xref: /freebsd/tests/sys/acl/tools-posix.test (revision df347c8a2e8ac08df4c1a6058c12b9f01c289cff)
1# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
2# All rights reserved.
3#
4# Redistribution and use in source and binary forms, with or without
5# modification, are permitted provided that the following conditions
6# are met:
7# 1. Redistributions of source code must retain the above copyright
8#    notice, this list of conditions and the following disclaimer.
9# 2. Redistributions in binary form must reproduce the above copyright
10#    notice, this list of conditions and the following disclaimer in the
11#    documentation and/or other materials provided with the distribution.
12#
13# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23# SUCH DAMAGE.
24#
25# $FreeBSD$
26#
27
28# This is a tools-level test for POSIX.1e ACL functionality.  Run it as root
29# using ACL-enabled kernel:
30#
31# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
32#
33# WARNING: Creates files in unsafe way.
34
35$ whoami
36> root
37$ umask 022
38
39# Smoke test for getfacl(1).
40$ touch xxx
41$ getfacl -n xxx
42> # file: xxx
43> # owner: root
44> # group: wheel
45> user::rw-
46> group::r--
47> other::r--
48
49$ getfacl -q xxx
50> user::rw-
51> group::r--
52> other::r--
53
54$ setfacl -m u:42:r,g:43:w xxx
55$ getfacl -n xxx
56> # file: xxx
57> # owner: root
58> # group: wheel
59> user::rw-
60> user:42:r--
61> group::r--
62> group:43:-w-
63> mask::rw-
64> other::r--
65
66# Check whether ls correctly marks files with "+".
67$ ls -l xxx | cut -d' ' -f1
68> -rw-rw-r--+
69
70# Same as above, but for symlinks.
71$ ln -s xxx lll
72$ getfacl -h lll
73> # file: lll
74> # owner: root
75> # group: wheel
76> user::rwx
77> group::r-x
78> other::r-x
79
80$ getfacl -qh lll
81> user::rwx
82> group::r-x
83> other::r-x
84
85$ getfacl -q lll
86> user::rw-
87> user:42:r--
88> group::r--
89> group:43:-w-
90> mask::rw-
91> other::r--
92
93$ setfacl -hm u:44:x,g:45:w lll
94$ getfacl -h lll
95> # file: lll
96> # owner: root
97> # group: wheel
98> user::rwx
99> user:44:--x
100> group::r-x
101> group:45:-w-
102> mask::rwx
103> other::r-x
104
105$ ls -l lll | cut -d' ' -f1
106> lrwxrwxr-x+
107
108# Check whether the original file is left untouched.
109$ ls -l xxx | cut -d' ' -f1
110> -rw-rw-r--+
111
112$ rm lll
113
114# Test removing entries.
115$ setfacl -x user:42: xxx
116$ getfacl xxx
117> # file: xxx
118> # owner: root
119> # group: wheel
120> user::rw-
121> group::r--
122> group:43:-w-
123> mask::rw-
124> other::r--
125
126$ setfacl -m u:42:r xxx
127$ getfacl -n xxx
128> # file: xxx
129> # owner: root
130> # group: wheel
131> user::rw-
132> user:42:r--
133> group::r--
134> group:43:-w-
135> mask::rw-
136> other::r--
137
138# Test removing entries by number.
139$ setfacl -x 1 xxx
140$ getfacl -n xxx
141> # file: xxx
142> # owner: root
143> # group: wheel
144> user::rw-
145> group::r--
146> group:43:-w-
147> mask::rw-
148> other::r--
149
150$ setfacl -m g:43:r xxx
151$ getfacl -n xxx
152> # file: xxx
153> # owner: root
154> # group: wheel
155> user::rw-
156> group::r--
157> group:43:r--
158> mask::r--
159> other::r--
160
161# Make sure cp without any flags does not copy the ACL.
162$ cp xxx yyy
163$ ls -l yyy | cut -d' ' -f1
164> -rw-r--r--
165
166# Make sure it does with the "-p" flag.
167$ rm yyy
168$ cp -p xxx yyy
169$ getfacl -n yyy
170> # file: yyy
171> # owner: root
172> # group: wheel
173> user::rw-
174> group::r--
175> group:43:r--
176> mask::r--
177> other::r--
178
179$ rm yyy
180
181# Test removing entries by...  by example?
182$ setfacl -m u:42:r,g:43:w xxx
183$ setfacl -x u:42: xxx
184$ getfacl -n xxx
185> # file: xxx
186> # owner: root
187> # group: wheel
188> user::rw-
189> group::r--
190> group:43:-w-
191> mask::rw-
192> other::r--
193
194# Test setfacl -b.
195$ setfacl -b xxx
196$ getfacl -n xxx
197> # file: xxx
198> # owner: root
199> # group: wheel
200> user::rw-
201> group::r--
202> mask::r--
203> other::r--
204
205$ ls -l xxx | cut -d' ' -f1
206> -rw-r--r--+
207
208$ setfacl -nb xxx
209$ getfacl -n xxx
210> # file: xxx
211> # owner: root
212> # group: wheel
213> user::rw-
214> group::r--
215> other::r--
216
217$ ls -l xxx | cut -d' ' -f1
218> -rw-r--r--
219
220# Check setfacl(1) and getfacl(1) with multiple files.
221$ touch xxx yyy zzz
222
223$ ls -l xxx yyy zzz | cut -d' ' -f1
224> -rw-r--r--
225> -rw-r--r--
226> -rw-r--r--
227
228$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz
229> setfacl: nnn: acl_get_file() failed: No such file or directory
230
231$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
232> ls: nnn: No such file or directory
233> -rw-rwxr--+
234> -rw-rwxr--+
235> -rw-rwxr--+
236
237$ getfacl -nq nnn xxx yyy zzz
238> getfacl: nnn: stat() failed: No such file or directory
239> user::rw-
240> user:42:--x
241> group::r--
242> group:43:-w-
243> mask::rwx
244> other::r--
245>
246> user::rw-
247> user:42:--x
248> group::r--
249> group:43:-w-
250> mask::rwx
251> other::r--
252>
253> user::rw-
254> user:42:--x
255> group::r--
256> group:43:-w-
257> mask::rwx
258> other::r--
259
260$ setfacl -b nnn xxx yyy zzz
261> setfacl: nnn: acl_get_file() failed: No such file or directory
262
263$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
264> ls: nnn: No such file or directory
265> -rw-r--r--+
266> -rw-r--r--+
267> -rw-r--r--+
268
269$ setfacl -bn nnn xxx yyy zzz
270> setfacl: nnn: acl_get_file() failed: No such file or directory
271
272$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
273> ls: nnn: No such file or directory
274> -rw-r--r--
275> -rw-r--r--
276> -rw-r--r--
277
278$ rm xxx yyy zzz
279
280# Check whether chmod actually does what it should do.
281$ touch xxx
282$ setfacl -m u:42:rwx,g:43:rwx xxx
283$ chmod 600 xxx
284$ getfacl -n xxx
285> # file: xxx
286> # owner: root
287> # group: wheel
288> user::rw-
289> user:42:rwx		# effective: ---
290> group::r--		# effective: ---
291> group:43:rwx		# effective: ---
292> mask::---
293> other::---
294
295$ chmod 060 xxx
296$ getfacl -n xxx
297> # file: xxx
298> # owner: root
299> # group: wheel
300> user::---
301> user:42:rwx		# effective: rw-
302> group::r--
303> group:43:rwx		# effective: rw-
304> mask::rw-
305> other::---
306
307# Test default ACLs.
308$ umask 022
309$ mkdir ddd
310$ getfacl -qn ddd
311> user::rwx
312> group::r-x
313> other::r-x
314
315$ ls -l | grep ddd | cut -d' ' -f1
316> drwxr-xr-x
317
318$ getfacl -dq ddd
319$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
320$ getfacl -dqn ddd
321> user::rwx
322> group::r-x
323> mask::rwx
324> other::r-x
325
326# No change - ls(1) output doesn't take into account default ACLs.
327$ ls -l | grep ddd | cut -d' ' -f1
328> drwxr-xr-x
329
330$ setfacl -dm g:42:rwx,u:42:r ddd
331$ setfacl -dm g::w ddd
332$ getfacl -dqn ddd
333> user::rwx
334> user:42:r--
335> group::-w-
336> group:42:rwx
337> mask::rwx
338> other::r-x
339
340$ setfacl -dx group:42: ddd
341$ getfacl -dqn ddd
342> user::rwx
343> user:42:r--
344> group::-w-
345> mask::rw-
346> other::r-x
347
348$ ls -l | grep ddd | cut -d' ' -f1
349> drwxr-xr-x
350
351$ rmdir ddd
352$ rm xxx
353
354# Test inheritance.
355$ mkdir ddd
356
357$ touch ddd/xxx
358$ getfacl -q ddd/xxx
359> user::rw-
360> group::r--
361> other::r--
362
363$ mkdir ddd/ddd
364$ getfacl -q ddd/ddd
365> user::rwx
366> group::r-x
367> other::r-x
368
369$ rmdir ddd/ddd
370$ rm ddd/xxx
371
372$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
373$ setfacl -dm g:42:rwx,u:43:r ddd
374$ getfacl -dq ddd
375> user::rwx
376> user:43:r--
377> group::r-x
378> group:42:rwx
379> mask::rwx
380> other::r-x
381
382$ touch ddd/xxx
383$ getfacl -q ddd/xxx
384> user::rw-
385> user:43:r--
386> group::r-x		# effective: r--
387> group:42:rwx		# effective: r--
388> mask::r--
389> other::r--
390
391$ mkdir ddd/ddd
392$ getfacl -q ddd/ddd
393> user::rwx
394> user:43:r--
395> group::r-x
396> group:42:rwx		# effective: r-x
397> mask::r-x
398> other::r-x
399
400$ rmdir ddd/ddd
401$ rm ddd/xxx
402$ rmdir ddd
403
404# Test if we deal properly with fifos.
405$ mkfifo fff
406$ ls -l fff | cut -d' ' -f1
407> prw-r--r--
408
409$ setfacl -m u:42:r,g:43:w fff
410$ getfacl fff
411> # file: fff
412> # owner: root
413> # group: wheel
414> user::rw-
415> user:42:r--
416> group::r--
417> group:43:-w-
418> mask::rw-
419> other::r--
420
421$ ls -l fff | cut -d' ' -f1
422> prw-rw-r--+
423
424$ setfacl -bn fff
425$ getfacl fff
426> # file: fff
427> # owner: root
428> # group: wheel
429> user::rw-
430> group::r--
431> other::r--
432
433$ ls -l fff | cut -d' ' -f1
434> prw-r--r--
435
436$ rm fff
437
438# Test if we deal properly with device files.
439$ mknod bbb b 1 1
440$ setfacl -m u:42:r,g:43:w bbb
441> setfacl: bbb: acl_get_file() failed: Operation not supported
442$ ls -l bbb | cut -d' ' -f1
443> brw-r--r--
444
445$ rm bbb
446
447$ mknod ccc c 1 1
448$ setfacl -m u:42:r,g:43:w ccc
449> setfacl: ccc: acl_get_file() failed: Operation not supported
450$ ls -l ccc | cut -d' ' -f1
451> crw-r--r--
452
453$ rm ccc
454