xref: /illumos-gate/usr/src/test/zfs-tests/tests/functional/privilege/privilege_001_pos.ksh (revision 1d32ba663e202c24a5a1f2e5aef83fffb447cb7f) 
1f38cb554SJohn Wren Kennedy#! /usr/bin/ksh -p
2f38cb554SJohn Wren Kennedy#
3f38cb554SJohn Wren Kennedy# CDDL HEADER START
4f38cb554SJohn Wren Kennedy#
5f38cb554SJohn Wren Kennedy# The contents of this file are subject to the terms of the
6f38cb554SJohn Wren Kennedy# Common Development and Distribution License (the "License").
7f38cb554SJohn Wren Kennedy# You may not use this file except in compliance with the License.
8f38cb554SJohn Wren Kennedy#
9f38cb554SJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10f38cb554SJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing.
11f38cb554SJohn Wren Kennedy# See the License for the specific language governing permissions
12f38cb554SJohn Wren Kennedy# and limitations under the License.
13f38cb554SJohn Wren Kennedy#
14f38cb554SJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
15f38cb554SJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16f38cb554SJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
17f38cb554SJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
18f38cb554SJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
19f38cb554SJohn Wren Kennedy#
20f38cb554SJohn Wren Kennedy# CDDL HEADER END
21f38cb554SJohn Wren Kennedy#
22f38cb554SJohn Wren Kennedy
23f38cb554SJohn Wren Kennedy#
24f38cb554SJohn Wren Kennedy# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
25f38cb554SJohn Wren Kennedy# Use is subject to license terms.
26f38cb554SJohn Wren Kennedy#
27f38cb554SJohn Wren Kennedy
28f38cb554SJohn Wren Kennedy#
29*1d32ba66SJohn Wren Kennedy# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
30f38cb554SJohn Wren Kennedy#
31f38cb554SJohn Wren Kennedy
32f38cb554SJohn Wren Kennedy. $STF_SUITE/include/libtest.shlib
33f38cb554SJohn Wren Kennedy
34f38cb554SJohn Wren Kennedy#
35f38cb554SJohn Wren Kennedy# DESCRIPTION:
36f38cb554SJohn Wren Kennedy#
37f38cb554SJohn Wren Kennedy# The RBAC profile "ZFS Storage Management" works
38f38cb554SJohn Wren Kennedy#
39f38cb554SJohn Wren Kennedy# STRATEGY:
40f38cb554SJohn Wren Kennedy#	(create)
41f38cb554SJohn Wren Kennedy#	1. As a normal user, try to create a pool - which should fail.
42f38cb554SJohn Wren Kennedy#       2. Assign "ZFS Storage Management" profile, try to create pool again,
43f38cb554SJohn Wren Kennedy#	   which should succeed.
44f38cb554SJohn Wren Kennedy#
45f38cb554SJohn Wren Kennedy#	(works well with other ZFS profile tests)
46f38cb554SJohn Wren Kennedy#	3. Attempt to create a ZFS filesystem, which should fail.
47f38cb554SJohn Wren Kennedy#	4. Add the "ZFS File System Management" profile, attempt to create a FS
48f38cb554SJohn Wren Kennedy# 	   which should succeed.
49f38cb554SJohn Wren Kennedy#
50f38cb554SJohn Wren Kennedy#	(destroy)
51f38cb554SJohn Wren Kennedy#       5. Remove the FS profile, then attempt to destroy the pool, which
52f38cb554SJohn Wren Kennedy# 	   should succeed.
53f38cb554SJohn Wren Kennedy#	6. Remove the Storage profile, then attempt to recreate the pool, which
54f38cb554SJohn Wren Kennedy#	   should fail.
55f38cb554SJohn Wren Kennedy#
56f38cb554SJohn Wren Kennedy
57f38cb554SJohn Wren Kennedy# We can only run this in the global zone
58f38cb554SJohn Wren Kennedyverify_runnable "global"
59f38cb554SJohn Wren Kennedy
60f38cb554SJohn Wren Kennedylog_assert "The RBAC profile \"ZFS Storage Management\" works"
61f38cb554SJohn Wren Kennedy
62*1d32ba66SJohn Wren KennedyZFS_USER=$(cat /tmp/zfs-privs-test-user.txt)
63f38cb554SJohn Wren Kennedy
64f38cb554SJohn Wren Kennedy# the user shouldn't be able to do anything initially
65*1d32ba66SJohn Wren Kennedylog_mustnot su $ZFS_USER -c "zpool create $TESTPOOL $DISKS"
66*1d32ba66SJohn Wren Kennedylog_mustnot su $ZFS_USER -c "pfexec zpool create $TESTPOOL $DISKS"
67f38cb554SJohn Wren Kennedy
68f38cb554SJohn Wren Kennedy# the first time we assign the profile, we insist it should work
69*1d32ba66SJohn Wren Kennedylog_must usermod -P "ZFS Storage Management" $ZFS_USER
70*1d32ba66SJohn Wren Kennedylog_must su $ZFS_USER -c "pfexec zpool create -f $TESTPOOL $DISKS"
71f38cb554SJohn Wren Kennedy
72f38cb554SJohn Wren Kennedy# ensure the user can't create a filesystem with this profile
73*1d32ba66SJohn Wren Kennedylog_mustnot su $ZFS_USER -c "zfs create $TESTPOOL/fs"
74f38cb554SJohn Wren Kennedy
75f38cb554SJohn Wren Kennedy# add ZFS File System Management profile, and try to create a fs
76*1d32ba66SJohn Wren Kennedylog_must usermod -P "ZFS File System Management" $ZFS_USER
77*1d32ba66SJohn Wren Kennedylog_must su $ZFS_USER -c "pfexec zfs create $TESTPOOL/fs"
78f38cb554SJohn Wren Kennedy
79f38cb554SJohn Wren Kennedy# revoke File System Management profile
80*1d32ba66SJohn Wren Kennedyusermod -P, $ZFS_USER
81*1d32ba66SJohn Wren Kennedyusermod -P "ZFS Storage Management" $ZFS_USER
82f38cb554SJohn Wren Kennedy
83f38cb554SJohn Wren Kennedy# ensure the user can destroy pools
84*1d32ba66SJohn Wren Kennedylog_mustnot su $ZFS_USER -c "zpool destroy $TESTPOOL"
85*1d32ba66SJohn Wren Kennedylog_must su $ZFS_USER -c "pfexec zpool destroy $TESTPOOL"
86f38cb554SJohn Wren Kennedy
87f38cb554SJohn Wren Kennedy# revoke Storage Management profile
88*1d32ba66SJohn Wren Kennedyusermod -P, $ZFS_USER
89*1d32ba66SJohn Wren Kennedylog_mustnot su $ZFS_USER -c "pfexec zpool create -f $TESTPOOL $DISKS"
90f38cb554SJohn Wren Kennedy
91f38cb554SJohn Wren Kennedylog_pass "The RBAC profile \"ZFS Storage Management\" works"
92