1# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> 2# 3# Redistribution and use in source and binary forms, with or without 4# modification, are permitted provided that the following conditions 5# are met: 6# 1. Redistributions of source code must retain the above copyright 7# notice, this list of conditions and the following disclaimer. 8# 2. Redistributions in binary form must reproduce the above copyright 9# notice, this list of conditions and the following disclaimer in the 10# documentation and/or other materials provided with the distribution. 11# 12# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 13# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 14# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 15# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 16# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 17# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 18# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 19# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 20# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 21# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 22# SUCH DAMAGE. 23# 24# 25 26# This is a tools-level test for POSIX.1e ACL functionality. Run it as root 27# using ACL-enabled kernel: 28# 29# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test 30# 31# WARNING: Creates files in unsafe way. 32 33$ whoami 34> root 35$ umask 022 36 37# Smoke test for getfacl(1). 38$ touch xxx 39$ getfacl -n xxx 40> # file: xxx 41> # owner: root 42> # group: wheel 43> user::rw- 44> group::r-- 45> other::r-- 46 47$ getfacl -q xxx 48> user::rw- 49> group::r-- 50> other::r-- 51 52$ setfacl -m u:42:r,g:43:w xxx 53$ getfacl -n xxx 54> # file: xxx 55> # owner: root 56> # group: wheel 57> user::rw- 58> user:42:r-- 59> group::r-- 60> group:43:-w- 61> mask::rw- 62> other::r-- 63 64# Check whether ls correctly marks files with "+". 65$ ls -l xxx | cut -d' ' -f1 66> -rw-rw-r--+ 67 68# Same as above, but for symlinks. 69$ ln -s xxx lll 70$ getfacl -h lll 71> # file: lll 72> # owner: root 73> # group: wheel 74> user::rwx 75> group::r-x 76> other::r-x 77 78$ getfacl -qh lll 79> user::rwx 80> group::r-x 81> other::r-x 82 83$ getfacl -q lll 84> user::rw- 85> user:42:r-- 86> group::r-- 87> group:43:-w- 88> mask::rw- 89> other::r-- 90 91$ setfacl -hm u:44:x,g:45:w lll 92$ getfacl -h lll 93> # file: lll 94> # owner: root 95> # group: wheel 96> user::rwx 97> user:44:--x 98> group::r-x 99> group:45:-w- 100> mask::rwx 101> other::r-x 102 103$ ls -l lll | cut -d' ' -f1 104> lrwxrwxr-x+ 105 106# Check whether the original file is left untouched. 107$ ls -l xxx | cut -d' ' -f1 108> -rw-rw-r--+ 109 110$ rm lll 111 112# Test removing entries. 113$ setfacl -x user:42: xxx 114$ getfacl xxx 115> # file: xxx 116> # owner: root 117> # group: wheel 118> user::rw- 119> group::r-- 120> group:43:-w- 121> mask::rw- 122> other::r-- 123 124$ setfacl -m u:42:r xxx 125$ getfacl -n xxx 126> # file: xxx 127> # owner: root 128> # group: wheel 129> user::rw- 130> user:42:r-- 131> group::r-- 132> group:43:-w- 133> mask::rw- 134> other::r-- 135 136# Test removing entries by number. 137$ setfacl -x 1 xxx 138$ getfacl -n xxx 139> # file: xxx 140> # owner: root 141> # group: wheel 142> user::rw- 143> group::r-- 144> group:43:-w- 145> mask::rw- 146> other::r-- 147 148$ setfacl -m g:43:r xxx 149$ getfacl -n xxx 150> # file: xxx 151> # owner: root 152> # group: wheel 153> user::rw- 154> group::r-- 155> group:43:r-- 156> mask::r-- 157> other::r-- 158 159# Make sure cp without any flags does not copy the ACL. 160$ cp xxx yyy 161$ ls -l yyy | cut -d' ' -f1 162> -rw-r--r-- 163 164# Make sure it does with the "-p" flag. 165$ rm yyy 166$ cp -p xxx yyy 167$ getfacl -n yyy 168> # file: yyy 169> # owner: root 170> # group: wheel 171> user::rw- 172> group::r-- 173> group:43:r-- 174> mask::r-- 175> other::r-- 176 177$ rm yyy 178 179# Test removing entries by... by example? 180$ setfacl -m u:42:r,g:43:w xxx 181$ setfacl -x u:42: xxx 182$ getfacl -n xxx 183> # file: xxx 184> # owner: root 185> # group: wheel 186> user::rw- 187> group::r-- 188> group:43:-w- 189> mask::rw- 190> other::r-- 191 192# Test setfacl -b. 193$ setfacl -b xxx 194$ getfacl -n xxx 195> # file: xxx 196> # owner: root 197> # group: wheel 198> user::rw- 199> group::r-- 200> mask::r-- 201> other::r-- 202 203$ ls -l xxx | cut -d' ' -f1 204> -rw-r--r--+ 205 206$ setfacl -nb xxx 207$ getfacl -n xxx 208> # file: xxx 209> # owner: root 210> # group: wheel 211> user::rw- 212> group::r-- 213> other::r-- 214 215$ ls -l xxx | cut -d' ' -f1 216> -rw-r--r-- 217 218# Check setfacl(1) and getfacl(1) with multiple files. 219$ touch xxx yyy zzz 220 221$ ls -l xxx yyy zzz | cut -d' ' -f1 222> -rw-r--r-- 223> -rw-r--r-- 224> -rw-r--r-- 225 226$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz 227> setfacl: nnn: acl_get_file() failed: No such file or directory 228 229$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 230> ls: nnn: No such file or directory 231> -rw-rwxr--+ 232> -rw-rwxr--+ 233> -rw-rwxr--+ 234 235$ getfacl -nq nnn xxx yyy zzz 236> getfacl: nnn: stat() failed: No such file or directory 237> user::rw- 238> user:42:--x 239> group::r-- 240> group:43:-w- 241> mask::rwx 242> other::r-- 243> 244> user::rw- 245> user:42:--x 246> group::r-- 247> group:43:-w- 248> mask::rwx 249> other::r-- 250> 251> user::rw- 252> user:42:--x 253> group::r-- 254> group:43:-w- 255> mask::rwx 256> other::r-- 257 258$ setfacl -b nnn xxx yyy zzz 259> setfacl: nnn: acl_get_file() failed: No such file or directory 260 261$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 262> ls: nnn: No such file or directory 263> -rw-r--r--+ 264> -rw-r--r--+ 265> -rw-r--r--+ 266 267$ setfacl -bn nnn xxx yyy zzz 268> setfacl: nnn: acl_get_file() failed: No such file or directory 269 270$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 271> ls: nnn: No such file or directory 272> -rw-r--r-- 273> -rw-r--r-- 274> -rw-r--r-- 275 276$ rm xxx yyy zzz 277 278# Check whether chmod actually does what it should do. 279$ touch xxx 280$ setfacl -m u:42:rwx,g:43:rwx xxx 281$ chmod 600 xxx 282$ getfacl -n xxx 283> # file: xxx 284> # owner: root 285> # group: wheel 286> user::rw- 287> user:42:rwx # effective: --- 288> group::r-- # effective: --- 289> group:43:rwx # effective: --- 290> mask::--- 291> other::--- 292 293$ chmod 060 xxx 294$ getfacl -n xxx 295> # file: xxx 296> # owner: root 297> # group: wheel 298> user::--- 299> user:42:rwx # effective: rw- 300> group::r-- 301> group:43:rwx # effective: rw- 302> mask::rw- 303> other::--- 304 305# Test default ACLs. 306$ umask 022 307$ mkdir ddd 308$ getfacl -qn ddd 309> user::rwx 310> group::r-x 311> other::r-x 312 313$ ls -l | grep ddd | cut -d' ' -f1 314> drwxr-xr-x 315 316$ getfacl -dq ddd 317$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 318$ getfacl -dqn ddd 319> user::rwx 320> group::r-x 321> mask::rwx 322> other::r-x 323 324# No change - ls(1) output doesn't take into account default ACLs. 325$ ls -l | grep ddd | cut -d' ' -f1 326> drwxr-xr-x 327 328$ setfacl -dm g:42:rwx,u:42:r ddd 329$ setfacl -dm g::w ddd 330$ getfacl -dqn ddd 331> user::rwx 332> user:42:r-- 333> group::-w- 334> group:42:rwx 335> mask::rwx 336> other::r-x 337 338$ setfacl -dx group:42: ddd 339$ getfacl -dqn ddd 340> user::rwx 341> user:42:r-- 342> group::-w- 343> mask::rw- 344> other::r-x 345 346$ ls -l | grep ddd | cut -d' ' -f1 347> drwxr-xr-x 348 349$ rmdir ddd 350$ rm xxx 351 352# Test inheritance. 353$ mkdir ddd 354 355$ touch ddd/xxx 356$ getfacl -q ddd/xxx 357> user::rw- 358> group::r-- 359> other::r-- 360 361$ mkdir ddd/ddd 362$ getfacl -q ddd/ddd 363> user::rwx 364> group::r-x 365> other::r-x 366 367$ rmdir ddd/ddd 368$ rm ddd/xxx 369 370$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 371$ setfacl -dm g:42:rwx,u:43:r ddd 372$ getfacl -dq ddd 373> user::rwx 374> user:43:r-- 375> group::r-x 376> group:42:rwx 377> mask::rwx 378> other::r-x 379 380$ touch ddd/xxx 381$ getfacl -q ddd/xxx 382> user::rw- 383> user:43:r-- 384> group::r-x # effective: r-- 385> group:42:rwx # effective: r-- 386> mask::r-- 387> other::r-- 388 389$ mkdir ddd/ddd 390$ getfacl -q ddd/ddd 391> user::rwx 392> user:43:r-- 393> group::r-x 394> group:42:rwx # effective: r-x 395> mask::r-x 396> other::r-x 397 398$ rmdir ddd/ddd 399$ rm ddd/xxx 400$ rmdir ddd 401 402# Test if we deal properly with fifos. 403$ mkfifo fff 404$ ls -l fff | cut -d' ' -f1 405> prw-r--r-- 406 407$ setfacl -m u:42:r,g:43:w fff 408$ getfacl fff 409> # file: fff 410> # owner: root 411> # group: wheel 412> user::rw- 413> user:42:r-- 414> group::r-- 415> group:43:-w- 416> mask::rw- 417> other::r-- 418 419$ ls -l fff | cut -d' ' -f1 420> prw-rw-r--+ 421 422$ setfacl -bn fff 423$ getfacl fff 424> # file: fff 425> # owner: root 426> # group: wheel 427> user::rw- 428> group::r-- 429> other::r-- 430 431$ ls -l fff | cut -d' ' -f1 432> prw-r--r-- 433 434$ rm fff 435 436# Test if we deal properly with device files. 437$ mknod bbb b 1 1 438$ setfacl -m u:42:r,g:43:w bbb 439> setfacl: bbb: acl_get_file() failed: Operation not supported 440$ ls -l bbb | cut -d' ' -f1 441> brw-r--r-- 442 443$ rm bbb 444 445$ mknod ccc c 1 1 446$ setfacl -m u:42:r,g:43:w ccc 447> setfacl: ccc: acl_get_file() failed: Operation not supported 448$ ls -l ccc | cut -d' ' -f1 449> crw-r--r-- 450 451$ rm ccc 452