 171> # owner: root 172> # group: wheel 173> user::rw- 174> group::r-- 175> group:43:r-- 176> mask::r-- 177> other::r-- 178 179$ rm yyy 180 181# Test removing entries by... by example? 182$ setfacl -m u:42:r,g:43:w xxx 183$ setfacl -x u:42: xxx 184$ getfacl -n xxx 185> # file: xxx 186> # owner: root 187> # group: wheel 188> user::rw- 189> group::r-- 190> group:43:-w- 191> mask::rw- 192> other::r-- 193 194# Test setfacl -b. 195$ setfacl -b xxx 196$ getfacl -n xxx 197> # file: xxx 198> # owner: root 199> # group: wheel 200> user::rw- 201> group::r-- 202> mask::r-- 203> other::r-- 204 205$ ls -l xxx | cut -d' ' -f1 206> -rw-r--r--+ 207 208$ setfacl -nb xxx 209$ getfacl -n xxx 210> # file: xxx 211> # owner: root 212> # group: wheel 213> user::rw- 214> group::r-- 215> other::r-- 216 217$ ls -l xxx | cut -d' ' -f1 218> -rw-r--r-- 219 220# Check setfacl(1) and getfacl(1) with multiple files. 221$ touch xxx yyy zzz 222 223$ ls -l xxx yyy zzz | cut -d' ' -f1 224> -rw-r--r-- 225> -rw-r--r-- 226> -rw-r--r-- 227 228$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz 229> setfacl: nnn: stat() failed: No such file or directory 230 231$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 232> ls: nnn: No such file or directory 233> -rw-rwxr--+ 234> -rw-rwxr--+ 235> -rw-rwxr--+ 236 237$ getfacl -nq nnn xxx yyy zzz 238> getfacl: nnn: stat() failed: No such file or directory 239> user::rw- 240> user:42:--x 241> group::r-- 242> group:43:-w- 243> mask::rwx 244> other::r-- 245> 246> user::rw- 247> user:42:--x 248> group::r-- 249> group:43:-w- 250> mask::rwx 251> other::r-- 252> 253> user::rw- 254> user:42:--x 255> group::r-- 256> group:43:-w- 257> mask::rwx 258> other::r-- 259 260$ setfacl -b nnn xxx yyy zzz 261> setfacl: nnn: stat() failed: No such file or directory 262 263$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 264> ls: nnn: No such file or directory 265> -rw-r--r--+ 266> -rw-r--r--+ 267> -rw-r--r--+ 268 269$ setfacl -bn nnn xxx yyy zzz 270> setfacl: nnn: stat() failed: No such file or directory 271 272$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 273> ls: nnn: No such file or directory 274> -rw-r--r-- 275> -rw-r--r-- 276> -rw-r--r-- 277 278$ rm xxx yyy zzz 279 280# Check whether chmod actually does what it should do. 281$ touch xxx 282$ setfacl -m u:42:rwx,g:43:rwx xxx 283$ chmod 600 xxx 284$ getfacl -n xxx 285> # file: xxx 286> # owner: root 287> # group: wheel 288> user::rw- 289> user:42:rwx # effective: --- 290> group::r-- # effective: --- 291> group:43:rwx # effective: --- 292> mask::--- 293> other::--- 294 295$ chmod 060 xxx 296$ getfacl -n xxx 297> # file: xxx 298> # owner: root 299> # group: wheel 300> user::--- 301> user:42:rwx # effective: rw- 302> group::r-- 303> group:43:rwx # effective: rw- 304> mask::rw- 305> other::--- 306 307# Test default ACLs. 308$ umask 022 309$ mkdir ddd 310$ getfacl -qn ddd 311> user::rwx 312> group::r-x 313> other::r-x 314 315$ ls -l | grep ddd | cut -d' ' -f1 316> drwxr-xr-x 317 318$ getfacl -dq ddd 319$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 320$ getfacl -dqn ddd 321> user::rwx 322> group::r-x 323> mask::rwx 324> other::r-x 325 326# No change - ls(1) output doesn't take into account default ACLs. 327$ ls -l | grep ddd | cut -d' ' -f1 328> drwxr-xr-x 329 330$ setfacl -dm g:42:rwx,u:42:r ddd 331$ setfacl -dm g::w ddd 332$ getfacl -dqn ddd 333> user::rwx 334> user:42:r-- 335> group::-w- 336> group:42:rwx 337> mask::rwx 338> other::r-x 339 340$ setfacl -dx group:42: ddd 341$ getfacl -dqn ddd 342> user::rwx 343> user:42:r-- 344> group::-w- 345> mask::rw- 346> other::r-x 347 348$ ls -l | grep ddd | cut -d' ' -f1 349> drwxr-xr-x 350 351$ rmdir ddd 352$ rm xxx 353 354# Test inheritance. 355$ mkdir ddd 356 357$ touch ddd/xxx 358$ getfacl -q ddd/xxx 359> user::rw- 360> group::r-- 361> other::r-- 362 363$ mkdir ddd/ddd 364$ getfacl -q ddd/ddd 365> user::rwx 366> group::r-x 367> other::r-x 368 369$ rmdir ddd/ddd 370$ rm ddd/xxx 371 372$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 373$ setfacl -dm g:42:rwx,u:43:r ddd 374$ getfacl -dq ddd 375> user::rwx 376> user:43:r-- 377> group::r-x 378> group:42:rwx 379> mask::rwx 380> other::r-x 381 382$ touch ddd/xxx 383$ getfacl -q ddd/xxx 384> user::rw- 385> user:43:r-- 386> group::r-x # effective: r-- 387> group:42:rwx # effective: r-- 388> mask::r-- 389> other::r-- 390 391$ mkdir ddd/ddd 392$ getfacl -q ddd/ddd 393> user::rwx 394> user:43:r-- 395> group::r-x 396> group:42:rwx # effective: r-x 397> mask::r-x 398> other::r-x 399 400$ rmdir ddd/ddd 401$ rm ddd/xxx 402$ rmdir ddd 403 404# Test if we deal properly with fifos. 405$ mkfifo fff 406$ ls -l fff | cut -d' ' -f1 407> prw-r--r-- 408 409$ setfacl -m u:42:r,g:43:w fff 410$ getfacl fff 411> # file: fff 412> # owner: root 413> # group: wheel 414> user::rw- 415> user:42:r-- 416> group::r-- 417> group:43:-w- 418> mask::rw- 419> other::r-- 420 421$ ls -l fff | cut -d' ' -f1 422> prw-rw-r--+ 423 424$ setfacl -bn fff 425$ getfacl fff 426> # file: fff 427> # owner: root 428> # group: wheel 429> user::rw- 430> group::r-- 431> other::r-- 432 433$ ls -l fff | cut -d' ' -f1 434> prw-r--r-- 435 436$ rm fff 437 438# Test if we deal properly with device files. 439$ mknod bbb b 1 1 440$ setfacl -m u:42:r,g:43:w bbb 441> setfacl: bbb: acl_get_file() failed: Operation not supported 442$ ls -l bbb | cut -d' ' -f1 443> brw-r--r-- 444 445$ rm bbb 446 447$ mknod ccc c 1 1 448$ setfacl -m u:42:r,g:43:w ccc 449> setfacl: ccc: acl_get_file() failed: Operation not supported 450$ ls -l ccc | cut -d' ' -f1 451> crw-r--r-- 452 453$ rm ccc 454