mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-26 11:19:32 +03:00
ZTS: Fix posix ACL tests that should pass
Make sure tests have proper include files. Make sure underlying "chmod" style permissions don't interfere with ACLs. Reviewed-by: John Kennedy <john.kennedy@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Paul Zuchowski <pzuchowski@datto.com> Closes #8069
This commit is contained in:
parent
58aeb87a8f
commit
04a88fc00c
@ -151,8 +151,6 @@ summary = {
|
||||
# reasons listed above can be used.
|
||||
#
|
||||
known = {
|
||||
'acl/posix/posix_001_pos': ['FAIL', known_reason],
|
||||
'acl/posix/posix_002_pos': ['FAIL', known_reason],
|
||||
'casenorm/sensitive_none_lookup': ['FAIL', '7633'],
|
||||
'casenorm/sensitive_none_delete': ['FAIL', '7633'],
|
||||
'casenorm/sensitive_formd_lookup': ['FAIL', '7633'],
|
||||
|
@ -26,6 +26,7 @@
|
||||
#
|
||||
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/acl/acl_common.kshlib
|
||||
|
||||
#
|
||||
# Copyright (c) 2012 by Delphix. All rights reserved.
|
||||
@ -43,19 +44,47 @@
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
function cleanup
|
||||
{
|
||||
rmdir $TESTDIR/dir.0
|
||||
}
|
||||
|
||||
log_assert "Verify acltype=posixacl works on file"
|
||||
log_onexit cleanup
|
||||
|
||||
# Test access to FILE
|
||||
log_note "Testing access to FILE"
|
||||
log_must touch $TESTDIR/file.0
|
||||
log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0
|
||||
getfacl $TESTDIR/file.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
|
||||
getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \
|
||||
"^group:$ZFS_ACL_STAFF_GROUP:rw-$"
|
||||
if [ "$?" -eq "0" ]; then
|
||||
# Should be able to write to file
|
||||
log_must user_run $ZFS_ACL_STAFF1 "echo 'echo test > /dev/null' > $TESTDIR/file.0"
|
||||
log_must user_run $ZFS_ACL_STAFF1 \
|
||||
"echo 'echo test > /dev/null' > $TESTDIR/file.0"
|
||||
|
||||
# Since $TESTDIR is 777, create a new dir with controlled permissions
|
||||
# for testing that creating a new file is not allowed.
|
||||
log_must mkdir $TESTDIR/dir.0
|
||||
log_must chmod 700 $TESTDIR/dir.0
|
||||
log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0
|
||||
# Confirm permissions
|
||||
ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+"
|
||||
if [ "$?" -ne "0" ]; then
|
||||
msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
|
||||
log_note "expected mask drwxrw----+ but found $msk"
|
||||
log_fail "Expected permissions were not set."
|
||||
fi
|
||||
getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
|
||||
"^group:$ZFS_ACL_STAFF_GROUP:rw-$"
|
||||
if [ "$?" -ne "0" ]; then
|
||||
acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
|
||||
log_note $acl
|
||||
log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set."
|
||||
fi
|
||||
# Should NOT be able to create new file
|
||||
log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/file.1"
|
||||
log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1"
|
||||
|
||||
# Root should be able to run file, but not user
|
||||
chmod +x $TESTDIR/file.0
|
||||
|
@ -26,6 +26,7 @@
|
||||
#
|
||||
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/acl/acl_common.kshlib
|
||||
|
||||
#
|
||||
# Copyright (c) 2012 by Delphix. All rights reserved.
|
||||
@ -47,8 +48,19 @@ log_assert "Verify acltype=posixacl works on directory"
|
||||
# Test access to DIRECTORY
|
||||
log_note "Testing access to DIRECTORY"
|
||||
log_must mkdir $TESTDIR/dir.0
|
||||
# Eliminate access by "other" including our test group,
|
||||
# we want access controlled only by the ACLs.
|
||||
log_must chmod 700 $TESTDIR/dir.0
|
||||
log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:wx $TESTDIR/dir.0
|
||||
getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:-wx$"
|
||||
# Confirm permissions
|
||||
ls -l $TESTDIR |grep "dir.0" |grep -q "drwx-wx---+"
|
||||
if [ "$?" -ne "0" ]; then
|
||||
msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
|
||||
log_note "expected mask drwx-wx---+ but found $msk"
|
||||
log_fail "Expected permissions were not set."
|
||||
fi
|
||||
getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
|
||||
"^group:$ZFS_ACL_STAFF_GROUP:-wx$"
|
||||
if [ "$?" -eq "0" ]; then
|
||||
# Should be able to create file in directory
|
||||
log_must user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.0"
|
||||
@ -58,5 +70,7 @@ if [ "$?" -eq "0" ]; then
|
||||
|
||||
log_pass "POSIX ACL mode works on directories"
|
||||
else
|
||||
log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rwx' as specified"
|
||||
acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
|
||||
log_note $acl
|
||||
log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have '-wx' as specified"
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user