mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2026-05-25 03:37:45 +03:00
Add the ZFS Test Suite
Add the ZFS Test Suite and test-runner framework from illumos.
This is a continuation of the work done by Turbo Fredriksson to
port the ZFS Test Suite to Linux. While this work was originally
conceived as a stand alone project integrating it directly with
the ZoL source tree has several advantages:
* Allows the ZFS Test Suite to be packaged in zfs-test package.
* Facilitates easy integration with the CI testing.
* Users can locally run the ZFS Test Suite to validate ZFS.
This testing should ONLY be done on a dedicated test system
because the ZFS Test Suite in its current form is destructive.
* Allows the ZFS Test Suite to be run directly in the ZoL source
tree enabled developers to iterate quickly during development.
* Developers can easily add/modify tests in the framework as
features are added or functionality is changed. The tests
will then always be in sync with the implementation.
Full documentation for how to run the ZFS Test Suite is available
in the tests/README.md file.
Warning: This test suite is designed to be run on a dedicated test
system. It will make modifications to the system including, but
not limited to, the following.
* Adding new users
* Adding new groups
* Modifying the following /proc files:
* /proc/sys/kernel/core_pattern
* /proc/sys/kernel/core_uses_pid
* Creating directories under /
Notes:
* Not all of the test cases are expected to pass and by default
these test cases are disabled. The failures are primarily due
to assumption made for illumos which are invalid under Linux.
* When updating these test cases it should be done in as generic
a way as possible so the patch can be submitted back upstream.
Most existing library functions have been updated to be Linux
aware, and the following functions and variables have been added.
* Functions:
* is_linux - Used to wrap a Linux specific section.
* block_device_wait - Waits for block devices to be added to /dev/.
* Variables: Linux Illumos
* ZVOL_DEVDIR "/dev/zvol" "/dev/zvol/dsk"
* ZVOL_RDEVDIR "/dev/zvol" "/dev/zvol/rdsk"
* DEV_DSKDIR "/dev" "/dev/dsk"
* DEV_RDSKDIR "/dev" "/dev/rdsk"
* NEWFS_DEFAULT_FS "ext2" "ufs"
* Many of the disabled test cases fail because 'zfs/zpool destroy'
returns EBUSY. This is largely causes by the asynchronous nature
of device handling on Linux and is expected, the impacted test
cases will need to be updated to handle this.
* There are several test cases which have been disabled because
they can trigger a deadlock. A primary example of this is to
recursively create zpools within zpools. These tests have been
disabled until the root issue can be addressed.
* Illumos specific utilities such as (mkfile) should be added to
the tests/zfs-tests/cmd/ directory. Custom programs required by
the test scripts can also be added here.
* SELinux should be either is permissive mode or disabled when
running the tests. The test cases should be updated to conform
to a standard policy.
* Redundant test functionality has been removed (zfault.sh).
* Existing test scripts (zconfig.sh) should be migrated to use
the framework for consistency and ease of testing.
* The DISKS environment variable currently only supports loopback
devices because of how the ZFS Test Suite expects partitions to
be named (p1, p2, etc). Support must be added to generate the
correct partition name based on the device location and name.
* The ZFS Test Suite is part of the illumos code base at:
https://github.com/illumos/illumos-gate/tree/master/usr/src/test
Original-patch-by: Turbo Fredriksson <turbo@bayour.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Olaf Faaland <faaland1@llnl.gov>
Closes #6
Closes #1534
This commit is contained in:
Brian Behlendorf
@@ -0,0 +1,26 @@
|
||||
pkgdatadir = $(datadir)/@PACKAGE@/zfs-tests/tests/functional/delegate
|
||||
dist_pkgdata_SCRIPTS = \
|
||||
delegate.cfg \
|
||||
delegate_common.kshlib \
|
||||
cleanup.ksh \
|
||||
setup.ksh \
|
||||
zfs_allow_001_pos.ksh \
|
||||
zfs_allow_002_pos.ksh \
|
||||
zfs_allow_003_pos.ksh \
|
||||
zfs_allow_004_pos.ksh \
|
||||
zfs_allow_005_pos.ksh \
|
||||
zfs_allow_006_pos.ksh \
|
||||
zfs_allow_007_pos.ksh \
|
||||
zfs_allow_008_pos.ksh \
|
||||
zfs_allow_009_neg.ksh \
|
||||
zfs_allow_010_pos.ksh \
|
||||
zfs_allow_011_neg.ksh \
|
||||
zfs_allow_012_neg.ksh \
|
||||
zfs_unallow_001_pos.ksh \
|
||||
zfs_unallow_002_pos.ksh \
|
||||
zfs_unallow_003_pos.ksh \
|
||||
zfs_unallow_004_pos.ksh \
|
||||
zfs_unallow_005_pos.ksh \
|
||||
zfs_unallow_006_pos.ksh \
|
||||
zfs_unallow_007_neg.ksh \
|
||||
zfs_unallow_008_neg.ksh
|
||||
+44
@@ -0,0 +1,44 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
cleanup_user_group
|
||||
|
||||
# restore the state of svc:/network/nis/client:default
|
||||
if [[ -e $NISSTAFILE ]]; then
|
||||
log_must $SVCADM enable svc:/network/nis/client:default
|
||||
log_must $RM -f $NISSTAFILE
|
||||
fi
|
||||
|
||||
default_cleanup
|
||||
|
||||
log_pass
|
||||
@@ -0,0 +1,59 @@
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
export NISSTAFILE=/var/tmp/nis_state
|
||||
|
||||
export STAFF_GROUP=zfsgrp
|
||||
export STAFF1=staff1
|
||||
export STAFF2=staff2
|
||||
|
||||
export OTHER_GROUP=othergrp
|
||||
export OTHER1=other1
|
||||
export OTHER2=other2
|
||||
|
||||
export EVERYONE="$STAFF1 $STAFF2 $OTHER1 $OTHER2"
|
||||
|
||||
export LOCAL_SET="snapshot"
|
||||
export LOCAL_DESC_SET="readonly,checksum"
|
||||
export DESC_SET="compression"
|
||||
|
||||
export TESTVOL=testvol.delegate
|
||||
export VOLSIZE=150m
|
||||
|
||||
export ROOT_TESTVOL=$TESTPOOL/$TESTVOL
|
||||
export ROOT_TESTFS=$TESTPOOL/$TESTFS
|
||||
export SUBFS=$ROOT_TESTFS/SUBFS
|
||||
export SUBFS2=$ROOT_TESTFS/SUBFS2
|
||||
|
||||
DATASETS="$ROOT_TESTFS"
|
||||
if is_global_zone ; then
|
||||
DATASETS=$DATASETS
|
||||
fi
|
||||
export DATASETS
|
||||
File diff suppressed because it is too large
Load Diff
+59
@@ -0,0 +1,59 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
# check svc:/network/nis/client:default state
|
||||
# disable it if the state is ON
|
||||
# and the state will be restored during cleanup.ksh
|
||||
log_must $RM -f $NISSTAFILE
|
||||
if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
|
||||
log_must $SVCADM disable -t svc:/network/nis/client:default
|
||||
log_must $TOUCH $NISSTAFILE
|
||||
fi
|
||||
|
||||
cleanup_user_group
|
||||
|
||||
# Create staff group and add two user to it
|
||||
log_must add_group $STAFF_GROUP
|
||||
log_must add_user $STAFF_GROUP $STAFF1
|
||||
log_must add_user $STAFF_GROUP $STAFF2
|
||||
|
||||
# Create other group and add two user to it
|
||||
log_must add_group $OTHER_GROUP
|
||||
log_must add_user $OTHER_GROUP $OTHER1
|
||||
log_must add_user $OTHER_GROUP $OTHER2
|
||||
|
||||
DISK=${DISKS%% *}
|
||||
default_volume_setup $DISK
|
||||
log_must $CHMOD 777 $TESTDIR
|
||||
|
||||
log_pass
|
||||
@@ -0,0 +1,98 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# "everyone" is interpreted as the keyword "everyone" whatever the same
|
||||
# name user or group is existing.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Create user 'everyone'.
|
||||
# 2. Verify 'everyone' is interpreted as keywords.
|
||||
# 3. Create group 'everyone'.
|
||||
# 4. Verify 'everyone' is interpreted as keywords.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
function cleanup
|
||||
{
|
||||
if [[ $user_added == "TRUE" ]] ; then
|
||||
del_user everyone
|
||||
fi
|
||||
if [[ $group_added == "TRUE" ]] ; then
|
||||
del_group everyone
|
||||
fi
|
||||
|
||||
restore_root_datasets
|
||||
}
|
||||
|
||||
log_assert "everyone' is interpreted as a keyword even if a user " \
|
||||
"or group named 'everyone' exists."
|
||||
log_onexit cleanup
|
||||
|
||||
eval set -A dataset $DATASETS
|
||||
typeset perms="snapshot,reservation,compression,checksum,send,userprop"
|
||||
|
||||
log_note "Create a user called 'everyone'."
|
||||
if ! $ID everyone > /dev/null 2>&1; then
|
||||
user_added="TRUE"
|
||||
log_must $USERADD everyone
|
||||
fi
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow everyone $perms $dtst
|
||||
log_must verify_perm $dtst $perms $EVERYONE "everyone"
|
||||
done
|
||||
log_must restore_root_datasets
|
||||
if [[ $user_added == "TRUE" ]]; then
|
||||
log_must $USERDEL everyone
|
||||
fi
|
||||
|
||||
log_note "Created a group called 'everyone'."
|
||||
if ! $CAT /etc/group | $AWK -F: '{print $1}' | \
|
||||
$GREP -w 'everyone' > /dev/null 2>&1
|
||||
then
|
||||
group_added="TRUE"
|
||||
log_must $GROUPADD everyone
|
||||
fi
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow everyone $perms $dtst
|
||||
log_must verify_perm $dtst $perms $EVERYONE
|
||||
done
|
||||
log_must restore_root_datasets
|
||||
if [[ $group_added == "TRUE" ]]; then
|
||||
log_must $GROUPDEL everyone
|
||||
fi
|
||||
|
||||
log_pass "everyone is always interpreted as keyword passed."
|
||||
@@ -0,0 +1,79 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# <user|group> argument is interpreted as a user if possible, then as a group as
|
||||
# possible.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Create user $STAFF_GROUP
|
||||
# 2. Delegate permissions to $STAFF_GROUP
|
||||
# 3. Verify user $STAFF_GROUP has the permissions.
|
||||
# 4. Delete user $STAFF_GROUP and allow the permission to $STAFF_GROUP
|
||||
# 5. Verify $STAFF_GROUP is interpreted as group.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
function cleanup
|
||||
{
|
||||
if $ID $STAFF_GROUP > /dev/null 2>&1; then
|
||||
log_must del_user $STAFF_GROUP
|
||||
fi
|
||||
|
||||
restore_root_datasets
|
||||
}
|
||||
|
||||
log_assert "<user|group> is interpreted as user if possible, then as group."
|
||||
log_onexit cleanup
|
||||
|
||||
eval set -A dataset $DATASETS
|
||||
typeset perms="snapshot,reservation,compression,checksum,send,userprop"
|
||||
|
||||
log_must $USERADD $STAFF_GROUP
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow $STAFF_GROUP $perms $dtst
|
||||
log_must verify_perm $dtst $perms $STAFF_GROUP
|
||||
log_must verify_noperm $dtst $perms $STAFF1 $STAFF2
|
||||
done
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
log_must del_user $STAFF_GROUP
|
||||
for dtst in $datasets ; do
|
||||
log_must $ZFS allow $STAFF_GROUP $perms $dtst
|
||||
log_must verify_perm $dtst $perms $STAFF1 $STAFF2
|
||||
done
|
||||
|
||||
log_pass "<user|group> is interpreted as user if possible, then as group passed."
|
||||
@@ -0,0 +1,93 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify option '-l' only allow permission to the dataset itself.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Create descendent datasets of $ROOT_TESTFS
|
||||
# 2. Select user, group and everyone and set local permission separately.
|
||||
# 3. Set locally permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
|
||||
# 4. Verify the permissions are only allow on $ROOT_TESTFS or
|
||||
# $ROOT_TESTVOL.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify option '-l' only allow permission to the dataset itself."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
childfs=$ROOT_TESTFS/childfs
|
||||
|
||||
eval set -A dataset $DATASETS
|
||||
typeset perms="snapshot,reservation,compression,checksum,userprop"
|
||||
|
||||
log_must $ZFS create $childfs
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -l $STAFF1 $perms $dtst
|
||||
log_must verify_perm $dtst $perms $STAFF1
|
||||
if [[ $dtst == $ROOT_TESTFS ]] ; then
|
||||
log_must verify_noperm $childfs $perms \
|
||||
$STAFF1 $STAFF2 $OTHER1 $OTHER2
|
||||
fi
|
||||
done
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
log_must $ZFS create $childfs
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -l -g $STAFF_GROUP $perms $dtst
|
||||
log_must verify_perm $dtst $perms $STAFF1 $STAFF2
|
||||
if [[ $dtst == $ROOT_TESTFS ]] ; then
|
||||
log_must verify_noperm $childfs $perms \
|
||||
$STAFF1 $STAFF2 $OTHER1 $OTHER2
|
||||
fi
|
||||
done
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
log_must $ZFS create $childfs
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -l -e $perms $dtst
|
||||
log_must verify_perm $dtst $perms $STAFF1 $STAFF2 $OTHER1 $OTHER2
|
||||
if [[ $dtst == $ROOT_TESTFS ]] ; then
|
||||
log_must verify_noperm $childfs $perms \
|
||||
$STAFF1 $STAFF2 $OTHER1 $OTHER2
|
||||
fi
|
||||
done
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
log_pass "Verify option '-l' only allow permission to the dataset itself pass."
|
||||
@@ -0,0 +1,96 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify option '-d' allow permission to the descendent datasets, and not
|
||||
# for this dataset itself.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Create descendent datasets of $ROOT_TESTFS
|
||||
# 2. Select user, group and everyone and set descendent permission
|
||||
# separately.
|
||||
# 3. Set descendent permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
|
||||
# 4. Verify those permissions are allowed to $ROOT_TESTFS's
|
||||
# descendent dataset.
|
||||
# 5. Verify the permissions are not allowed to $ROOT_TESTFS or
|
||||
# $ROOT_TESTVOL.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify option '-d' allow permission to the descendent datasets."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
childfs=$ROOT_TESTFS/childfs
|
||||
|
||||
eval set -A dataset $DATASETS
|
||||
typeset perms="snapshot,reservation,compression,checksum,userprop"
|
||||
|
||||
# Verify option '-d' only affect sub-datasets
|
||||
log_must $ZFS create $childfs
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -d $STAFF1 $perms $dtst
|
||||
log_must verify_noperm $dtst $perms $STAFF1
|
||||
if [[ $dtst == $ROOT_TESTFS ]]; then
|
||||
log_must verify_perm $childfs $perms $STAFF1
|
||||
fi
|
||||
done
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
# Verify option '-d + -g' affect group in sub-datasets.
|
||||
log_must $ZFS create $childfs
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -d -g $STAFF_GROUP $perms $dtst
|
||||
log_must verify_noperm $dtst $perms $STAFF2
|
||||
if [[ $dtst == $ROOT_TESTFS ]]; then
|
||||
log_must verify_perm $childfs $perms $STAFF2
|
||||
fi
|
||||
done
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
# Verify option '-d + -e' affect everyone in sub-datasets.
|
||||
log_must $ZFS create $childfs
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -d -e $perms $dtst
|
||||
log_must verify_noperm $dtst $perms $OTHER1 $OTHER2
|
||||
if [[ $dtst == $ROOT_TESTFS ]]; then
|
||||
log_must verify_perm $childfs $perms $OTHER1 $OTHER2
|
||||
fi
|
||||
done
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
log_pass "Verify option '-d' allow permission to the descendent datasets pass."
|
||||
@@ -0,0 +1,78 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify option '-c' will be granted locally to the creator on any
|
||||
# newly-created descendent file systems.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Allow create permissions to everyone on $ROOT_TESTFS locally.
|
||||
# 2. Allow '-c' create to $ROOT_TESTFS.
|
||||
# 3. chmod 777 the mountpoint of $ROOT_TESTFS
|
||||
# 4. Verify only creator can create descendent dataset on
|
||||
# $ROOT_TESTFS/$user.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify option '-c' will be granted locally to the creator."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
eval set -A dataset $DATASETS
|
||||
typeset perms="snapshot,reservation,compression,checksum,userprop"
|
||||
|
||||
log_must $ZFS allow -l everyone create,mount $ROOT_TESTFS
|
||||
log_must $ZFS allow -c $perms $ROOT_TESTFS
|
||||
|
||||
mntpnt=$(get_prop mountpoint $ROOT_TESTFS)
|
||||
log_must $CHMOD 777 $mntpnt
|
||||
|
||||
for user in $EVERYONE; do
|
||||
childfs=$ROOT_TESTFS/$user
|
||||
|
||||
user_run $user $ZFS create $childfs
|
||||
|
||||
for other in $EVERYONE; do
|
||||
#
|
||||
# Verify only the creator has the $perm time permissions.
|
||||
#
|
||||
if [[ $other == $user ]]; then
|
||||
log_must verify_perm $childfs $perms $user
|
||||
else
|
||||
log_must verify_noperm $childfs $perms $other
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
log_pass "Verify option '-c' will be granted locally to the creator passed."
|
||||
@@ -0,0 +1,72 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Changing permissions in a set will change what is allowed wherever the
|
||||
# set is used.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set create as set @basic.
|
||||
# 2. Allow set @basic to $STAFF1 on $ROOT_TESTFS or $ROOT_TESTVOL
|
||||
# 3. Verify $STAFF1 has create permissions.
|
||||
# 4. Reset snapshot,allow to $basic
|
||||
# 5. Verify now $STAFF1 have create,allow,destroy permissions.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Changing permissions in a set will change what is allowed " \
|
||||
"wherever the set is used."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
fs1=$ROOT_TESTFS/fs1; fs2=$ROOT_TESTFS/fs2
|
||||
log_must $ZFS create $fs1
|
||||
log_must $ZFS create $fs2
|
||||
|
||||
eval set -A dataset $DATASETS
|
||||
perms1="snapshot,checksum,reservation"
|
||||
|
||||
for dtst in $DATASETS $fs1 $fs2; do
|
||||
log_must $ZFS allow -s @basic $perms1 $dtst
|
||||
log_must $ZFS allow $STAFF1 @basic $dtst
|
||||
log_must verify_perm $dtst $perms1 $STAFF1
|
||||
done
|
||||
|
||||
perms2="send,compression,userprop"
|
||||
for dtst in $DATASETS $fs1 $fs2; do
|
||||
log_must $ZFS allow -s @basic $perms2 $dtst
|
||||
log_must verify_perm $dtst ${perms1},${perms2} $STAFF1
|
||||
done
|
||||
|
||||
log_pass "Changing permissions in a set will change what is allowed passed."
|
||||
@@ -0,0 +1,103 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify the permissions set will be masked on its descendent
|
||||
# datasets by same name set.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Create $ROOT_TESTFS/childfs
|
||||
# 2. Set permission $perms1 to @set on $ROOT_TESTFS
|
||||
# 3. Reset permission $perms2 to @set on $ROOT_TESTFS/childfs
|
||||
# 4. Allow @set to $STAFF1 on $ROOT_TESTFS/childfs
|
||||
# 5. Verify $perms2 is delegated on $ROOT_TESTFS/childfs and its
|
||||
# descendent.
|
||||
# 6. Allow @set to $STAFF1 on $ROOT_TESTFS
|
||||
# 7. Verify $perms1 is not appended to $STAFF1 on $ROOT_TESTFS/childfs and
|
||||
# its descendent since it is masked
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify permission set can be masked on descendent dataset."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
typeset perms1="snapshot,reservation,compression"
|
||||
eval set -A dataset $DATASETS
|
||||
typeset perms2="checksum,send,userprop"
|
||||
|
||||
#
|
||||
# Define three level filesystems
|
||||
#
|
||||
childfs=$ROOT_TESTFS/childfs
|
||||
grandchild=$childfs/grandchild
|
||||
log_must $ZFS create $childfs
|
||||
log_must $ZFS create $grandchild
|
||||
|
||||
#
|
||||
# Setting different permissions to the same set on two level.
|
||||
# But only assign the user at one level.
|
||||
#
|
||||
log_must $ZFS allow -s @set $perms1 $ROOT_TESTFS
|
||||
log_must $ZFS allow -s @set $perms2 $childfs
|
||||
log_must $ZFS allow $STAFF1 @set $childfs
|
||||
|
||||
#
|
||||
# Verify only perms2 is valid to user on the level which he was assigned.
|
||||
#
|
||||
log_must verify_noperm $ROOT_TESTFS $perms1 $STAFF1
|
||||
for fs in $childfs $grandchild ; do
|
||||
log_must verify_noperm $fs $perms1 $STAFF1
|
||||
log_must verify_perm $fs $perms2 $STAFF1
|
||||
done
|
||||
|
||||
#
|
||||
# Delegate @set to STAFF1 on ROOT_TESTFS, verify $perms1 will not be appended
|
||||
# to its descendent datasets since it is masked
|
||||
#
|
||||
log_must $ZFS allow $STAFF1 @set $ROOT_TESTFS
|
||||
log_must verify_perm $ROOT_TESTFS $perms1 $STAFF1
|
||||
for fs in $childfs $grandchild ; do
|
||||
log_must verify_noperm $fs $perms1 $STAFF1
|
||||
log_must verify_perm $fs $perms2 $STAFF1
|
||||
done
|
||||
|
||||
# Remove the mask, $perms1 will be allowed to its descendent datasets
|
||||
log_must $ZFS unallow -s @set $childfs
|
||||
for fs in $childfs $grandchild ; do
|
||||
log_must verify_noperm $fs $perms2 $STAFF1
|
||||
log_must verify_perm $fs $perms1 $STAFF1
|
||||
done
|
||||
|
||||
log_pass "Verify permission set can be masked on descendent dataset pass."
|
||||
@@ -0,0 +1,78 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# non-root user can allow any permissions which he is holding to
|
||||
# other else user when it get 'allow' permission.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set two set permissions to two datasets locally.
|
||||
# 2. Verify the non-root user can allow permission if he has allow
|
||||
# permission.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify non-root user can allow permissions."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
perms1="snapshot,reservation"
|
||||
perms2="send,compression,checksum,userprop"
|
||||
childfs=$ROOT_TESTFS/childfs
|
||||
|
||||
log_must $ZFS create $childfs
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
# Delegate local permission to $STAFF1
|
||||
log_must $ZFS allow -l $STAFF1 $perms1 $dtst
|
||||
log_must $ZFS allow -l $STAFF1 allow $dtst
|
||||
|
||||
if [[ $dtst == $ROOT_TESTFS ]]; then
|
||||
log_must $ZFS allow -l $STAFF1 $perms2 $childfs
|
||||
# $perms1 is local permission in $ROOT_TESTFS
|
||||
log_mustnot user_run $STAFF1 $ZFS allow $OTHER1 $perms1 $childfs
|
||||
log_must verify_noperm $childfs $perms1 $OTHER1
|
||||
fi
|
||||
|
||||
# Verify 'allow' give non-privilege user delegated permission.
|
||||
log_must user_run $STAFF1 $ZFS allow -l $OTHER1 $perms1 $dtst
|
||||
log_must verify_perm $dtst $perms1 $OTHER1
|
||||
|
||||
# $perms2 was not allow to $STAFF1, so he have no permission to
|
||||
# delegate permission to other else.
|
||||
log_mustnot user_run $STAFF1 $ZFS allow $OTHER1 $perms2 $dtst
|
||||
log_must verify_noperm $dtst $perms2 $OTHER1
|
||||
done
|
||||
|
||||
log_pass "Verify non-root user can allow permissions passed."
|
||||
@@ -0,0 +1,64 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# zfs allow can deal with invalid arguments.(Invalid options or combination)
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Verify invalid argumets will cause error.
|
||||
# 2. Verify non-optional argument was missing will cause error.
|
||||
# 3. Verify invalid options cause error.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify invalid arguments are handled correctly."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
# Permission sets are limited to 64 characters in length.
|
||||
longset="set123456789012345678901234567890123456789012345678901234567890123"
|
||||
for dtst in $DATASETS ; do
|
||||
log_mustnot eval "$ZFS allow -s @$longset $dtst"
|
||||
# Create non-existent permission set
|
||||
typeset timestamp=$($DATE +'%F-%R:%S')
|
||||
log_mustnot $ZFS allow -s @non-existent $dtst
|
||||
log_mustnot $ZFS allow $STAFF "atime,created,mounted" $dtst
|
||||
log_mustnot $ZFS allow $dtst $TESTPOOL
|
||||
log_mustnot $ZFS allow -c $dtst
|
||||
log_mustnot $ZFS allow -u $STAFF1 $dtst
|
||||
log_mustnot $ZFS allow -u $STAFF1 -g $STAFF_GROUP "create,destroy" $dtst
|
||||
log_mustnot $ZFS allow -u $STAFF1 -e "mountpoint" $dtst
|
||||
done
|
||||
|
||||
log_pass "Invalid arguments are handled correctly."
|
||||
@@ -0,0 +1,113 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Scan the following permissions one by one to verify privileged user
|
||||
# has correct permission delegation in datasets.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Delegate all the permission one by one to user on dataset.
|
||||
# 2. Verify privileged user has correct permission without any other
|
||||
# permissions allowed.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify privileged user has correct permissions once which was "\
|
||||
"delegated to him in datasets"
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
#
|
||||
# Results in Results in
|
||||
# Permission Filesystem Volume
|
||||
#
|
||||
set -A perms create true false \
|
||||
snapshot true true \
|
||||
mount true false \
|
||||
send true true \
|
||||
allow true true \
|
||||
quota true false \
|
||||
reservation true true \
|
||||
recordsize true false \
|
||||
mountpoint true false \
|
||||
checksum true true \
|
||||
compression true true \
|
||||
canmount true false \
|
||||
atime true false \
|
||||
devices true false \
|
||||
exec true false \
|
||||
volsize false true \
|
||||
setuid true false \
|
||||
readonly true true \
|
||||
snapdir true false \
|
||||
userprop true true \
|
||||
aclmode true false \
|
||||
aclinherit true false \
|
||||
rollback true true \
|
||||
clone true true \
|
||||
rename true true \
|
||||
promote true true \
|
||||
zoned true false \
|
||||
xattr true false \
|
||||
receive true false \
|
||||
destroy true true
|
||||
if is_global_zone; then
|
||||
typeset -i n=${#perms[@]}
|
||||
perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
|
||||
perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
|
||||
fi
|
||||
|
||||
for dtst in $DATASETS; do
|
||||
typeset -i k=1
|
||||
typeset type=$(get_prop type $dtst)
|
||||
[[ $type == "volume" ]] && k=2
|
||||
|
||||
typeset -i i=0
|
||||
while (( i < ${#perms[@]} )); do
|
||||
log_must $ZFS allow $STAFF1 ${perms[$i]} $dtst
|
||||
|
||||
if [[ ${perms[((i+k))]} == "true" ]]; then
|
||||
log_must verify_perm $dtst ${perms[$i]} $STAFF1
|
||||
else
|
||||
log_must verify_noperm $dtst ${perms[$i]} $STAFF1
|
||||
fi
|
||||
|
||||
log_must restore_root_datasets
|
||||
|
||||
((i += 3))
|
||||
done
|
||||
done
|
||||
|
||||
log_pass "Verify privileged user has correct permissions " \
|
||||
"in datasets passed."
|
||||
@@ -0,0 +1,68 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify zpool subcmds and system readonly properties can't be delegated.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Loop all the zpool subcmds and readonly properties, except permission
|
||||
# 'create' & 'destroy'.
|
||||
# 2. Verify those subcmd or properties can't be delegated.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify zpool subcmds and system readonly properties can't be " \
|
||||
"delegated."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
set -A invalid_perms \
|
||||
add remove list iostat \
|
||||
status offline online clear \
|
||||
attach detach replace scrub \
|
||||
export import upgrade \
|
||||
type creation used available \
|
||||
referenced compressratio mounted
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
typeset -i i=0
|
||||
|
||||
while ((i < ${#invalid_perms[@]})); do
|
||||
log_mustnot $ZFS allow $STAFF1 ${invalid_perms[$i]} $dtst
|
||||
|
||||
((i += 1))
|
||||
done
|
||||
done
|
||||
|
||||
log_pass "Verify zpool subcmds and system readonly properties passed."
|
||||
@@ -0,0 +1,79 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Scan all permissions one by one to verify privileged user
|
||||
# can not use permissions properly when delegation property is set off
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Delegate all the permission one by one to user on dataset.
|
||||
# 2. Verify privileged user can not use permissions properly when
|
||||
# delegation property is off
|
||||
#
|
||||
|
||||
verify_runnable "global"
|
||||
|
||||
function cleanup
|
||||
{
|
||||
log_must $ZPOOL set delegation=on $TESTPOOL
|
||||
log_must restore_root_datasets
|
||||
}
|
||||
|
||||
log_assert "Verify privileged user can not use permissions properly when " \
|
||||
"delegation property is set off"
|
||||
log_onexit cleanup
|
||||
|
||||
|
||||
set -A perms create snapshot mount send allow quota reservation \
|
||||
recordsize mountpoint checksum compression canmount atime \
|
||||
devices exec volsize setuid readonly snapdir userprop \
|
||||
aclmode aclinherit rollback clone rename promote \
|
||||
zoned xattr receive destroy sharenfs share
|
||||
|
||||
log_must $ZPOOL set delegation=off $TESTPOOL
|
||||
|
||||
for dtst in $DATASETS; do
|
||||
typeset -i i=0
|
||||
while (( i < ${#perms[@]} )); do
|
||||
|
||||
log_must $ZFS allow $STAFF1 ${perms[$i]} $dtst
|
||||
log_must verify_noperm $dtst ${perms[$i]} $STAFF1
|
||||
|
||||
log_must restore_root_datasets
|
||||
((i += 1))
|
||||
done
|
||||
done
|
||||
|
||||
log_pass "Verify privileged user can not use permissions properly when " \
|
||||
"delegation property is set off"
|
||||
@@ -0,0 +1,65 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify '-l' only removed the local permissions.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set up unallow test model.
|
||||
# 2. Implement unallow -l to $ROOT_TESTFS or $TESTVOL
|
||||
# 3. Verify '-l' only remove the local permissions.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify '-l' only removed the local permissions."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
log_must setup_unallow_testenv
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS unallow -l $STAFF1 $dtst
|
||||
log_must verify_noperm $dtst $LOCAL_SET $STAFF1
|
||||
|
||||
log_must $ZFS unallow -l $OTHER1 $dtst
|
||||
log_must verify_noperm $dtst $LOCAL_DESC_SET $OTHER1
|
||||
|
||||
log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER2
|
||||
if [[ $dtst == $ROOT_TESTFS ]]; then
|
||||
log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER1 $OTHER2
|
||||
log_must verify_perm $SUBFS $DESC_SET $STAFF2
|
||||
fi
|
||||
done
|
||||
|
||||
log_pass "Verify '-l' only removed the local permissions passed."
|
||||
@@ -0,0 +1,61 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify '-d' only remove the permissions on descendent filesystem.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set up unallow test model.
|
||||
# 2. Implement unallow -d to $ROOT_TESTFS
|
||||
# 3. Verify '-d' only remove the permissions on descendent filesystem.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify '-d' only removed the descendent permissions."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
log_must setup_unallow_testenv
|
||||
|
||||
log_must $ZFS unallow -d $STAFF2 $ROOT_TESTFS
|
||||
log_must verify_noperm $SUBFS $DESC_SET $STAFF2
|
||||
|
||||
log_must $ZFS unallow -d $OTHER1 $ROOT_TESTFS
|
||||
log_must verify_noperm $SUBFS $LOCAL_DESC_SET $OTHER1
|
||||
log_must verify_perm $ROOT_TESTFS $LOCAL_DESC_SET $OTHER1
|
||||
|
||||
log_must verify_perm $ROOT_TESTFS $LOCAL_DESC_SET $OTHER2
|
||||
log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER2
|
||||
|
||||
log_pass "Verify '-d' only removed the descendent permissions passed"
|
||||
@@ -0,0 +1,71 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify options '-r' or '-l' + '-d' will unallow permission to this
|
||||
# dataset and the descendent datasets.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set up unallow test model.
|
||||
# 2. Implement unallow -l -d to $ROOT_TESTFS or $ROOT_TESTVOL without
|
||||
# options.
|
||||
# 3. Verify '-l' + '-d' will unallow local + descendent permission.
|
||||
# 4. Verify '-r' will unallow local + descendent permission.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify options '-r' and '-l'+'-d' will unallow permission to " \
|
||||
"this dataset and the descendent datasets."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
log_must setup_unallow_testenv
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS unallow $STAFF1 $dtst
|
||||
log_must $ZFS unallow -l -d $STAFF2 $dtst
|
||||
log_must verify_noperm $dtst $LOCAL_SET $STAFF1
|
||||
if [[ $dtst == $ROOT_TESTFS ]]; then
|
||||
log_must verify_noperm $SUBFS $DESC_SET $STAFF2
|
||||
fi
|
||||
|
||||
log_must $ZFS unallow -l -d $OTHER1 $dtst
|
||||
log_must $ZFS unallow -r $OTHER2 $dtst
|
||||
log_must verify_noperm $dtst $LOCAL_DESC_SET $OTHER1 $OTHER2
|
||||
if [[ $dtst == $ROOT_TESTFS ]]; then
|
||||
log_must verify_noperm $SUBFS $LOCAL_DESC_SET $OTHER1 $OTHER2
|
||||
fi
|
||||
done
|
||||
|
||||
log_pass "Verify options '-r' and '-l'+'-d' function passed."
|
||||
@@ -0,0 +1,59 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify '-s' will remove permissions from the named set.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set @basic set to $ROOT_TESTFS or $ROOT_TESTVOL and allow @basic
|
||||
# to $STAFF1
|
||||
# 2. Verify $STAFF1 have @basic permissions.
|
||||
# 3. Verify '-s' will remove permission from the named set.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify '-s' will remove permissions from the named set."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -s @basic $LOCAL_DESC_SET $dtst
|
||||
log_must $ZFS allow -u $STAFF1 @basic $dtst
|
||||
|
||||
log_must verify_perm $dtst $LOCAL_DESC_SET $STAFF1
|
||||
log_must $ZFS unallow -s @basic $LOCAL_DESC_SET $dtst
|
||||
log_must verify_noperm $dtst $LOCAL_DESC_SET $STAFF1
|
||||
done
|
||||
|
||||
log_pass "Verify '-s' will remove permissions from the named set passed."
|
||||
@@ -0,0 +1,73 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify option '-c' will remove the created permission set.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set created time set to $ROOT_TESTFS.
|
||||
# 2. Allow permission create to $STAFF1 on $ROOT_TESTFS.
|
||||
# 3. Create $SUBFS and verify $STAFF1 have created time permissions.
|
||||
# 4. Verify $STAFF1 has created time permission.
|
||||
# 5. Unallow created time permission with option '-c'.
|
||||
# 6. Created $SUBFS and verify $STAFF1 have not created time permissions.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify option '-c' will remove the created permission set."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
log_must $ZFS allow -c $LOCAL_SET $ROOT_TESTFS
|
||||
log_must $ZFS allow -l $STAFF1 create,mount $ROOT_TESTFS
|
||||
|
||||
# Create $SUBFS and verify $SUBFS has created time permissions.
|
||||
user_run $STAFF1 $ZFS create $SUBFS
|
||||
if ! datasetexists $SUBFS ; then
|
||||
log_fail "ERROR: ($STAFF1): $ZFS create $SUBFS"
|
||||
fi
|
||||
log_must verify_perm $SUBFS $LOCAL_SET $STAFF1
|
||||
|
||||
#
|
||||
# After unallow -c, create $SUBFS2 and verify $SUBFS2 has not created time
|
||||
# permissions any more.
|
||||
#
|
||||
log_must $ZFS unallow -c $LOCAL_SET $ROOT_TESTFS
|
||||
user_run $STAFF1 $ZFS create $SUBFS2
|
||||
if ! datasetexists $SUBFS2 ; then
|
||||
log_fail "ERROR: ($STAFF1): $ZFS create $SUBFS2"
|
||||
fi
|
||||
log_must verify_noperm $SUBFS2 $LOCAL_SET $STAFF1
|
||||
|
||||
log_pass "Verify option '-c' will remove the created permission set passed."
|
||||
@@ -0,0 +1,71 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# Verify option '-u', '-g' and '-e' only removed the specified type
|
||||
# permissions set.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Allow '-u' '-g' & '-e' to $STAFF1 on ROOT_TESTFS or $ROOT_TESTVOL.
|
||||
# 2. Unallow '-u' '-g' & '-e' on $ROOT_TESTFS or $ROOT_TESTVOL separately.
|
||||
# 3. Verify permissions on $ROOT_TESTFS or $ROOT_TESTVOL separately.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "Verify option '-u', '-g' and '-e' only removed the specified type "\
|
||||
"permissions set."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -u $STAFF1 $LOCAL_DESC_SET $dtst
|
||||
log_must $ZFS allow -g $STAFF_GROUP $LOCAL_DESC_SET $dtst
|
||||
log_must $ZFS allow -e $LOCAL_DESC_SET $dtst
|
||||
|
||||
log_must verify_perm $dtst $LOCAL_DESC_SET \
|
||||
$STAFF1 $STAFF2 $OTHER1 $OTHER2
|
||||
|
||||
log_must $ZFS unallow -e $dtst
|
||||
log_must verify_perm $dtst $LOCAL_DESC_SET $STAFF1 $STAFF2
|
||||
log_must verify_noperm $dtst $LOCAL_DESC_SET $OTHER1 $OTHER2
|
||||
|
||||
log_must $ZFS unallow -g $STAFF_GROUP $dtst
|
||||
log_must verify_perm $dtst $LOCAL_DESC_SET $STAFF1
|
||||
log_must verify_noperm $dtst $LOCAL_DESC_SET $STAFF2
|
||||
|
||||
log_must $ZFS unallow -u $STAFF1 $dtst
|
||||
log_must verify_noperm $dtst $LOCAL_DESC_SET $STAFF1
|
||||
done
|
||||
|
||||
log_pass "Verify option '-u', '-g' and '-e' passed."
|
||||
@@ -0,0 +1,64 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# zfs unallow will not remove those permissions which inherited from
|
||||
# its parent filesystem.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Assign perm1 to $ROOT_TESTFS
|
||||
# 2. Create $SUBFS and assign perm2 to it.
|
||||
# 3. Verify unallow can not affect perm1 on $SUBFS
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "zfs unallow won't remove those permissions which inherited from " \
|
||||
"its parent dataset."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
perm1="atime,devices"; perm2="compression,checksum"
|
||||
log_must $ZFS create $SUBFS
|
||||
log_must $ZFS allow $STAFF1 $perm1 $ROOT_TESTFS
|
||||
log_must $ZFS allow $STAFF1 $perm2 $SUBFS
|
||||
|
||||
log_must verify_perm $SUBFS ${perm1},${perm2} $STAFF1
|
||||
#
|
||||
# Athrough unallow the permissions which don't exists on the specific dataset
|
||||
# return 0, the inherited permissions can't be removed in fact.
|
||||
#
|
||||
log_must $ZFS unallow -u $STAFF1 $perm1 $SUBFS
|
||||
log_must verify_perm $SUBFS ${perm1},${perm2} $STAFF1
|
||||
|
||||
log_pass "Verify zfs unallow won't remove inherited permissions passed."
|
||||
@@ -0,0 +1,75 @@
|
||||
#!/bin/ksh -p
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
|
||||
# Use is subject to license terms.
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# zfs unallow can handle invalid arguments.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set up basic test environment.
|
||||
# 2. Verify zfs unallow handle invalid arguments correctly.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
|
||||
log_assert "zfs unallow can handle invalid arguments."
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
function neg_test
|
||||
{
|
||||
log_mustnot eval "$@ >/dev/null 2>&1"
|
||||
}
|
||||
|
||||
# Options that cause this test to fail:
|
||||
# "-r"
|
||||
set -A badopts "everyone -e" "everyone -u $STAFF1" "everyone everyone" \
|
||||
"-c -l" "-c -d" "-c -e" "-c -s" "-u -e" "-s -e" "-s -l -d" \
|
||||
"-s @non-exist-set -l" "-s @non-existen-set -d" \
|
||||
"-s @non-existen-set -e" "-r -u $STAFF1 $STAFF1" \
|
||||
"-u $STAFF1 -g $STAFF_GROUP" "-u $STAFF1 -e"
|
||||
|
||||
log_must setup_unallow_testenv
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -c create $dtst
|
||||
|
||||
typeset -i i=0
|
||||
while ((i < ${#badopts[@]})); do
|
||||
neg_test $ZFS unallow ${badopts[$i]} $dtst
|
||||
((i += 1))
|
||||
done
|
||||
|
||||
# Causes test failure: neg_test user_run $STAFF1 $ZFS unallow $dtst
|
||||
done
|
||||
|
||||
log_pass "zfs unallow can handle invalid arguments passed."
|
||||
Reference in New Issue
Block a user