9echo "1..83"
10
11n0=`namegen`
12n1=`namegen`
13n2=`namegen`
14
15expect 0 mkdir ${n2} 0755
16cdir=`pwd`
17cd ${n2}
18
19# Check whether user 65534 is permitted to read ACL.
20expect 0 create ${n0} 0644
21expect 0 readacl ${n0}
22expect 0 -u 65534 -g 65534 readacl ${n0}
23expect 0 prependacl ${n0} user:65534:read_acl::deny
24expect 0 readacl ${n0}
25expect EACCES -u 65534 -g 65534 readacl ${n0}
26expect 0 prependacl ${n0} user:65534:read_acl::allow
27expect 0 -u 65534 -g 65534 readacl ${n0}
28expect 0 readacl ${n0}
29expect 0 unlink ${n0}
30
31# Check whether user 65534 is permitted to write ACL.
32expect 0 create ${n0} 0644
33expect EPERM -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow
34expect 0 prependacl ${n0} user:65534:write_acl::allow
35expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow
36expect 0 unlink ${n0}
37
38# Check whether user 65534 is permitted to write mode.
39expect 0 create ${n0} 0755
40expect EPERM -u 65534 -g 65534 chmod ${n0} 0777
41expect 0 prependacl ${n0} user:65534:write_acl::allow
42expect 0 -u 65534 -g 65534 chmod ${n0} 0777
43expect 0 unlink ${n0}
44
45# There is an interesting problem with interaction between ACL_WRITE_ACL
46# and SUID/SGID bits. In case user does have ACL_WRITE_ACL, but is not
47# a file owner, Solaris does the following:
48# 1. Setting SUID fails with EPERM.
49# 2. Setting SGID succeeds, but mode is not changed.
50# 3. Modifying ACL does not clear SUID nor SGID bits.
51# 4. Writing the file does clear both SUID and SGID bits.
52#
53# What we are doing is the following:
54# 1. Setting SUID or SGID fails with EPERM.
55# 2. Modifying ACL does not clear SUID nor SGID bits.
56# 3. Writing the file does clear both SUID and SGID bits.
57#
58# Check whether user 65534 is denied to write mode with SUID bit.
59expect 0 create ${n0} 0755
60expect EPERM -u 65534 -g 65534 chmod ${n0} 04777
61expect 0 prependacl ${n0} user:65534:write_acl::allow
62expect EPERM -u 65534 -g 65534 chmod ${n0} 04777
63expect 0 unlink ${n0}
64
65# Check whether user 65534 is denied to write mode with SGID bit.
66expect 0 create ${n0} 0755
67expect EPERM -u 65534 -g 65534 chmod ${n0} 02777
68expect 0 prependacl ${n0} user:65534:write_acl::allow
69expect EPERM -u 65534 -g 65534 chmod ${n0} 02777
70expect 0 unlink ${n0}
71
72# Check whether user 65534 is allowed to write mode with sticky bit.
73expect 0 mkdir ${n0} 0755
74expect EPERM -u 65534 -g 65534 chmod ${n0} 01777
75expect 0 prependacl ${n0} user:65534:write_acl::allow
76expect 0 -u 65534 -g 65534 chmod ${n0} 01777
77expect 0 rmdir ${n0}
78
79# Check whether modifying the ACL by not-owner preserves the SUID.
80expect 0 create ${n0} 04755
81expect 0 prependacl ${n0} user:65534:write_acl::allow
82expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow
83expect 04755 stat ${n0} mode
84expect 0 unlink ${n0}
85
86# Check whether modifying the ACL by not-owner preserves the SGID.
87expect 0 create ${n0} 02755
88expect 0 prependacl ${n0} user:65534:write_acl::allow
89expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow
90expect 02755 stat ${n0} mode
91expect 0 unlink ${n0}
92
93# Check whether modifying the ACL by not-owner preserves the sticky bit.
94expect 0 mkdir ${n0} 0755
95expect 0 chmod ${n0} 01755
96expect 0 prependacl ${n0} user:65534:write_acl::allow
97expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow
98expect 01755 stat ${n0} mode
99expect 0 rmdir ${n0}
100
101# Clearing the SUID and SGID bits when being written to by non-owner
102# is checked in chmod/12.t.
103
104# Check whether the file owner is always permitted to get and set
105# ACL and file mode, even if ACL_{READ,WRITE}_ACL would deny it.
106expect 0 chmod . 0777
107expect 0 -u 65534 -g 65534 create ${n0} 0600
108expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny
109expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny
110expect 0 -u 65534 -g 65534 readacl ${n0}
111expect 0600 -u 65534 -g 65534 stat ${n0} mode
112expect 0 -u 65534 -g 65534 chmod ${n0} 0777
113expect 0 unlink ${n0}
114
115expect 0 -u 65534 -g 65534 mkdir ${n0} 0600
116expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny
117expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny
118expect 0 -u 65534 -g 65534 readacl ${n0}
119expect 0600 -u 65534 -g 65534 stat ${n0} mode
120expect 0 -u 65534 -g 65534 chmod ${n0} 0777
121expect 0 rmdir ${n0}
122
123# Check whether the root is allowed for these as well.
124expect 0 -u 65534 -g 65534 create ${n0} 0600
125expect 0 prependacl ${n0} everyone@:write_acl::deny
126expect 0 prependacl ${n0} everyone@:read_acl::deny
127expect 0 readacl ${n0}
128expect 0600 stat ${n0} mode
129expect 0 chmod ${n0} 0777
130expect 0 unlink ${n0}
131
132expect 0 -u 65534 -g 65534 mkdir ${n0} 0600
133expect 0 prependacl ${n0} everyone@:write_acl::deny
134expect 0 prependacl ${n0} everyone@:read_acl::deny
135expect 0600 stat ${n0} mode
136expect 0 readacl ${n0}
137expect 0600 stat ${n0} mode
138expect 0 chmod ${n0} 0777
139expect 0 rmdir ${n0}
140
141cd ${cdir}
142expect 0 rmdir ${n2}
| 11echo "1..83"
12
13n0=`namegen`
14n1=`namegen`
15n2=`namegen`
16
17expect 0 mkdir ${n2} 0755
18cdir=`pwd`
19cd ${n2}
20
21# Check whether user 65534 is permitted to read ACL.
22expect 0 create ${n0} 0644
23expect 0 readacl ${n0}
24expect 0 -u 65534 -g 65534 readacl ${n0}
25expect 0 prependacl ${n0} user:65534:read_acl::deny
26expect 0 readacl ${n0}
27expect EACCES -u 65534 -g 65534 readacl ${n0}
28expect 0 prependacl ${n0} user:65534:read_acl::allow
29expect 0 -u 65534 -g 65534 readacl ${n0}
30expect 0 readacl ${n0}
31expect 0 unlink ${n0}
32
33# Check whether user 65534 is permitted to write ACL.
34expect 0 create ${n0} 0644
35expect EPERM -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow
36expect 0 prependacl ${n0} user:65534:write_acl::allow
37expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow
38expect 0 unlink ${n0}
39
40# Check whether user 65534 is permitted to write mode.
41expect 0 create ${n0} 0755
42expect EPERM -u 65534 -g 65534 chmod ${n0} 0777
43expect 0 prependacl ${n0} user:65534:write_acl::allow
44expect 0 -u 65534 -g 65534 chmod ${n0} 0777
45expect 0 unlink ${n0}
46
47# There is an interesting problem with interaction between ACL_WRITE_ACL
48# and SUID/SGID bits. In case user does have ACL_WRITE_ACL, but is not
49# a file owner, Solaris does the following:
50# 1. Setting SUID fails with EPERM.
51# 2. Setting SGID succeeds, but mode is not changed.
52# 3. Modifying ACL does not clear SUID nor SGID bits.
53# 4. Writing the file does clear both SUID and SGID bits.
54#
55# What we are doing is the following:
56# 1. Setting SUID or SGID fails with EPERM.
57# 2. Modifying ACL does not clear SUID nor SGID bits.
58# 3. Writing the file does clear both SUID and SGID bits.
59#
60# Check whether user 65534 is denied to write mode with SUID bit.
61expect 0 create ${n0} 0755
62expect EPERM -u 65534 -g 65534 chmod ${n0} 04777
63expect 0 prependacl ${n0} user:65534:write_acl::allow
64expect EPERM -u 65534 -g 65534 chmod ${n0} 04777
65expect 0 unlink ${n0}
66
67# Check whether user 65534 is denied to write mode with SGID bit.
68expect 0 create ${n0} 0755
69expect EPERM -u 65534 -g 65534 chmod ${n0} 02777
70expect 0 prependacl ${n0} user:65534:write_acl::allow
71expect EPERM -u 65534 -g 65534 chmod ${n0} 02777
72expect 0 unlink ${n0}
73
74# Check whether user 65534 is allowed to write mode with sticky bit.
75expect 0 mkdir ${n0} 0755
76expect EPERM -u 65534 -g 65534 chmod ${n0} 01777
77expect 0 prependacl ${n0} user:65534:write_acl::allow
78expect 0 -u 65534 -g 65534 chmod ${n0} 01777
79expect 0 rmdir ${n0}
80
81# Check whether modifying the ACL by not-owner preserves the SUID.
82expect 0 create ${n0} 04755
83expect 0 prependacl ${n0} user:65534:write_acl::allow
84expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow
85expect 04755 stat ${n0} mode
86expect 0 unlink ${n0}
87
88# Check whether modifying the ACL by not-owner preserves the SGID.
89expect 0 create ${n0} 02755
90expect 0 prependacl ${n0} user:65534:write_acl::allow
91expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow
92expect 02755 stat ${n0} mode
93expect 0 unlink ${n0}
94
95# Check whether modifying the ACL by not-owner preserves the sticky bit.
96expect 0 mkdir ${n0} 0755
97expect 0 chmod ${n0} 01755
98expect 0 prependacl ${n0} user:65534:write_acl::allow
99expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow
100expect 01755 stat ${n0} mode
101expect 0 rmdir ${n0}
102
103# Clearing the SUID and SGID bits when being written to by non-owner
104# is checked in chmod/12.t.
105
106# Check whether the file owner is always permitted to get and set
107# ACL and file mode, even if ACL_{READ,WRITE}_ACL would deny it.
108expect 0 chmod . 0777
109expect 0 -u 65534 -g 65534 create ${n0} 0600
110expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny
111expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny
112expect 0 -u 65534 -g 65534 readacl ${n0}
113expect 0600 -u 65534 -g 65534 stat ${n0} mode
114expect 0 -u 65534 -g 65534 chmod ${n0} 0777
115expect 0 unlink ${n0}
116
117expect 0 -u 65534 -g 65534 mkdir ${n0} 0600
118expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny
119expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny
120expect 0 -u 65534 -g 65534 readacl ${n0}
121expect 0600 -u 65534 -g 65534 stat ${n0} mode
122expect 0 -u 65534 -g 65534 chmod ${n0} 0777
123expect 0 rmdir ${n0}
124
125# Check whether the root is allowed for these as well.
126expect 0 -u 65534 -g 65534 create ${n0} 0600
127expect 0 prependacl ${n0} everyone@:write_acl::deny
128expect 0 prependacl ${n0} everyone@:read_acl::deny
129expect 0 readacl ${n0}
130expect 0600 stat ${n0} mode
131expect 0 chmod ${n0} 0777
132expect 0 unlink ${n0}
133
134expect 0 -u 65534 -g 65534 mkdir ${n0} 0600
135expect 0 prependacl ${n0} everyone@:write_acl::deny
136expect 0 prependacl ${n0} everyone@:read_acl::deny
137expect 0600 stat ${n0} mode
138expect 0 readacl ${n0}
139expect 0600 stat ${n0} mode
140expect 0 chmod ${n0} 0777
141expect 0 rmdir ${n0}
142
143cd ${cdir}
144expect 0 rmdir ${n2}
|