Add zfs allow and zfs unallow support

ZFS allows for specific permissions to be delegated to normal users with the `zfs allow` and `zfs unallow` commands. In addition, non- privileged users should be able to run all of the following commands: * zpool [list | iostat | status | get] * zfs [list | get] Historically this functionality was not available on Linux. In order to add it the secpolicy_* functions needed to be implemented and mapped to the equivalent Linux capability. Only then could the permissions on the `/dev/zfs` be relaxed and the internal ZFS permission checks used. Even with this change some limitations remain. Under Linux only the root user is allowed to modify the namespace (unless it's a private namespace). This means the mount, mountpoint, canmount, unmount, and remount delegations cannot be supported with the existing code. It may be possible to add this functionality in the future. This functionality was validated with the cli_user and delegation test cases from the ZFS Test Suite. These tests exhaustively verify each of the supported permissions which can be delegated and ensures only an authorized user can perform it. Two minor bug fixes were required for test-running.py. First, the Timer() object cannot be safely created in a `try:` block when there is an unconditional `finally` block which references it. Second, when running as a normal user also check for scripts using the both the .ksh and .sh suffixes. Finally, existing users who are simulating delegations by setting group permissions on the /dev/zfs device should revert that customization when updating to a version with this change. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tony Hutter <hutter2@llnl.gov> Closes #362 Closes #434 Closes #4100 Closes #4394 Closes #4410 Closes #4487
2026-05-22 02:27:36 +03:00 · 2016-06-07 09:16:52 -07:00
parent 2627e75245
commit f74b821a66
78 changed files with 759 additions and 242 deletions
@@ -1876,6 +1876,14 @@ function add_user #<group_name> <user_name> <basedir>

 	log_must $USERADD -g $gname -d $basedir/$uname -m $uname

+	# Add new users to the same group and the command line utils.
+	# This allows them to be run out of the original users home
+	# directory as long as it permissioned to be group readable.
+	if is_linux; then
+		cmd_group=$(stat --format="%G" $ZFS)
+		log_must $USERMOD -a -G $cmd_group $uname
+	fi
+
 	return 0
 }

@@ -1919,15 +1927,11 @@ function add_group #<group_name>
 	# Assign 100 as the base gid, a larger value is selected for
 	# Linux because for many distributions 1000 and under are reserved.
 	if is_linux; then
-		typeset -i gid=1500
-
 		while true; do
-			$GROUPADD -g $gid $group > /dev/null 2>&1
+			$GROUPADD $group > /dev/null 2>&1
 			typeset -i ret=$?
 			case $ret in
 				0) return 0 ;;
-				# The gid is not  unique
-				9) ((gid += 1)) ;;
 				*) return 1 ;;
 			esac
 		done
@@ -2592,6 +2596,7 @@ function user_run
 	typeset user=$1
 	shift

+	log_note "user:$user $@"
 	eval \$SU \$user -c \"$@\" > /tmp/out 2>/tmp/err
 	return $?
 }
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 if poolexists $TESTPOOL.virt
 then
@@ -28,33 +28,59 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-# these are the set of setable ZFS properties
-PROP_NAMES="\
-	aclinherit	aclmode		atime		 \
-	checksum	compression			devices \
-	exec		mountpoint	quota		readonly \
-	recordsize	reservation	setuid		sharenfs \
-	snapdir"
+if is_linux; then
+	# these are the set of setable ZFS properties
+	PROP_NAMES="\
+		aclinherit	acltype		atime		 \
+		checksum	compression			devices \
+		exec		mountpoint	quota		readonly \
+		recordsize	reservation	setuid		 \
+		snapdir"

-# these are a set of values we apply, for use when testing the
-# zfs get/set subcommands - ordered as per the list above so we
-# can iterate over both sets in an array
-PROP_VALS="\
-	secure		discard		on		 \
-	fletcher2	on				on \
-	on		legacy		none		on \
-	128k		none		on		on \
-	visible"
+	# these are a set of values we apply, for use when testing the
+	# zfs get/set subcommands - ordered as per the list above so we
+	# can iterate over both sets in an array
+	PROP_VALS="\
+		secure		posixacl	on		 \
+		fletcher2	on				on \
+		on		legacy		none		on \
+		128k		none		on		 \
+		visible"

-# these are an alternate set of property values
-PROP_ALTVALS="\
-	noallow		groupmask	off		 \
-	fletcher4	lzjb				off \
-	off		/tmp/zfstest	100m		off \
-	512		10m		off		off \
-	hidden"
+	# these are an alternate set of property values
+	PROP_ALTVALS="\
+		noallow		noacl		off		 \
+		fletcher4	lzjb				off \
+		off		/tmp/zfstest	100m		off \
+		512		10m		off		 \
+		hidden"
+else
+	# these are the set of setable ZFS properties
+	PROP_NAMES="\
+		aclinherit	aclmode		atime		 \
+		checksum	compression			devices \
+		exec		mountpoint	quota		readonly \
+		recordsize	reservation	setuid		sharenfs \
+		snapdir"

+	# these are a set of values we apply, for use when testing the
+	# zfs get/set subcommands - ordered as per the list above so we
+	# can iterate over both sets in an array
+	PROP_VALS="\
+		secure		discard		on		 \
+		fletcher2	on				on \
+		on		legacy		none		on \
+		128k		none		on		on \
+		visible"

+	# these are an alternate set of property values
+	PROP_ALTVALS="\
+		noallow		noacl		off		 \
+		fletcher4	lzjb				off \
+		off		/tmp/zfstest	100m		off \
+		512		10m		off		off \
+		hidden"
+fi

 # additional properties to worry about: canmount copies xattr zoned version

@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 # This setup script is moderately complex, as it creates scenarios for all
 # of the tests included in this directory. Usually we'd want each test case
@@ -95,7 +95,7 @@ done
 log_must $ZFS create $TESTPOOL/$TESTFS/renameme


-if is_global_zone
+if is_global_zone && !is_linux
 then
 	# create a filesystem we can share
 	log_must $ZFS create $TESTPOOL/$TESTFS/unshared
@@ -153,7 +153,7 @@ then
 	done

 	# copy a v1 pool from cli_root
-	$CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/blockfiles/zfs-pool-v1.dat.bz2 \
+	$CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/zfs-pool-v1.dat.bz2 \
 	    /$TESTDIR
 	log_must $BUNZIP2 /$TESTDIR/zfs-pool-v1.dat.bz2
 	log_must $ZPOOL import -d /$TESTDIR v1-pool
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }"
 [[ -z $ADD_DISK ]] && \
        log_fail "No spare disks available."

-set -A args "add" "add -f" "add -n" \
-    "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
-    "add -fn $TESTPOOL" "add -nf $TESTPOOL" \
-    "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \
-    "add -n $TESTPOOL $ADD_DISK" \
-    "add -fn $TESTPOOL $ADD_DISK" \
-    "add -nf $TESTPOOL $ADD_DISK" \
+# Under Linux dry-run commands have no legitimate reason to fail.
+if is_linux; then
+	set -A args "add" "add -f" "add -n" \
+	    "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
+	    "add -fn $TESTPOOL" "add -nf $TESTPOOL" \
+	    "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK"
+else
+	set -A args "add" "add -f" "add -n" \
+	    "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
+	    "add -fn $TESTPOOL" "add -nf $TESTPOOL" \
+	    "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \
+	    "add -n $TESTPOOL $ADD_DISK" \
+	    "add -fn $TESTPOOL $ADD_DISK" \
+	    "add -nf $TESTPOOL $ADD_DISK"
+fi

 log_assert "zpool add [-fn] pool_name vdev"

@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }"
 [[ -z $ADD_DISK ]] && \
        log_fail "No spare disks available."

-set -A args "create" "create -f" "create -n" \
-    "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
-    "create -fn $TESTPOOL" "create -nf $TESTPOOL" \
-    "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \
-    "create -n $TESTPOOL $ADD_DISK" \
-    "create -fn $TESTPOOL $ADD_DISK" \
-    "create -nf $TESTPOOL $ADD_DISK"
+# Under Linux dry-run commands have no legitimate reason to fail.
+if is_linux; then
+	set -A args "create" "create -f" "create -n" \
+	    "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
+	    "create -fn $TESTPOOL" "create -nf $TESTPOOL" \
+	    "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK"
+else
+	set -A args "create" "create -f" "create -n" \
+	    "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
+	    "create -fn $TESTPOOL" "create -nf $TESTPOOL" \
+	    "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \
+	    "create -n $TESTPOOL $ADD_DISK" \
+	    "create -fn $TESTPOOL $ADD_DISK" \
+	    "create -nf $TESTPOOL $ADD_DISK"
+fi

 log_assert "zpool create [-fn] pool_name vdev"

@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,8 +29,8 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg

 #
 # DESCRIPTION:
@@ -29,14 +29,17 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

+. $STF_SUITE/include/libtest.shlib
 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib

 cleanup_user_group

-# restore the state of svc:/network/nis/client:default
-if [[ -e $NISSTAFILE ]]; then
-	log_must $SVCADM enable svc:/network/nis/client:default
-	log_must $RM -f $NISSTAFILE
+if ! is_linux; then
+	# restore the state of svc:/network/nis/client:default
+	if [[ -e $NISSTAFILE ]]; then
+		log_must $SVCADM enable svc:/network/nis/client:default
+		log_must $RM -f $NISSTAFILE
+	fi
 fi

 default_cleanup
@@ -40,9 +40,22 @@ export OTHER2=other2

 export EVERYONE="$STAFF1 $STAFF2 $OTHER1 $OTHER2"

-export LOCAL_SET="snapshot"
-export LOCAL_DESC_SET="readonly,checksum"
-export DESC_SET="compression"
+#
+# 'readonly' is disabled for Linux because it requires remounting the
+# filesystem which is restricted to root for older versions of mount(8).
+#
+if is_linux; then
+	LOCAL_SET="snapshot"
+	LOCAL_DESC_SET="checksum"
+	DESC_SET="compression"
+else
+	LOCAL_SET="snapshot"
+	LOCAL_DESC_SET="readonly,checksum"
+	DESC_SET="compression"
+fi
+export LOCAL_SET
+export LOCAL_DESC_SET
+export DESC_SET

 export TESTVOL=testvol.delegate
 export VOLSIZE=150m
@@ -63,6 +63,7 @@ function restore_root_datasets
 			log_must $ZFS destroy -Rf $ROOT_TESTVOL
 		fi
 		log_must $ZFS create -V $VOLSIZE $ROOT_TESTVOL
+		block_device_wait
 	fi

 	return 0
@@ -101,6 +102,7 @@ function verify_perm
 				ret=$?
 			fi

+			log_note "Check $type $user $perm $dtst"
 			if ((ret != 0)) ; then
 				log_note "Fail: $user should have $perm " \
 					"on $dtst"
@@ -376,7 +378,7 @@ function verify_send
 	typeset dtst=$3

 	typeset oldval
-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
 	typeset snap=$dtst@snap.$stamp

 	typeset -i ret=1
@@ -405,7 +407,7 @@ function verify_fs_receive
 	typeset fs=$3

 	typeset dtst
-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
 	typeset newfs=$fs/newfs.$stamp
 	typeset newvol=$fs/newvol.$stamp
 	typeset bak_user=/tmp/bak.$user.$stamp
@@ -415,6 +417,7 @@ function verify_fs_receive
 	typeset datasets="$newfs"
 	if is_global_zone ; then
 		log_must $ZFS create -V $VOLSIZE $newvol
+		block_device_wait
 		datasets="$newfs $newvol"
 	fi

@@ -476,7 +479,7 @@ function verify_userprop
 	typeset perm=$2
 	typeset dtst=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')

 	user_run $user $ZFS set "$user:ts=$stamp" $dtst
 	if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
@@ -560,7 +563,7 @@ function verify_fs_create
 	typeset perm=$2
 	typeset fs=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
 	typeset newfs=$fs/nfs.$stamp
 	typeset newvol=$fs/nvol.$stamp

@@ -581,6 +584,7 @@ function verify_fs_create
 	if is_global_zone ; then
 		# mount permission is required for sparse volume
 		user_run $user $ZFS create -V 150m -s $newvol
+		block_device_wait
 		if datasetexists $newvol ; then
 			return 1
 		fi
@@ -591,17 +595,22 @@ function verify_fs_create
 		if ! datasetexists $newvol ; then
 			return 1
 		fi
+
+		block_device_wait
 		log_must $ZFS destroy $newvol
+		block_device_wait

 		# mount and reserveration permission are
 		# required for normal volume
 		user_run $user $ZFS create -V 150m $newvol
+		block_device_wait
 		if datasetexists $newvol ; then
 			return 1
 		fi

 		log_must $ZFS allow $user mount $fs
 		user_run $user $ZFS create -V 150m $newvol
+		block_device_wait
 		log_must $ZFS unallow $user mount $fs
 		if datasetexists $newvol ; then
 			return 1
@@ -609,6 +618,7 @@ function verify_fs_create

 		log_must $ZFS allow $user reservation $fs
 		user_run $user $ZFS create -V 150m $newvol
+		block_device_wait
 		log_must $ZFS unallow $user reservation $fs
 		if datasetexists $newvol ; then
 			return 1
@@ -616,6 +626,7 @@ function verify_fs_create

 		log_must $ZFS allow $user refreservation $fs
 		user_run $user $ZFS create -V 150m $newvol
+		block_device_wait
 		log_must $ZFS unallow $user refreservation $fs
 		if datasetexists $newvol ; then
 			return 1
@@ -631,7 +642,10 @@ function verify_fs_create
 		if ! datasetexists $newvol ; then
 			return 1
 		fi
+
+		block_device_wait
 		log_must $ZFS destroy $newvol
+		block_device_wait
 	fi

 	return 0
@@ -677,7 +691,7 @@ function verify_fs_snapshot
 	typeset perm=$2
 	typeset fs=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
 	typeset snap=$fs@snap.$stamp
 	typeset mntpt=$(get_prop mountpoint $fs)

@@ -718,7 +732,7 @@ function verify_fs_rollback
 	typeset fs=$3

 	typeset oldval
-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
 	typeset snap=$fs@snap.$stamp
 	typeset mntpt=$(get_prop mountpoint $fs)

@@ -751,7 +765,7 @@ function verify_fs_clone
 	typeset perm=$2
 	typeset fs=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basefs=${fs%/*}
 	typeset snap=$fs@snap.$stamp
 	typeset clone=$basefs/cfs.$stamp
@@ -796,7 +810,7 @@ function verify_fs_rename
 	typeset perm=$2
 	typeset fs=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basefs=${fs%/*}
 	typeset snap=$fs@snap.$stamp
 	typeset renamefs=$basefs/nfs.$stamp
@@ -879,7 +893,7 @@ function verify_fs_mount
 	typeset perm=$2
 	typeset fs=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
 	typeset mntpt=$(get_prop mountpoint $fs)
 	typeset newmntpt=/tmp/mnt.$stamp

@@ -947,7 +961,7 @@ function verify_fs_mountpoint
 	typeset perm=$2
 	typeset fs=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
 	typeset mntpt=$(get_prop mountpoint $fs)
 	typeset newmntpt=/tmp/mnt.$stamp

@@ -986,7 +1000,7 @@ function verify_fs_promote
 	typeset perm=$2
 	typeset fs=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basefs=${fs%/*}
 	typeset snap=$fs@snap.$stamp
 	typeset clone=$basefs/cfs.$stamp
@@ -1042,7 +1056,7 @@ function verify_fs_canmount
 	typeset fs=$3

 	typeset oldval
-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')

 	if ! ismounted $fs ; then
 		set -A modes "on" "off"
@@ -1338,7 +1352,7 @@ function verify_vol_snapshot
 	typeset perm=$2
 	typeset vol=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basevol=${vol%/*}
 	typeset snap=$vol@snap.$stamp

@@ -1363,7 +1377,7 @@ function verify_vol_rollback
 	typeset perm=$2
 	typeset vol=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basevol=${vol%/*}
 	typeset snap=$vol@snap.$stamp

@@ -1398,7 +1412,7 @@ function verify_vol_clone
 	typeset perm=$2
 	typeset vol=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basevol=${vol%/*}
 	typeset snap=$vol@snap.$stamp
 	typeset clone=$basevol/cvol.$stamp
@@ -1444,7 +1458,7 @@ function verify_vol_rename
 	typeset perm=$2
 	typeset vol=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basevol=${vol%/*}
 	typeset snap=$vol@snap.$stamp
 	typeset clone=$basevol/cvol.$stamp
@@ -1491,7 +1505,7 @@ function verify_vol_promote
 	typeset perm=$2
 	typeset vol=$3

-	typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+	typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
        typeset basevol=${vol%/*}
 	typeset snap=$vol@snap.$stamp
 	typeset clone=$basevol/cvol.$stamp
@@ -29,15 +29,18 @@
 # Copyright (c) 2013 by Delphix. All rights reserved.
 #

+. $STF_SUITE/include/libtest.shlib
 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib

-# check svc:/network/nis/client:default state
-# disable it if the state is ON
-# and the state will be restored during cleanup.ksh
-log_must $RM -f $NISSTAFILE
-if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
-	log_must $SVCADM disable -t svc:/network/nis/client:default
-	log_must $TOUCH $NISSTAFILE
+if ! is_linux; then
+	# check svc:/network/nis/client:default state
+	# disable it if the state is ON
+	# and the state will be restored during cleanup.ksh
+	log_must $RM -f $NISSTAFILE
+	if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
+		log_must $SVCADM disable -t svc:/network/nis/client:default
+		log_must $TOUCH $NISSTAFILE
+	fi
 fi

 cleanup_user_group
@@ -67,7 +67,7 @@ typeset perms="snapshot,reservation,compression,checksum,send,userprop"
 log_note "Create a user called 'everyone'."
 if ! $ID everyone > /dev/null 2>&1; then
 	user_added="TRUE"
-	log_must $USERADD everyone
+	log_must add_user $STAFF_GROUP everyone
 fi
 for dtst in $DATASETS ; do
 	log_must $ZFS allow everyone $perms $dtst
@@ -75,7 +75,7 @@ for dtst in $DATASETS ; do
 done
 log_must restore_root_datasets
 if [[ $user_added == "TRUE" ]]; then
-	log_must $USERDEL everyone
+	log_must del_user everyone
 fi

 log_note "Created a group called 'everyone'."
@@ -61,7 +61,7 @@ log_onexit cleanup
 eval set -A dataset $DATASETS
 typeset perms="snapshot,reservation,compression,checksum,send,userprop"

-log_must $USERADD $STAFF_GROUP
+log_must add_user $STAFF_GROUP $STAFF_GROUP
 for dtst in $DATASETS ; do
 	log_must $ZFS allow $STAFF_GROUP $perms $dtst
 	log_must verify_perm $dtst $perms $STAFF_GROUP
@@ -48,10 +48,46 @@ log_assert "Verify privileged user has correct permissions once which was "\
 	"delegated to him in datasets"
 log_onexit restore_root_datasets

+if is_linux; then
 #
 #				Results in	Results in
 #		Permission	Filesystem	Volume
 #
+# Removed for Linux:
+# - mount	- mount(8) does not permit non-superuser mounts
+# - mountpoint	- mount(8) does not permit non-superuser mounts
+# - canmount	- mount(8) does not permit non-superuser mounts
+# - rename      - mount(8) does not permit non-superuser mounts
+# - zoned	- zones are not supported
+# - destroy     - umount(8) does not permit non-superuser umounts
+# - sharenfs	- sharing requires superuser priviliges
+# - share	- sharing requires superuser priviliges
+# - readonly	- mount(8) does not permit non-superuser remounts
+#
+set -A perms	create		true		false	\
+		snapshot	true		true	\
+		send		true		true	\
+		allow		true		true	\
+		quota		true		false	\
+		reservation	true		true	\
+		recordsize	true		false	\
+		checksum	true		true	\
+		compression	true		true	\
+		atime		true		false	\
+		devices		true		false	\
+		exec		true		false	\
+		volsize		false		true	\
+		setuid		true		false	\
+		snapdir		true		false	\
+		userprop	true		true	\
+		aclinherit	true		false	\
+		rollback	true		true	\
+		clone		true		true	\
+		promote		true		true	\
+		xattr		true		false	\
+		receive		true		false
+else
+
 set -A perms	create		true		false	\
 		snapshot	true		true	\
 		mount		true		false	\
@@ -82,11 +118,13 @@ set -A perms	create		true		false	\
 		xattr		true		false	\
 		receive		true		false	\
 		destroy		true		true
+
 if is_global_zone; then
 	typeset -i n=${#perms[@]}
 	perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
 	perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
 fi
+fi

 for dtst in $DATASETS; do
 	typeset -i k=1
@@ -55,11 +55,19 @@ log_assert "Verify privileged user can not use permissions properly when " \
 log_onexit cleanup


+if is_linux; then
+set -A perms	create snapshot mount send allow quota reservation \
+		recordsize mountpoint checksum compression canmount atime \
+		devices exec volsize setuid readonly snapdir userprop \
+		rollback clone rename promote \
+		zoned xattr receive destroy
+else
 set -A perms	create snapshot mount send allow quota reservation \
 		recordsize mountpoint checksum compression canmount atime \
 		devices exec volsize setuid readonly snapdir userprop \
 		aclmode aclinherit rollback clone rename promote \
 		zoned xattr receive destroy sharenfs share
+fi

 log_must $ZPOOL set delegation=off $TESTPOOL

@@ -60,6 +60,13 @@ set -A badopts "everyone -e" "everyone -u $STAFF1" "everyone everyone" \

 log_must setup_unallow_testenv

+#
+# The GNU getopt(3) implementation will reorder these arguments such the
+# the parser can handle them and the test doesn't fail.  POSIXLY_CORRECT
+# is set to disable the reordering so the original test cases will fail.
+#
+export POSIXLY_CORRECT=1
+
 for dtst in $DATASETS ; do
 	log_must $ZFS allow -c create $dtst

@@ -72,4 +79,6 @@ for dtst in $DATASETS ; do
 	# Causes test failure: neg_test user_run $STAFF1 $ZFS unallow $dtst
 done

+unset POSIXLY_CORRECT
+
 log_pass "zfs unallow can handle invalid arguments passed."