OpenZFS 7290 - ZFS test suite needs to control what utilities it can run

Authored by: John Wren Kennedy <john.kennedy@delphix.com> Reviewed by: Dan Kimmel <dan.kimmel@delphix.com> Reviewed by: Matthew Ahrens <mahrens@delphix.com> Reviewed by: Dan McDonald <danmcd@omniti.com> Approved by: Gordon Ross <gordon.w.ross@gmail.com> Ported-by: Brian Behlendorf <behlendorf1@llnl.gov> Ported-by: George Melikov <mail@gmelikov.ru> Porting Notes: - Utilities which aren't available under Linux have been removed. - Because of sudo's default secure path behavior PATH must be explicitly reset at the top of libtest.shlib. This avoids the need for all users to customize secure path on their system. - Updated ZoL infrastructure to manage constrained path - Updated all test cases - Check permissions for usergroup tests - When testing in-tree create links under bin/ - Update fault cleanup such that missing files during cleanup aren't fatal. - Configure su environment with constrained path OpenZFS-issue: https://www.illumos.org/issues/7290 OpenZFS-commit: https://github.com/openzfs/openzfs/commit/1d32ba6 Closes #5903
2026-05-25 03:37:45 +03:00 · 2017-04-05 20:18:22 -04:00
parent 7a4500a101
commit c1d9abf905
797 changed files with 8038 additions and 7458 deletions
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/include/libtest.shlib
@@ -37,8 +37,8 @@ cleanup_user_group
 if ! is_linux; then
 	# restore the state of svc:/network/nis/client:default
 	if [[ -e $NISSTAFILE ]]; then
-		log_must $SVCADM enable svc:/network/nis/client:default
-		log_must $RM -f $NISSTAFILE
+		log_must svcadm enable svc:/network/nis/client:default
+		log_must rm -f $NISSTAFILE
 	fi
 fi

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/include/libtest.shlib
@@ -36,10 +36,10 @@ if ! is_linux; then
 	# check svc:/network/nis/client:default state
 	# disable it if the state is ON
 	# and the state will be restored during cleanup.ksh
-	log_must $RM -f $NISSTAFILE
-	if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
-		log_must $SVCADM disable -t svc:/network/nis/client:default
-		log_must $TOUCH $NISSTAFILE
+	log_must rm -f $NISSTAFILE
+	if [[ "ON" == $(svcs -H -o sta svc:/network/nis/client:default) ]]; then
+		log_must svcadm disable -t svc:/network/nis/client:default
+		log_must touch $NISSTAFILE
 	fi
 fi

@@ -57,6 +57,6 @@ log_must add_user $OTHER_GROUP $OTHER2

 DISK=${DISKS%% *}
 default_volume_setup $DISK
-log_must $CHMOD 777 $TESTDIR
+log_must chmod 777 $TESTDIR

 log_pass
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -65,12 +65,12 @@ eval set -A dataset $DATASETS
 typeset perms="snapshot,reservation,compression,checksum,send,userprop"

 log_note "Create a user called 'everyone'."
-if ! $ID everyone > /dev/null 2>&1; then
+if ! id everyone > /dev/null 2>&1; then
 	user_added="TRUE"
 	log_must add_user $STAFF_GROUP everyone
 fi
 for dtst in $DATASETS ; do
-	log_must $ZFS allow everyone $perms $dtst
+	log_must zfs allow everyone $perms $dtst
 	log_must verify_perm $dtst $perms $EVERYONE "everyone"
 done
 log_must restore_root_datasets
@@ -79,20 +79,20 @@ if [[ $user_added == "TRUE" ]]; then
 fi

 log_note "Created a group called 'everyone'."
-if ! $CAT /etc/group | $AWK -F: '{print $1}' | \
-	$GREP -w 'everyone' > /dev/null 2>&1
+if ! cat /etc/group | awk -F: '{print $1}' | \
+	grep -w 'everyone' > /dev/null 2>&1
 then
 	group_added="TRUE"
-	log_must $GROUPADD everyone
+	log_must groupadd everyone
 fi

 for dtst in $DATASETS ; do
-	log_must $ZFS allow everyone $perms $dtst
+	log_must zfs allow everyone $perms $dtst
 	log_must verify_perm $dtst $perms $EVERYONE
 done
 log_must restore_root_datasets
 if [[ $group_added == "TRUE" ]]; then
-	log_must $GROUPDEL everyone
+	log_must groupdel everyone
 fi

 log_pass "everyone is always interpreted as keyword passed."
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -48,7 +48,7 @@ verify_runnable "both"

 function cleanup
 {
-	if $ID $STAFF_GROUP > /dev/null 2>&1; then
+	if id $STAFF_GROUP > /dev/null 2>&1; then
 		log_must del_user $STAFF_GROUP
 	fi

@@ -63,7 +63,7 @@ typeset perms="snapshot,reservation,compression,checksum,send,userprop"

 log_must add_user $STAFF_GROUP $STAFF_GROUP
 for dtst in $DATASETS ; do
-	log_must $ZFS allow $STAFF_GROUP $perms $dtst
+	log_must zfs allow $STAFF_GROUP $perms $dtst
 	log_must verify_perm $dtst $perms $STAFF_GROUP
 	log_must verify_noperm $dtst $perms $STAFF1 $STAFF2
 done
@@ -72,7 +72,7 @@ log_must restore_root_datasets

 log_must del_user $STAFF_GROUP
 for dtst in $datasets ; do
-	log_must $ZFS allow $STAFF_GROUP $perms $dtst
+	log_must zfs allow $STAFF_GROUP $perms $dtst
 	log_must verify_perm $dtst $perms $STAFF1 $STAFF2
 done

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -53,10 +53,10 @@ childfs=$ROOT_TESTFS/childfs
 eval set -A dataset $DATASETS
 typeset perms="snapshot,reservation,compression,checksum,userprop"

-log_must $ZFS create $childfs
+log_must zfs create $childfs

 for dtst in $DATASETS ; do
-	log_must $ZFS allow -l $STAFF1 $perms $dtst
+	log_must zfs allow -l $STAFF1 $perms $dtst
 	log_must verify_perm $dtst $perms $STAFF1
 	if [[ $dtst == $ROOT_TESTFS ]] ; then
 		log_must verify_noperm $childfs $perms \
@@ -66,9 +66,9 @@ done

 log_must restore_root_datasets

-log_must $ZFS create $childfs
+log_must zfs create $childfs
 for dtst in $DATASETS ; do
-	log_must $ZFS allow -l -g $STAFF_GROUP $perms $dtst
+	log_must zfs allow -l -g $STAFF_GROUP $perms $dtst
 	log_must verify_perm $dtst $perms $STAFF1 $STAFF2
 	if [[ $dtst == $ROOT_TESTFS ]] ; then
 		log_must verify_noperm $childfs $perms \
@@ -78,9 +78,9 @@ done

 log_must restore_root_datasets

-log_must $ZFS create $childfs
+log_must zfs create $childfs
 for dtst in $DATASETS ; do
-	log_must $ZFS allow -l -e $perms $dtst
+	log_must zfs allow -l -e $perms $dtst
 	log_must verify_perm $dtst $perms $STAFF1 $STAFF2 $OTHER1 $OTHER2
 	if [[ $dtst == $ROOT_TESTFS ]] ; then
 		log_must verify_noperm $childfs $perms \
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -58,9 +58,9 @@ eval set -A dataset $DATASETS
 typeset perms="snapshot,reservation,compression,checksum,userprop"

 # Verify option '-d' only affect sub-datasets
-log_must $ZFS create $childfs
+log_must zfs create $childfs
 for dtst in $DATASETS ; do
-	log_must $ZFS allow -d $STAFF1 $perms $dtst
+	log_must zfs allow -d $STAFF1 $perms $dtst
 	log_must verify_noperm $dtst $perms $STAFF1
 	if [[ $dtst == $ROOT_TESTFS ]]; then
 		log_must verify_perm $childfs $perms $STAFF1
@@ -70,9 +70,9 @@ done
 log_must restore_root_datasets

 # Verify option '-d + -g' affect group in sub-datasets.
-log_must $ZFS create $childfs
+log_must zfs create $childfs
 for dtst in $DATASETS ; do
-	log_must $ZFS allow -d -g $STAFF_GROUP $perms $dtst
+	log_must zfs allow -d -g $STAFF_GROUP $perms $dtst
 	log_must verify_noperm $dtst $perms $STAFF2
 	if [[ $dtst == $ROOT_TESTFS ]]; then
 		log_must verify_perm $childfs $perms $STAFF2
@@ -82,9 +82,9 @@ done
 log_must restore_root_datasets

 # Verify option '-d + -e' affect everyone in sub-datasets.
-log_must $ZFS create $childfs
+log_must zfs create $childfs
 for dtst in $DATASETS ; do
-	log_must $ZFS allow -d -e $perms $dtst
+	log_must zfs allow -d -e $perms $dtst
 	log_must verify_noperm $dtst $perms $OTHER1 $OTHER2
 	if [[ $dtst == $ROOT_TESTFS ]]; then
 		log_must verify_perm $childfs $perms $OTHER1 $OTHER2
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -52,16 +52,16 @@ log_onexit restore_root_datasets
 eval set -A dataset $DATASETS
 typeset perms="snapshot,reservation,compression,checksum,userprop"

-log_must $ZFS allow -l everyone create,mount $ROOT_TESTFS
-log_must $ZFS allow -c $perms $ROOT_TESTFS
+log_must zfs allow -l everyone create,mount $ROOT_TESTFS
+log_must zfs allow -c $perms $ROOT_TESTFS

 mntpnt=$(get_prop mountpoint $ROOT_TESTFS)
-log_must $CHMOD 777 $mntpnt
+log_must chmod 777 $mntpnt

 for user in $EVERYONE; do
 	childfs=$ROOT_TESTFS/$user

-	user_run $user $ZFS create $childfs
+	user_run $user zfs create $childfs

 	for other in $EVERYONE; do
 		#
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -51,21 +51,21 @@ log_assert "Changing permissions in a set will change what is allowed " \
 log_onexit restore_root_datasets

 fs1=$ROOT_TESTFS/fs1; fs2=$ROOT_TESTFS/fs2
-log_must $ZFS create $fs1
-log_must $ZFS create $fs2
+log_must zfs create $fs1
+log_must zfs create $fs2

 eval set -A dataset $DATASETS
 perms1="snapshot,checksum,reservation"

 for dtst in $DATASETS $fs1 $fs2; do
-	log_must $ZFS allow -s @basic $perms1 $dtst
-	log_must $ZFS allow $STAFF1 @basic $dtst
+	log_must zfs allow -s @basic $perms1 $dtst
+	log_must zfs allow $STAFF1 @basic $dtst
 	log_must verify_perm $dtst $perms1 $STAFF1
 done

 perms2="send,compression,userprop"
 for dtst in $DATASETS $fs1 $fs2; do
-	log_must $ZFS allow -s @basic $perms2 $dtst
+	log_must zfs allow -s @basic $perms2 $dtst
 	log_must verify_perm $dtst ${perms1},${perms2} $STAFF1
 done

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -62,16 +62,16 @@ typeset perms2="checksum,send,userprop"
 #
 childfs=$ROOT_TESTFS/childfs
 grandchild=$childfs/grandchild
-log_must $ZFS create $childfs
-log_must $ZFS create $grandchild
+log_must zfs create $childfs
+log_must zfs create $grandchild

 #
 # Setting different permissions to the same set on two level.
 # But only assign the user at one level.
 #
-log_must $ZFS allow -s @set $perms1 $ROOT_TESTFS
-log_must $ZFS allow -s @set $perms2 $childfs
-log_must $ZFS allow $STAFF1 @set $childfs
+log_must zfs allow -s @set $perms1 $ROOT_TESTFS
+log_must zfs allow -s @set $perms2 $childfs
+log_must zfs allow $STAFF1 @set $childfs

 #
 # Verify only perms2 is valid to user on the level which he was assigned.
@@ -86,7 +86,7 @@ done
 # Delegate @set to STAFF1 on ROOT_TESTFS, verify $perms1 will not be appended
 # to its descendent datasets since it is masked
 #
-log_must $ZFS allow $STAFF1 @set $ROOT_TESTFS
+log_must zfs allow $STAFF1 @set $ROOT_TESTFS
 log_must verify_perm $ROOT_TESTFS $perms1 $STAFF1
 for fs in $childfs $grandchild ; do
 	log_must verify_noperm $fs $perms1 $STAFF1
@@ -94,7 +94,7 @@ for fs in $childfs $grandchild ; do
 done

 # Remove the mask, $perms1 will be allowed to its descendent datasets
-log_must $ZFS unallow -s @set $childfs
+log_must zfs unallow -s @set $childfs
 for fs in $childfs $grandchild ; do
 	log_must verify_noperm $fs $perms2 $STAFF1
 	log_must verify_perm $fs $perms1 $STAFF1
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -51,27 +51,27 @@ perms1="snapshot,reservation"
 perms2="send,compression,checksum,userprop"
 childfs=$ROOT_TESTFS/childfs

-log_must $ZFS create $childfs
+log_must zfs create $childfs

 for dtst in $DATASETS ; do
 	# Delegate local permission to $STAFF1
-	log_must $ZFS allow -l $STAFF1 $perms1 $dtst
-	log_must $ZFS allow -l $STAFF1 allow $dtst
+	log_must zfs allow -l $STAFF1 $perms1 $dtst
+	log_must zfs allow -l $STAFF1 allow $dtst

 	if [[ $dtst == $ROOT_TESTFS ]]; then
-		log_must $ZFS allow -l $STAFF1 $perms2 $childfs
+		log_must zfs allow -l $STAFF1 $perms2 $childfs
 		# $perms1 is local permission in $ROOT_TESTFS
-		log_mustnot user_run $STAFF1 $ZFS allow $OTHER1 $perms1 $childfs
+		log_mustnot user_run $STAFF1 zfs allow $OTHER1 $perms1 $childfs
 		log_must verify_noperm $childfs $perms1 $OTHER1
 	fi

 	# Verify 'allow' give non-privilege user delegated permission.
-	log_must user_run $STAFF1 $ZFS allow -l $OTHER1 $perms1 $dtst
+	log_must user_run $STAFF1 zfs allow -l $OTHER1 $perms1 $dtst
 	log_must verify_perm $dtst $perms1 $OTHER1

 	# $perms2 was not allow to $STAFF1, so he have no permission to
 	# delegate permission to other else.
-	log_mustnot user_run $STAFF1 $ZFS allow $OTHER1 $perms2 $dtst
+	log_mustnot user_run $STAFF1 zfs allow $OTHER1 $perms2 $dtst
 	log_must verify_noperm $dtst $perms2 $OTHER1
 done

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -49,16 +49,16 @@ log_onexit restore_root_datasets
 # Permission sets are limited to 64 characters in length.
 longset="set123456789012345678901234567890123456789012345678901234567890123"
 for dtst in $DATASETS ; do
-	log_mustnot eval "$ZFS allow -s @$longset $dtst"
+	log_mustnot eval "zfs allow -s @$longset $dtst"
 	# Create non-existent permission set
-	typeset timestamp=$($DATE +'%F-%R:%S')
-	log_mustnot $ZFS allow -s @non-existent $dtst
-	log_mustnot $ZFS allow $STAFF "atime,created,mounted" $dtst
-	log_mustnot $ZFS allow $dtst $TESTPOOL
-	log_mustnot $ZFS allow -c $dtst
-	log_mustnot $ZFS allow -u $STAFF1 $dtst
-	log_mustnot $ZFS allow -u $STAFF1 -g $STAFF_GROUP "create,destroy" $dtst
-	log_mustnot $ZFS allow -u $STAFF1 -e "mountpoint" $dtst
+	typeset timestamp=$(date +'%F-%R:%S')
+	log_mustnot zfs allow -s @non-existent $dtst
+	log_mustnot zfs allow $STAFF "atime,created,mounted" $dtst
+	log_mustnot zfs allow $dtst $TESTPOOL
+	log_mustnot zfs allow -c $dtst
+	log_mustnot zfs allow -u $STAFF1 $dtst
+	log_mustnot zfs allow -u $STAFF1 -g $STAFF_GROUP "create,destroy" $dtst
+	log_mustnot zfs allow -u $STAFF1 -e "mountpoint" $dtst
 done

 log_pass "Invalid arguments are handled correctly."
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -135,7 +135,7 @@ for dtst in $DATASETS; do

 	typeset -i i=0
 	while (( i < ${#perms[@]} )); do
-		log_must $ZFS allow $STAFF1 ${perms[$i]} $dtst
+		log_must zfs allow $STAFF1 ${perms[$i]} $dtst

 		if [[ ${perms[((i+k))]} == "true" ]]; then
 			log_must verify_perm $dtst ${perms[$i]} $STAFF1
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -59,7 +59,7 @@ for dtst in $DATASETS ; do
 	typeset -i i=0

 	while ((i < ${#invalid_perms[@]})); do
-		log_mustnot $ZFS allow $STAFF1 ${invalid_perms[$i]} $dtst
+		log_mustnot zfs allow $STAFF1 ${invalid_perms[$i]} $dtst

 		((i += 1))
 	done
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -46,7 +46,7 @@ verify_runnable "global"

 function cleanup
 {
-	log_must $ZPOOL set delegation=on $TESTPOOL
+	log_must zpool set delegation=on $TESTPOOL
 	log_must restore_root_datasets
 }

@@ -69,13 +69,13 @@ set -A perms	create snapshot mount send allow quota reservation \
 		zoned xattr receive destroy sharenfs share
 fi

-log_must $ZPOOL set delegation=off $TESTPOOL
+log_must zpool set delegation=off $TESTPOOL

 for dtst in $DATASETS; do
 	typeset -i i=0
 	while (( i < ${#perms[@]} )); do

-		log_must $ZFS allow $STAFF1 ${perms[$i]} $dtst
+		log_must zfs allow $STAFF1 ${perms[$i]} $dtst
 		log_must verify_noperm $dtst ${perms[$i]} $STAFF1

 		log_must restore_root_datasets
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -49,10 +49,10 @@ log_onexit restore_root_datasets
 log_must setup_unallow_testenv

 for dtst in $DATASETS ; do
-	log_must $ZFS unallow -l $STAFF1 $dtst
+	log_must zfs unallow -l $STAFF1 $dtst
 	log_must verify_noperm $dtst $LOCAL_SET $STAFF1

-	log_must $ZFS unallow -l $OTHER1 $dtst
+	log_must zfs unallow -l $OTHER1 $dtst
 	log_must verify_noperm $dtst $LOCAL_DESC_SET $OTHER1

 	log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER2
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -48,10 +48,10 @@ log_onexit restore_root_datasets

 log_must setup_unallow_testenv

-log_must $ZFS unallow -d $STAFF2 $ROOT_TESTFS
+log_must zfs unallow -d $STAFF2 $ROOT_TESTFS
 log_must verify_noperm $SUBFS $DESC_SET $STAFF2

-log_must $ZFS unallow -d $OTHER1 $ROOT_TESTFS
+log_must zfs unallow -d $OTHER1 $ROOT_TESTFS
 log_must verify_noperm $SUBFS $LOCAL_DESC_SET $OTHER1
 log_must verify_perm $ROOT_TESTFS $LOCAL_DESC_SET $OTHER1

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -53,15 +53,15 @@ log_onexit restore_root_datasets
 log_must setup_unallow_testenv

 for dtst in $DATASETS ; do
-	log_must $ZFS unallow $STAFF1 $dtst
-	log_must $ZFS unallow -l -d $STAFF2 $dtst
+	log_must zfs unallow $STAFF1 $dtst
+	log_must zfs unallow -l -d $STAFF2 $dtst
 	log_must verify_noperm $dtst $LOCAL_SET $STAFF1
 	if [[ $dtst == $ROOT_TESTFS ]]; then
 		log_must verify_noperm $SUBFS $DESC_SET $STAFF2
 	fi

-	log_must $ZFS unallow -l -d $OTHER1 $dtst
-	log_must $ZFS unallow -r $OTHER2 $dtst
+	log_must zfs unallow -l -d $OTHER1 $dtst
+	log_must zfs unallow -r $OTHER2 $dtst
 	log_must verify_noperm $dtst $LOCAL_DESC_SET $OTHER1 $OTHER2
 	if [[ $dtst == $ROOT_TESTFS ]]; then
 		log_must verify_noperm $SUBFS $LOCAL_DESC_SET $OTHER1 $OTHER2
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -48,11 +48,11 @@ log_assert "Verify '-s' will remove permissions from the named set."
 log_onexit restore_root_datasets

 for dtst in $DATASETS ; do
-	log_must $ZFS allow -s @basic $LOCAL_DESC_SET $dtst
-	log_must $ZFS allow -u $STAFF1 @basic $dtst
+	log_must zfs allow -s @basic $LOCAL_DESC_SET $dtst
+	log_must zfs allow -u $STAFF1 @basic $dtst

 	log_must verify_perm $dtst $LOCAL_DESC_SET $STAFF1
-	log_must $ZFS unallow -s @basic $LOCAL_DESC_SET $dtst
+	log_must zfs unallow -s @basic $LOCAL_DESC_SET $dtst
 	log_must verify_noperm $dtst $LOCAL_DESC_SET $STAFF1
 done

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -49,13 +49,13 @@ verify_runnable "both"
 log_assert "Verify option '-c' will remove the created permission set."
 log_onexit restore_root_datasets

-log_must $ZFS allow -c $LOCAL_SET $ROOT_TESTFS
-log_must $ZFS allow -l $STAFF1 create,mount $ROOT_TESTFS
+log_must zfs allow -c $LOCAL_SET $ROOT_TESTFS
+log_must zfs allow -l $STAFF1 create,mount $ROOT_TESTFS

 # Create $SUBFS and verify $SUBFS has created time permissions.
-user_run $STAFF1 $ZFS create $SUBFS
+user_run $STAFF1 zfs create $SUBFS
 if ! datasetexists $SUBFS ; then
-	log_fail "ERROR: ($STAFF1): $ZFS create $SUBFS"
+	log_fail "ERROR: ($STAFF1): zfs create $SUBFS"
 fi
 log_must verify_perm $SUBFS $LOCAL_SET $STAFF1

@@ -63,10 +63,10 @@ log_must verify_perm $SUBFS $LOCAL_SET $STAFF1
 # After unallow -c, create $SUBFS2 and verify $SUBFS2 has not created time
 # permissions any more.
 #
-log_must $ZFS unallow -c $LOCAL_SET $ROOT_TESTFS
-user_run $STAFF1 $ZFS create $SUBFS2
+log_must zfs unallow -c $LOCAL_SET $ROOT_TESTFS
+user_run $STAFF1 zfs create $SUBFS2
 if ! datasetexists $SUBFS2 ; then
-	log_fail "ERROR: ($STAFF1): $ZFS create $SUBFS2"
+	log_fail "ERROR: ($STAFF1): zfs create $SUBFS2"
 fi
 log_must verify_noperm $SUBFS2 $LOCAL_SET $STAFF1

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -49,22 +49,22 @@ log_assert "Verify option '-u', '-g' and '-e' only removed the specified type "\
 log_onexit restore_root_datasets

 for dtst in $DATASETS ; do
-	log_must $ZFS allow -u $STAFF1 $LOCAL_DESC_SET $dtst
-	log_must $ZFS allow -g $STAFF_GROUP $LOCAL_DESC_SET $dtst
-	log_must $ZFS allow -e $LOCAL_DESC_SET $dtst
+	log_must zfs allow -u $STAFF1 $LOCAL_DESC_SET $dtst
+	log_must zfs allow -g $STAFF_GROUP $LOCAL_DESC_SET $dtst
+	log_must zfs allow -e $LOCAL_DESC_SET $dtst

 	log_must verify_perm $dtst $LOCAL_DESC_SET \
 		$STAFF1 $STAFF2 $OTHER1 $OTHER2

-	log_must $ZFS unallow -e $dtst
+	log_must zfs unallow -e $dtst
 	log_must verify_perm $dtst $LOCAL_DESC_SET $STAFF1 $STAFF2
 	log_must verify_noperm $dtst $LOCAL_DESC_SET $OTHER1 $OTHER2

-	log_must $ZFS unallow -g $STAFF_GROUP $dtst
+	log_must zfs unallow -g $STAFF_GROUP $dtst
 	log_must verify_perm $dtst $LOCAL_DESC_SET $STAFF1
 	log_must verify_noperm $dtst $LOCAL_DESC_SET $STAFF2

-	log_must $ZFS unallow -u $STAFF1 $dtst
+	log_must zfs unallow -u $STAFF1 $dtst
 	log_must verify_noperm $dtst $LOCAL_DESC_SET $STAFF1
 done

@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -49,16 +49,16 @@ log_assert "zfs unallow won't remove those permissions which inherited from " \
 log_onexit restore_root_datasets

 perm1="atime,devices"; perm2="compression,checksum"
-log_must $ZFS create $SUBFS
-log_must $ZFS allow $STAFF1 $perm1 $ROOT_TESTFS
-log_must $ZFS allow $STAFF1 $perm2 $SUBFS
+log_must zfs create $SUBFS
+log_must zfs allow $STAFF1 $perm1 $ROOT_TESTFS
+log_must zfs allow $STAFF1 $perm2 $SUBFS

 log_must verify_perm $SUBFS ${perm1},${perm2} $STAFF1
 #
 # Athrough unallow the permissions which don't exists on the specific dataset
 # return 0, the inherited permissions can't be removed in fact.
 #
-log_must $ZFS unallow -u $STAFF1 $perm1 $SUBFS
+log_must zfs unallow -u $STAFF1 $perm1 $SUBFS
 log_must verify_perm $SUBFS ${perm1},${perm2} $STAFF1

 log_pass "Verify zfs unallow won't remove inherited permissions passed."
@@ -26,7 +26,7 @@
 #

 #
-# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
@@ -68,15 +68,15 @@ log_must setup_unallow_testenv
 export POSIXLY_CORRECT=1

 for dtst in $DATASETS ; do
-	log_must $ZFS allow -c create $dtst
+	log_must zfs allow -c create $dtst

 	typeset -i i=0
 	while ((i < ${#badopts[@]})); do
-		neg_test $ZFS unallow ${badopts[$i]} $dtst
+		neg_test zfs unallow ${badopts[$i]} $dtst
 		((i += 1))
 	done

-	# Causes test failure: neg_test user_run $STAFF1 $ZFS unallow $dtst
+	# Causes test failure: neg_test user_run $STAFF1 zfs unallow $dtst
 done

 unset POSIXLY_CORRECT