9echo "1..83" 10 11n0=`namegen` 12n1=`namegen` 13n2=`namegen` 14 15expect 0 mkdir ${n2} 0755 16cdir=`pwd` 17cd ${n2} 18 19# Check whether user 65534 is permitted to read ACL. 20expect 0 create ${n0} 0644 21expect 0 readacl ${n0} 22expect 0 -u 65534 -g 65534 readacl ${n0} 23expect 0 prependacl ${n0} user:65534:read_acl::deny 24expect 0 readacl ${n0} 25expect EACCES -u 65534 -g 65534 readacl ${n0} 26expect 0 prependacl ${n0} user:65534:read_acl::allow 27expect 0 -u 65534 -g 65534 readacl ${n0} 28expect 0 readacl ${n0} 29expect 0 unlink ${n0} 30 31# Check whether user 65534 is permitted to write ACL. 32expect 0 create ${n0} 0644 33expect EPERM -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow 34expect 0 prependacl ${n0} user:65534:write_acl::allow 35expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow 36expect 0 unlink ${n0} 37 38# Check whether user 65534 is permitted to write mode. 39expect 0 create ${n0} 0755 40expect EPERM -u 65534 -g 65534 chmod ${n0} 0777 41expect 0 prependacl ${n0} user:65534:write_acl::allow 42expect 0 -u 65534 -g 65534 chmod ${n0} 0777 43expect 0 unlink ${n0} 44 45# There is an interesting problem with interaction between ACL_WRITE_ACL 46# and SUID/SGID bits. In case user does have ACL_WRITE_ACL, but is not 47# a file owner, Solaris does the following: 48# 1. Setting SUID fails with EPERM. 49# 2. Setting SGID succeeds, but mode is not changed. 50# 3. Modifying ACL does not clear SUID nor SGID bits. 51# 4. Writing the file does clear both SUID and SGID bits. 52# 53# What we are doing is the following: 54# 1. Setting SUID or SGID fails with EPERM. 55# 2. Modifying ACL does not clear SUID nor SGID bits. 56# 3. Writing the file does clear both SUID and SGID bits. 57# 58# Check whether user 65534 is denied to write mode with SUID bit. 59expect 0 create ${n0} 0755 60expect EPERM -u 65534 -g 65534 chmod ${n0} 04777 61expect 0 prependacl ${n0} user:65534:write_acl::allow 62expect EPERM -u 65534 -g 65534 chmod ${n0} 04777 63expect 0 unlink ${n0} 64 65# Check whether user 65534 is denied to write mode with SGID bit. 66expect 0 create ${n0} 0755 67expect EPERM -u 65534 -g 65534 chmod ${n0} 02777 68expect 0 prependacl ${n0} user:65534:write_acl::allow 69expect EPERM -u 65534 -g 65534 chmod ${n0} 02777 70expect 0 unlink ${n0} 71 72# Check whether user 65534 is allowed to write mode with sticky bit. 73expect 0 mkdir ${n0} 0755 74expect EPERM -u 65534 -g 65534 chmod ${n0} 01777 75expect 0 prependacl ${n0} user:65534:write_acl::allow 76expect 0 -u 65534 -g 65534 chmod ${n0} 01777 77expect 0 rmdir ${n0} 78 79# Check whether modifying the ACL by not-owner preserves the SUID. 80expect 0 create ${n0} 04755 81expect 0 prependacl ${n0} user:65534:write_acl::allow 82expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow 83expect 04755 stat ${n0} mode 84expect 0 unlink ${n0} 85 86# Check whether modifying the ACL by not-owner preserves the SGID. 87expect 0 create ${n0} 02755 88expect 0 prependacl ${n0} user:65534:write_acl::allow 89expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow 90expect 02755 stat ${n0} mode 91expect 0 unlink ${n0} 92 93# Check whether modifying the ACL by not-owner preserves the sticky bit. 94expect 0 mkdir ${n0} 0755 95expect 0 chmod ${n0} 01755 96expect 0 prependacl ${n0} user:65534:write_acl::allow 97expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow 98expect 01755 stat ${n0} mode 99expect 0 rmdir ${n0} 100 101# Clearing the SUID and SGID bits when being written to by non-owner 102# is checked in chmod/12.t. 103 104# Check whether the file owner is always permitted to get and set 105# ACL and file mode, even if ACL_{READ,WRITE}_ACL would deny it. 106expect 0 chmod . 0777 107expect 0 -u 65534 -g 65534 create ${n0} 0600 108expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny 109expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny 110expect 0 -u 65534 -g 65534 readacl ${n0} 111expect 0600 -u 65534 -g 65534 stat ${n0} mode 112expect 0 -u 65534 -g 65534 chmod ${n0} 0777 113expect 0 unlink ${n0} 114 115expect 0 -u 65534 -g 65534 mkdir ${n0} 0600 116expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny 117expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny 118expect 0 -u 65534 -g 65534 readacl ${n0} 119expect 0600 -u 65534 -g 65534 stat ${n0} mode 120expect 0 -u 65534 -g 65534 chmod ${n0} 0777 121expect 0 rmdir ${n0} 122 123# Check whether the root is allowed for these as well. 124expect 0 -u 65534 -g 65534 create ${n0} 0600 125expect 0 prependacl ${n0} everyone@:write_acl::deny 126expect 0 prependacl ${n0} everyone@:read_acl::deny 127expect 0 readacl ${n0} 128expect 0600 stat ${n0} mode 129expect 0 chmod ${n0} 0777 130expect 0 unlink ${n0} 131 132expect 0 -u 65534 -g 65534 mkdir ${n0} 0600 133expect 0 prependacl ${n0} everyone@:write_acl::deny 134expect 0 prependacl ${n0} everyone@:read_acl::deny 135expect 0600 stat ${n0} mode 136expect 0 readacl ${n0} 137expect 0600 stat ${n0} mode 138expect 0 chmod ${n0} 0777 139expect 0 rmdir ${n0} 140 141cd ${cdir} 142expect 0 rmdir ${n2}
| 11echo "1..83" 12 13n0=`namegen` 14n1=`namegen` 15n2=`namegen` 16 17expect 0 mkdir ${n2} 0755 18cdir=`pwd` 19cd ${n2} 20 21# Check whether user 65534 is permitted to read ACL. 22expect 0 create ${n0} 0644 23expect 0 readacl ${n0} 24expect 0 -u 65534 -g 65534 readacl ${n0} 25expect 0 prependacl ${n0} user:65534:read_acl::deny 26expect 0 readacl ${n0} 27expect EACCES -u 65534 -g 65534 readacl ${n0} 28expect 0 prependacl ${n0} user:65534:read_acl::allow 29expect 0 -u 65534 -g 65534 readacl ${n0} 30expect 0 readacl ${n0} 31expect 0 unlink ${n0} 32 33# Check whether user 65534 is permitted to write ACL. 34expect 0 create ${n0} 0644 35expect EPERM -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow 36expect 0 prependacl ${n0} user:65534:write_acl::allow 37expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_data::allow 38expect 0 unlink ${n0} 39 40# Check whether user 65534 is permitted to write mode. 41expect 0 create ${n0} 0755 42expect EPERM -u 65534 -g 65534 chmod ${n0} 0777 43expect 0 prependacl ${n0} user:65534:write_acl::allow 44expect 0 -u 65534 -g 65534 chmod ${n0} 0777 45expect 0 unlink ${n0} 46 47# There is an interesting problem with interaction between ACL_WRITE_ACL 48# and SUID/SGID bits. In case user does have ACL_WRITE_ACL, but is not 49# a file owner, Solaris does the following: 50# 1. Setting SUID fails with EPERM. 51# 2. Setting SGID succeeds, but mode is not changed. 52# 3. Modifying ACL does not clear SUID nor SGID bits. 53# 4. Writing the file does clear both SUID and SGID bits. 54# 55# What we are doing is the following: 56# 1. Setting SUID or SGID fails with EPERM. 57# 2. Modifying ACL does not clear SUID nor SGID bits. 58# 3. Writing the file does clear both SUID and SGID bits. 59# 60# Check whether user 65534 is denied to write mode with SUID bit. 61expect 0 create ${n0} 0755 62expect EPERM -u 65534 -g 65534 chmod ${n0} 04777 63expect 0 prependacl ${n0} user:65534:write_acl::allow 64expect EPERM -u 65534 -g 65534 chmod ${n0} 04777 65expect 0 unlink ${n0} 66 67# Check whether user 65534 is denied to write mode with SGID bit. 68expect 0 create ${n0} 0755 69expect EPERM -u 65534 -g 65534 chmod ${n0} 02777 70expect 0 prependacl ${n0} user:65534:write_acl::allow 71expect EPERM -u 65534 -g 65534 chmod ${n0} 02777 72expect 0 unlink ${n0} 73 74# Check whether user 65534 is allowed to write mode with sticky bit. 75expect 0 mkdir ${n0} 0755 76expect EPERM -u 65534 -g 65534 chmod ${n0} 01777 77expect 0 prependacl ${n0} user:65534:write_acl::allow 78expect 0 -u 65534 -g 65534 chmod ${n0} 01777 79expect 0 rmdir ${n0} 80 81# Check whether modifying the ACL by not-owner preserves the SUID. 82expect 0 create ${n0} 04755 83expect 0 prependacl ${n0} user:65534:write_acl::allow 84expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow 85expect 04755 stat ${n0} mode 86expect 0 unlink ${n0} 87 88# Check whether modifying the ACL by not-owner preserves the SGID. 89expect 0 create ${n0} 02755 90expect 0 prependacl ${n0} user:65534:write_acl::allow 91expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow 92expect 02755 stat ${n0} mode 93expect 0 unlink ${n0} 94 95# Check whether modifying the ACL by not-owner preserves the sticky bit. 96expect 0 mkdir ${n0} 0755 97expect 0 chmod ${n0} 01755 98expect 0 prependacl ${n0} user:65534:write_acl::allow 99expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_data::allow 100expect 01755 stat ${n0} mode 101expect 0 rmdir ${n0} 102 103# Clearing the SUID and SGID bits when being written to by non-owner 104# is checked in chmod/12.t. 105 106# Check whether the file owner is always permitted to get and set 107# ACL and file mode, even if ACL_{READ,WRITE}_ACL would deny it. 108expect 0 chmod . 0777 109expect 0 -u 65534 -g 65534 create ${n0} 0600 110expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny 111expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny 112expect 0 -u 65534 -g 65534 readacl ${n0} 113expect 0600 -u 65534 -g 65534 stat ${n0} mode 114expect 0 -u 65534 -g 65534 chmod ${n0} 0777 115expect 0 unlink ${n0} 116 117expect 0 -u 65534 -g 65534 mkdir ${n0} 0600 118expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:write_acl::deny 119expect 0 -u 65534 -g 65534 prependacl ${n0} user:65534:read_acl::deny 120expect 0 -u 65534 -g 65534 readacl ${n0} 121expect 0600 -u 65534 -g 65534 stat ${n0} mode 122expect 0 -u 65534 -g 65534 chmod ${n0} 0777 123expect 0 rmdir ${n0} 124 125# Check whether the root is allowed for these as well. 126expect 0 -u 65534 -g 65534 create ${n0} 0600 127expect 0 prependacl ${n0} everyone@:write_acl::deny 128expect 0 prependacl ${n0} everyone@:read_acl::deny 129expect 0 readacl ${n0} 130expect 0600 stat ${n0} mode 131expect 0 chmod ${n0} 0777 132expect 0 unlink ${n0} 133 134expect 0 -u 65534 -g 65534 mkdir ${n0} 0600 135expect 0 prependacl ${n0} everyone@:write_acl::deny 136expect 0 prependacl ${n0} everyone@:read_acl::deny 137expect 0600 stat ${n0} mode 138expect 0 readacl ${n0} 139expect 0600 stat ${n0} mode 140expect 0 chmod ${n0} 0777 141expect 0 rmdir ${n0} 142 143cd ${cdir} 144expect 0 rmdir ${n2}
|