1# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> 2# 3# Redistribution and use in source and binary forms, with or without 4# modification, are permitted provided that the following conditions 5# are met: 6# 1. Redistributions of source code must retain the above copyright 7# notice, this list of conditions and the following disclaimer. 8# 2. Redistributions in binary form must reproduce the above copyright 9# notice, this list of conditions and the following disclaimer in the 10# documentation and/or other materials provided with the distribution. 11# 12# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 13# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 14# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 15# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 16# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 17# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 18# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 19# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 20# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 21# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 22# SUCH DAMAGE. 23# 24# $FreeBSD$ 25# 26 27# This is a tools-level test for POSIX.1e ACL functionality. Run it as root 28# using ACL-enabled kernel: 29# 30# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test 31# 32# WARNING: Creates files in unsafe way. 33 34$ whoami 35> root 36$ umask 022 37 38# Smoke test for getfacl(1). 39$ touch xxx 40$ getfacl -n xxx 41> # file: xxx 42> # owner: root 43> # group: wheel 44> user::rw- 45> group::r-- 46> other::r-- 47 48$ getfacl -q xxx 49> user::rw- 50> group::r-- 51> other::r-- 52 53$ setfacl -m u:42:r,g:43:w xxx 54$ getfacl -n xxx 55> # file: xxx 56> # owner: root 57> # group: wheel 58> user::rw- 59> user:42:r-- 60> group::r-- 61> group:43:-w- 62> mask::rw- 63> other::r-- 64 65# Check whether ls correctly marks files with "+". 66$ ls -l xxx | cut -d' ' -f1 67> -rw-rw-r--+ 68 69# Same as above, but for symlinks. 70$ ln -s xxx lll 71$ getfacl -h lll 72> # file: lll 73> # owner: root 74> # group: wheel 75> user::rwx 76> group::r-x 77> other::r-x 78 79$ getfacl -qh lll 80> user::rwx 81> group::r-x 82> other::r-x 83 84$ getfacl -q lll 85> user::rw- 86> user:42:r-- 87> group::r-- 88> group:43:-w- 89> mask::rw- 90> other::r-- 91 92$ setfacl -hm u:44:x,g:45:w lll 93$ getfacl -h lll 94> # file: lll 95> # owner: root 96> # group: wheel 97> user::rwx 98> user:44:--x 99> group::r-x 100> group:45:-w- 101> mask::rwx 102> other::r-x 103 104$ ls -l lll | cut -d' ' -f1 105> lrwxrwxr-x+ 106 107# Check whether the original file is left untouched. 108$ ls -l xxx | cut -d' ' -f1 109> -rw-rw-r--+ 110 111$ rm lll 112 113# Test removing entries. 114$ setfacl -x user:42: xxx 115$ getfacl xxx 116> # file: xxx 117> # owner: root 118> # group: wheel 119> user::rw- 120> group::r-- 121> group:43:-w- 122> mask::rw- 123> other::r-- 124 125$ setfacl -m u:42:r xxx 126$ getfacl -n xxx 127> # file: xxx 128> # owner: root 129> # group: wheel 130> user::rw- 131> user:42:r-- 132> group::r-- 133> group:43:-w- 134> mask::rw- 135> other::r-- 136 137# Test removing entries by number. 138$ setfacl -x 1 xxx 139$ getfacl -n xxx 140> # file: xxx 141> # owner: root 142> # group: wheel 143> user::rw- 144> group::r-- 145> group:43:-w- 146> mask::rw- 147> other::r-- 148 149$ setfacl -m g:43:r xxx 150$ getfacl -n xxx 151> # file: xxx 152> # owner: root 153> # group: wheel 154> user::rw- 155> group::r-- 156> group:43:r-- 157> mask::r-- 158> other::r-- 159 160# Make sure cp without any flags does not copy the ACL. 161$ cp xxx yyy 162$ ls -l yyy | cut -d' ' -f1 163> -rw-r--r-- 164 165# Make sure it does with the "-p" flag. 166$ rm yyy 167$ cp -p xxx yyy 168$ getfacl -n yyy 169> # file: yyy 170> # owner: root 171> # group: wheel 172> user::rw- 173> group::r-- 174> group:43:r-- 175> mask::r-- 176> other::r-- 177 178$ rm yyy 179 180# Test removing entries by... by example? 181$ setfacl -m u:42:r,g:43:w xxx 182$ setfacl -x u:42: xxx 183$ getfacl -n xxx 184> # file: xxx 185> # owner: root 186> # group: wheel 187> user::rw- 188> group::r-- 189> group:43:-w- 190> mask::rw- 191> other::r-- 192 193# Test setfacl -b. 194$ setfacl -b xxx 195$ getfacl -n xxx 196> # file: xxx 197> # owner: root 198> # group: wheel 199> user::rw- 200> group::r-- 201> mask::r-- 202> other::r-- 203 204$ ls -l xxx | cut -d' ' -f1 205> -rw-r--r--+ 206 207$ setfacl -nb xxx 208$ getfacl -n xxx 209> # file: xxx 210> # owner: root 211> # group: wheel 212> user::rw- 213> group::r-- 214> other::r-- 215 216$ ls -l xxx | cut -d' ' -f1 217> -rw-r--r-- 218 219# Check setfacl(1) and getfacl(1) with multiple files. 220$ touch xxx yyy zzz 221 222$ ls -l xxx yyy zzz | cut -d' ' -f1 223> -rw-r--r-- 224> -rw-r--r-- 225> -rw-r--r-- 226 227$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz 228> setfacl: nnn: acl_get_file() failed: No such file or directory 229 230$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 231> ls: nnn: No such file or directory 232> -rw-rwxr--+ 233> -rw-rwxr--+ 234> -rw-rwxr--+ 235 236$ getfacl -nq nnn xxx yyy zzz 237> getfacl: nnn: stat() failed: No such file or directory 238> user::rw- 239> user:42:--x 240> group::r-- 241> group:43:-w- 242> mask::rwx 243> other::r-- 244> 245> user::rw- 246> user:42:--x 247> group::r-- 248> group:43:-w- 249> mask::rwx 250> other::r-- 251> 252> user::rw- 253> user:42:--x 254> group::r-- 255> group:43:-w- 256> mask::rwx 257> other::r-- 258 259$ setfacl -b nnn xxx yyy zzz 260> setfacl: nnn: acl_get_file() failed: No such file or directory 261 262$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 263> ls: nnn: No such file or directory 264> -rw-r--r--+ 265> -rw-r--r--+ 266> -rw-r--r--+ 267 268$ setfacl -bn nnn xxx yyy zzz 269> setfacl: nnn: acl_get_file() failed: No such file or directory 270 271$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 272> ls: nnn: No such file or directory 273> -rw-r--r-- 274> -rw-r--r-- 275> -rw-r--r-- 276 277$ rm xxx yyy zzz 278 279# Check whether chmod actually does what it should do. 280$ touch xxx 281$ setfacl -m u:42:rwx,g:43:rwx xxx 282$ chmod 600 xxx 283$ getfacl -n xxx 284> # file: xxx 285> # owner: root 286> # group: wheel 287> user::rw- 288> user:42:rwx # effective: --- 289> group::r-- # effective: --- 290> group:43:rwx # effective: --- 291> mask::--- 292> other::--- 293 294$ chmod 060 xxx 295$ getfacl -n xxx 296> # file: xxx 297> # owner: root 298> # group: wheel 299> user::--- 300> user:42:rwx # effective: rw- 301> group::r-- 302> group:43:rwx # effective: rw- 303> mask::rw- 304> other::--- 305 306# Test default ACLs. 307$ umask 022 308$ mkdir ddd 309$ getfacl -qn ddd 310> user::rwx 311> group::r-x 312> other::r-x 313 314$ ls -l | grep ddd | cut -d' ' -f1 315> drwxr-xr-x 316 317$ getfacl -dq ddd 318$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 319$ getfacl -dqn ddd 320> user::rwx 321> group::r-x 322> mask::rwx 323> other::r-x 324 325# No change - ls(1) output doesn't take into account default ACLs. 326$ ls -l | grep ddd | cut -d' ' -f1 327> drwxr-xr-x 328 329$ setfacl -dm g:42:rwx,u:42:r ddd 330$ setfacl -dm g::w ddd 331$ getfacl -dqn ddd 332> user::rwx 333> user:42:r-- 334> group::-w- 335> group:42:rwx 336> mask::rwx 337> other::r-x 338 339$ setfacl -dx group:42: ddd 340$ getfacl -dqn ddd 341> user::rwx 342> user:42:r-- 343> group::-w- 344> mask::rw- 345> other::r-x 346 347$ ls -l | grep ddd | cut -d' ' -f1 348> drwxr-xr-x 349 350$ rmdir ddd 351$ rm xxx 352 353# Test inheritance. 354$ mkdir ddd 355 356$ touch ddd/xxx 357$ getfacl -q ddd/xxx 358> user::rw- 359> group::r-- 360> other::r-- 361 362$ mkdir ddd/ddd 363$ getfacl -q ddd/ddd 364> user::rwx 365> group::r-x 366> other::r-x 367 368$ rmdir ddd/ddd 369$ rm ddd/xxx 370 371$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 372$ setfacl -dm g:42:rwx,u:43:r ddd 373$ getfacl -dq ddd 374> user::rwx 375> user:43:r-- 376> group::r-x 377> group:42:rwx 378> mask::rwx 379> other::r-x 380 381$ touch ddd/xxx 382$ getfacl -q ddd/xxx 383> user::rw- 384> user:43:r-- 385> group::r-x # effective: r-- 386> group:42:rwx # effective: r-- 387> mask::r-- 388> other::r-- 389 390$ mkdir ddd/ddd 391$ getfacl -q ddd/ddd 392> user::rwx 393> user:43:r-- 394> group::r-x 395> group:42:rwx # effective: r-x 396> mask::r-x 397> other::r-x 398 399$ rmdir ddd/ddd 400$ rm ddd/xxx 401$ rmdir ddd 402 403# Test if we deal properly with fifos. 404$ mkfifo fff 405$ ls -l fff | cut -d' ' -f1 406> prw-r--r-- 407 408$ setfacl -m u:42:r,g:43:w fff 409$ getfacl fff 410> # file: fff 411> # owner: root 412> # group: wheel 413> user::rw- 414> user:42:r-- 415> group::r-- 416> group:43:-w- 417> mask::rw- 418> other::r-- 419 420$ ls -l fff | cut -d' ' -f1 421> prw-rw-r--+ 422 423$ setfacl -bn fff 424$ getfacl fff 425> # file: fff 426> # owner: root 427> # group: wheel 428> user::rw- 429> group::r-- 430> other::r-- 431 432$ ls -l fff | cut -d' ' -f1 433> prw-r--r-- 434 435$ rm fff 436 437# Test if we deal properly with device files. 438$ mknod bbb b 1 1 439$ setfacl -m u:42:r,g:43:w bbb 440> setfacl: bbb: acl_get_file() failed: Operation not supported 441$ ls -l bbb | cut -d' ' -f1 442> brw-r--r-- 443 444$ rm bbb 445 446$ mknod ccc c 1 1 447$ setfacl -m u:42:r,g:43:w ccc 448> setfacl: ccc: acl_get_file() failed: Operation not supported 449$ ls -l ccc | cut -d' ' -f1 450> crw-r--r-- 451 452$ rm ccc 453