1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2012, 2016 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33 34# 35# DESCRIPTION: 36# Verify that explicit ACL setting to specified user or group will 37# override existed access rule. 38# 39# STRATEGY: 40# 1. Loop root and non-root user. 41# 2. Loop the specified access one by one. 42# 3. Loop verify explicit ACL set to specified user and group. 43# 44 45verify_runnable "both" 46 47function check_access #log user node access rflag 48{ 49 typeset log=$1 50 typeset user=$2 51 typeset node=$3 52 typeset access=$4 53 typeset rflag=$5 54 55 if [[ $rflag == "allow" && $access == execute ]]; then 56 rwx_node $user $node $access 57 # 58 # When everyone@ were deny, this file can't execute. 59 # So,'cannot execute' means user has the permission to 60 # execute, just the file can't be execute. 61 # 62 if [[ $ZFS_ACL_ERR_STR == *"cannot execute"* ]]; then 63 log_note "SUCCESS: rwx_node $user $node $access" 64 else 65 log_fail "FAIL: rwx_node $user $node $access" 66 fi 67 else 68 $log rwx_node $user $node $access 69 fi 70} 71 72function verify_explicit_ACL_rule #node access flag 73{ 74 typeset node=$1 75 typeset access=$2 76 typeset flag=$3 77 typeset log rlog rflag 78 79 # Get the expect log check 80 if [[ $flag == allow ]]; then 81 log=log_mustnot 82 rlog=log_must 83 rflag=deny 84 else 85 log=log_must 86 rlog=log_mustnot 87 rflag=allow 88 fi 89 90 log_must usr_exec chmod A+everyone@:$access:$flag $node 91 log_must usr_exec chmod A+user:$ZFS_ACL_OTHER1:$access:$rflag $node 92 check_access $log $ZFS_ACL_OTHER1 $node $access $rflag 93 log_must usr_exec chmod A0- $node 94 95 log_must usr_exec \ 96 chmod A+group:$ZFS_ACL_OTHER_GROUP:$access:$rflag $node 97 check_access $log $ZFS_ACL_OTHER1 $node $access $rflag 98 check_access $log $ZFS_ACL_OTHER2 $node $access $rflag 99 log_must usr_exec chmod A0- $node 100 log_must usr_exec chmod A0- $node 101 102 log_must usr_exec \ 103 chmod A+group:$ZFS_ACL_OTHER_GROUP:$access:$flag $node 104 log_must usr_exec chmod A+user:$ZFS_ACL_OTHER1:$access:$rflag $node 105 $log rwx_node $ZFS_ACL_OTHER1 $node $access 106 $rlog rwx_node $ZFS_ACL_OTHER2 $node $access 107 log_must usr_exec chmod A0- $node 108 log_must usr_exec chmod A0- $node 109} 110 111log_assert "Verify that explicit ACL setting to specified user or group will" \ 112 "override existed access rule." 113log_onexit cleanup 114 115set -A a_access "read_data" "write_data" "execute" 116set -A a_flag "allow" "deny" 117typeset node 118 119for user in root $ZFS_ACL_STAFF1; do 120 log_must set_cur_usr $user 121 122 log_must usr_exec touch $testfile 123 log_must usr_exec mkdir $testdir 124 log_must usr_exec chmod 755 $testfile $testdir 125 126 for node in $testfile $testdir; do 127 for access in ${a_access[@]}; do 128 for flag in ${a_flag[@]}; do 129 verify_explicit_ACL_rule $node $access $flag 130 done 131 done 132 done 133 134 log_must usr_exec rm -rf $testfile $testdir 135done 136 137log_pass "Explicit ACL setting to specified user or group will override " \ 138 "existed access rule passed." 139