1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2013, 2016 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib 33 34# 35# DESCRIPTION: 36# Scan the following permissions one by one to verify privileged user 37# has correct permission delegation in datasets. 38# 39# STRATEGY: 40# 1. Delegate all the permission one by one to user on dataset. 41# 2. Verify privileged user has correct permission without any other 42# permissions allowed. 43# 44 45verify_runnable "both" 46 47log_assert "Verify privileged user has correct permissions once which was "\ 48 "delegated to him in datasets" 49log_onexit restore_root_datasets 50 51# 52# Results in Results in 53# Permission Filesystem Volume 54# 55set -A perms create true false \ 56 snapshot true true \ 57 mount true false \ 58 send true true \ 59 allow true true \ 60 quota true false \ 61 reservation true true \ 62 dnodesize true false \ 63 recordsize true false \ 64 mountpoint true false \ 65 checksum true true \ 66 compression true true \ 67 canmount true false \ 68 atime true false \ 69 devices true false \ 70 exec true false \ 71 volsize false true \ 72 setuid true false \ 73 readonly true true \ 74 snapdir true false \ 75 userprop true true \ 76 aclmode true false \ 77 aclinherit true false \ 78 rollback true true \ 79 clone true true \ 80 rename true true \ 81 promote true true \ 82 zoned true false \ 83 xattr true false \ 84 receive true false \ 85 destroy true true 86if is_global_zone; then 87 typeset -i n=${#perms[@]} 88 perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false" 89 perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false" 90fi 91 92for dtst in $DATASETS; do 93 typeset -i k=1 94 typeset type=$(get_prop type $dtst) 95 [[ $type == "volume" ]] && k=2 96 97 typeset -i i=0 98 while (( i < ${#perms[@]} )); do 99 log_must zfs allow $STAFF1 ${perms[$i]} $dtst 100 101 if [[ ${perms[((i+k))]} == "true" ]]; then 102 log_must verify_perm $dtst ${perms[$i]} $STAFF1 103 else 104 log_must verify_noperm $dtst ${perms[$i]} $STAFF1 105 fi 106 107 log_must restore_root_datasets 108 109 ((i += 3)) 110 done 111done 112 113log_pass "Verify privileged user has correct permissions " \ 114 "in datasets passed." 115