1196938Strasz# Copyright (c) 2008, 2009 Edward Tomasz Napiera��a <trasz@FreeBSD.org> 2196938Strasz# All rights reserved. 3196938Strasz# 4196938Strasz# Redistribution and use in source and binary forms, with or without 5196938Strasz# modification, are permitted provided that the following conditions 6196938Strasz# are met: 7196938Strasz# 1. Redistributions of source code must retain the above copyright 8196938Strasz# notice, this list of conditions and the following disclaimer. 9196938Strasz# 2. Redistributions in binary form must reproduce the above copyright 10196938Strasz# notice, this list of conditions and the following disclaimer in the 11196938Strasz# documentation and/or other materials provided with the distribution. 12196938Strasz# 13196938Strasz# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14196938Strasz# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15196938Strasz# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16196938Strasz# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17196938Strasz# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18196938Strasz# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19196938Strasz# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20196938Strasz# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21196938Strasz# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22196938Strasz# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23196938Strasz# SUCH DAMAGE. 24196938Strasz# 25196938Strasz# $FreeBSD$ 26196938Strasz# 27196938Strasz 28216393Strasz# This is a tools-level test for NFSv4 ACL functionality with PSARC/2010/029 29216393Strasz# semantics. Run it as root using ACL-enabled kernel: 30196938Strasz# 31216393Strasz# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4-psarc.test 32196938Strasz# 33196938Strasz# WARNING: Creates files in unsafe way. 34196938Strasz 35196938Strasz$ whoami 36196938Strasz> root 37196938Strasz$ umask 022 38196938Strasz 39196938Strasz# Smoke test for getfacl(1). 40196938Strasz$ touch xxx 41196938Strasz$ getfacl xxx 42196938Strasz> # file: xxx 43196938Strasz> # owner: root 44196938Strasz> # group: wheel 45216393Strasz> owner@:rw-p--aARWcCos:------:allow 46216393Strasz> group@:r-----a-R-c--s:------:allow 47196938Strasz> everyone@:r-----a-R-c--s:------:allow 48196938Strasz 49196938Strasz$ getfacl -q xxx 50216393Strasz> owner@:rw-p--aARWcCos:------:allow 51216393Strasz> group@:r-----a-R-c--s:------:allow 52196938Strasz> everyone@:r-----a-R-c--s:------:allow 53196938Strasz 54196938Strasz# Check verbose mode formatting. 55196938Strasz$ getfacl -v xxx 56196938Strasz> # file: xxx 57196938Strasz> # owner: root 58196938Strasz> # group: wheel 59216393Strasz> owner@:read_data/write_data/append_data/read_attributes/write_attributes/read_xattr/write_xattr/read_acl/write_acl/write_owner/synchronize::allow 60216393Strasz> group@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow 61196938Strasz> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow 62196938Strasz 63196938Strasz# Test setfacl -a. 64196938Strasz$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx 65196938Strasz$ getfacl -n xxx 66196938Strasz> # file: xxx 67196938Strasz> # owner: root 68196938Strasz> # group: wheel 69216393Strasz> owner@:rw-p--aARWcCos:------:allow 70216393Strasz> group@:r-----a-R-c--s:------:allow 71196938Strasz> user:0:-----------C--:------:allow 72196938Strasz> group:1:----------c---:------:deny 73196938Strasz> everyone@:r-----a-R-c--s:------:allow 74196938Strasz 75196938Strasz# Test user and group name resolving. 76196938Strasz$ rm xxx 77196938Strasz$ touch xxx 78196938Strasz$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx 79196938Strasz$ getfacl xxx 80196938Strasz> # file: xxx 81196938Strasz> # owner: root 82196938Strasz> # group: wheel 83216393Strasz> owner@:rw-p--aARWcCos:------:allow 84216393Strasz> group@:r-----a-R-c--s:------:allow 85196938Strasz> user:root:-----------C--:------:allow 86196938Strasz> group:daemon:----------c---:------:deny 87196938Strasz> everyone@:r-----a-R-c--s:------:allow 88196938Strasz 89196938Strasz# Check whether ls correctly marks files with "+". 90196938Strasz$ ls -l xxx | cut -d' ' -f1 91196938Strasz> -rw-r--r--+ 92196938Strasz 93196938Strasz# Test removing entries by number. 94216393Strasz$ setfacl -x 1 xxx 95196938Strasz$ getfacl -n xxx 96196938Strasz> # file: xxx 97196938Strasz> # owner: root 98196938Strasz> # group: wheel 99216393Strasz> owner@:rw-p--aARWcCos:------:allow 100196938Strasz> user:0:-----------C--:------:allow 101196938Strasz> group:1:----------c---:------:deny 102196938Strasz> everyone@:r-----a-R-c--s:------:allow 103196938Strasz 104196938Strasz# Test setfacl -m. 105196938Strasz$ setfacl -a0 everyone@:rwx:deny xxx 106196938Strasz$ setfacl -a0 everyone@:rwx:deny xxx 107196938Strasz$ setfacl -a0 everyone@:rwx:deny xxx 108196938Strasz$ setfacl -m everyone@::deny xxx 109196938Strasz$ getfacl -n xxx 110196938Strasz> # file: xxx 111196938Strasz> # owner: root 112196938Strasz> # group: wheel 113196938Strasz> everyone@:--------------:------:deny 114196938Strasz> everyone@:--------------:------:deny 115196938Strasz> everyone@:--------------:------:deny 116216393Strasz> owner@:rw-p--aARWcCos:------:allow 117196938Strasz> user:0:-----------C--:------:allow 118196938Strasz> group:1:----------c---:------:deny 119196938Strasz> everyone@:r-----a-R-c--s:------:allow 120196938Strasz 121196938Strasz# Test getfacl -i. 122196938Strasz$ getfacl -i xxx 123196938Strasz> # file: xxx 124196938Strasz> # owner: root 125196938Strasz> # group: wheel 126196938Strasz> everyone@:--------------:------:deny 127196938Strasz> everyone@:--------------:------:deny 128196938Strasz> everyone@:--------------:------:deny 129216393Strasz> owner@:rw-p--aARWcCos:------:allow 130196938Strasz> user:root:-----------C--:------:allow:0 131196938Strasz> group:daemon:----------c---:------:deny:1 132196938Strasz> everyone@:r-----a-R-c--s:------:allow 133196938Strasz 134196938Strasz# Make sure cp without any flags does not copy copy the ACL. 135196938Strasz$ cp xxx yyy 136196938Strasz$ ls -l yyy | cut -d' ' -f1 137196938Strasz> -rw-r--r-- 138196938Strasz 139196938Strasz# Make sure it does with the "-p" flag. 140196938Strasz$ rm yyy 141196938Strasz$ cp -p xxx yyy 142196938Strasz$ getfacl -n yyy 143196938Strasz> # file: yyy 144196938Strasz> # owner: root 145196938Strasz> # group: wheel 146196938Strasz> everyone@:--------------:------:deny 147196938Strasz> everyone@:--------------:------:deny 148196938Strasz> everyone@:--------------:------:deny 149216393Strasz> owner@:rw-p--aARWcCos:------:allow 150196938Strasz> user:0:-----------C--:------:allow 151196938Strasz> group:1:----------c---:------:deny 152196938Strasz> everyone@:r-----a-R-c--s:------:allow 153196938Strasz 154196938Strasz$ rm yyy 155196938Strasz 156196938Strasz# Test removing entries by... by example? 157196938Strasz$ setfacl -x everyone@::deny xxx 158196938Strasz$ getfacl -n xxx 159196938Strasz> # file: xxx 160196938Strasz> # owner: root 161196938Strasz> # group: wheel 162216393Strasz> owner@:rw-p--aARWcCos:------:allow 163196938Strasz> user:0:-----------C--:------:allow 164196938Strasz> group:1:----------c---:------:deny 165196938Strasz> everyone@:r-----a-R-c--s:------:allow 166196938Strasz 167196938Strasz# Test setfacl -b. 168196938Strasz$ setfacl -b xxx 169196938Strasz$ getfacl -n xxx 170196938Strasz> # file: xxx 171196938Strasz> # owner: root 172196938Strasz> # group: wheel 173216393Strasz> owner@:rw-p--aARWcCos:------:allow 174216393Strasz> group@:r-----a-R-c--s:------:allow 175196938Strasz> everyone@:r-----a-R-c--s:------:allow 176196938Strasz 177196938Strasz$ ls -l xxx | cut -d' ' -f1 178196938Strasz> -rw-r--r-- 179196938Strasz 180196938Strasz# Check setfacl(1) and getfacl(1) with multiple files. 181196938Strasz$ touch xxx yyy zzz 182196938Strasz 183196938Strasz$ ls -l xxx yyy zzz | cut -d' ' -f1 184196938Strasz> -rw-r--r-- 185196938Strasz> -rw-r--r-- 186196938Strasz> -rw-r--r-- 187196938Strasz 188196938Strasz$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz 189196938Strasz> setfacl: nnn: stat() failed: No such file or directory 190196938Strasz 191196938Strasz$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 192196938Strasz> ls: nnn: No such file or directory 193196938Strasz> -rw-r--r--+ 194196938Strasz> -rw-r--r--+ 195196938Strasz> -rw-r--r--+ 196196938Strasz 197196938Strasz$ getfacl -nq nnn xxx yyy zzz 198196938Strasz> getfacl: nnn: stat() failed: No such file or directory 199196938Strasz> user:42:--x-----------:------:allow 200196938Strasz> group:43:-w------------:------:allow 201216393Strasz> owner@:rw-p--aARWcCos:------:allow 202216393Strasz> group@:r-----a-R-c--s:------:allow 203196938Strasz> everyone@:r-----a-R-c--s:------:allow 204196938Strasz> 205196938Strasz> user:42:--x-----------:------:allow 206196938Strasz> group:43:-w------------:------:allow 207216393Strasz> owner@:rw-p--aARWcCos:------:allow 208216393Strasz> group@:r-----a-R-c--s:------:allow 209196938Strasz> everyone@:r-----a-R-c--s:------:allow 210196938Strasz> 211196938Strasz> user:42:--x-----------:------:allow 212196938Strasz> group:43:-w------------:------:allow 213216393Strasz> owner@:rw-p--aARWcCos:------:allow 214216393Strasz> group@:r-----a-R-c--s:------:allow 215196938Strasz> everyone@:r-----a-R-c--s:------:allow 216196938Strasz 217196938Strasz$ setfacl -b nnn xxx yyy zzz 218196938Strasz> setfacl: nnn: stat() failed: No such file or directory 219196938Strasz 220196938Strasz$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 221196938Strasz> ls: nnn: No such file or directory 222196938Strasz> -rw-r--r-- 223196938Strasz> -rw-r--r-- 224196938Strasz> -rw-r--r-- 225196938Strasz 226196938Strasz$ rm xxx yyy zzz 227196938Strasz 228196938Strasz# Test applying mode to an ACL. 229196938Strasz$ touch xxx 230196938Strasz$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx 231196938Strasz$ chmod 600 xxx 232196938Strasz$ getfacl -n xxx 233196938Strasz> # file: xxx 234196938Strasz> # owner: root 235196938Strasz> # group: wheel 236216393Strasz> owner@:rw-p--aARWcCos:------:allow 237216393Strasz> group@:------a-R-c--s:------:allow 238196938Strasz> everyone@:------a-R-c--s:------:allow 239216393Strasz 240196938Strasz$ ls -l xxx | cut -d' ' -f1 241216393Strasz> -rw------- 242196938Strasz 243196938Strasz$ rm xxx 244196938Strasz$ touch xxx 245196938Strasz$ chown 42 xxx 246196938Strasz$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx 247196938Strasz$ chmod 600 xxx 248196938Strasz$ getfacl -n xxx 249196938Strasz> # file: xxx 250196938Strasz> # owner: 42 251196938Strasz> # group: wheel 252216393Strasz> owner@:rw-p--aARWcCos:------:allow 253216393Strasz> group@:------a-R-c--s:------:allow 254196938Strasz> everyone@:------a-R-c--s:------:allow 255196938Strasz$ ls -l xxx | cut -d' ' -f1 256216393Strasz> -rw------- 257196938Strasz 258196938Strasz$ rm xxx 259196938Strasz$ touch xxx 260196938Strasz$ chown 43 xxx 261196938Strasz$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx 262196938Strasz$ chmod 124 xxx 263196938Strasz$ getfacl -n xxx 264196938Strasz> # file: xxx 265196938Strasz> # owner: 43 266196938Strasz> # group: wheel 267196938Strasz> owner@:rw-p----------:------:deny 268216393Strasz> group@:r-------------:------:deny 269216393Strasz> owner@:--x---aARWcCos:------:allow 270216393Strasz> group@:-w-p--a-R-c--s:------:allow 271196938Strasz> everyone@:r-----a-R-c--s:------:allow 272196938Strasz$ ls -l xxx | cut -d' ' -f1 273216393Strasz> ---x-w-r-- 274196938Strasz 275196938Strasz$ rm xxx 276196938Strasz$ touch xxx 277196938Strasz$ chown 43 xxx 278196938Strasz$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx 279196938Strasz$ chmod 412 xxx 280196938Strasz$ getfacl -n xxx 281196938Strasz> # file: xxx 282196938Strasz> # owner: 43 283196938Strasz> # group: wheel 284196938Strasz> owner@:-wxp----------:------:deny 285216393Strasz> group@:-w-p----------:------:deny 286216393Strasz> owner@:r-----aARWcCos:------:allow 287216393Strasz> group@:--x---a-R-c--s:------:allow 288196938Strasz> everyone@:-w-p--a-R-c--s:------:allow 289196938Strasz$ ls -l xxx | cut -d' ' -f1 290216393Strasz> -r----x-w- 291196938Strasz 292196938Strasz$ mkdir ddd 293196938Strasz$ setfacl -a0 group:44:rwapd:allow ddd 294196938Strasz$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd 295196938Strasz$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd 296196938Strasz$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd 297196938Strasz$ getfacl -n ddd 298196938Strasz> # file: ddd 299196938Strasz> # owner: root 300196938Strasz> # group: wheel 301196938Strasz> user:42:r-x-----------:f-i---:allow 302196938Strasz> group:42:-w--D---------:-d----:allow 303196938Strasz> group:43:-w--D---------:-d----:deny 304196938Strasz> group@:-----da-------:------:allow 305196938Strasz> group:44:rw-p-da-------:------:allow 306216393Strasz> owner@:rwxp--aARWcCos:------:allow 307216393Strasz> group@:r-x---a-R-c--s:------:allow 308196938Strasz> everyone@:-w-p--a-R-c--s:f-i---:allow 309216393Strasz 310196938Strasz$ chmod 777 ddd 311196938Strasz$ getfacl -n ddd 312196938Strasz> # file: ddd 313196938Strasz> # owner: root 314196938Strasz> # group: wheel 315216393Strasz> owner@:rwxp--aARWcCos:------:allow 316216393Strasz> group@:rwxp--a-R-c--s:------:allow 317196938Strasz> everyone@:rwxp--a-R-c--s:------:allow 318196938Strasz 319196938Strasz# Test applying ACL to mode. 320196938Strasz$ rmdir ddd 321196938Strasz$ mkdir ddd 322196938Strasz$ setfacl -a0 u:42:rwx:fi:allow ddd 323196938Strasz$ ls -ld ddd | cut -d' ' -f1 324196938Strasz> drwxr-xr-x+ 325196938Strasz 326196938Strasz$ rmdir ddd 327196938Strasz$ mkdir ddd 328196938Strasz$ chmod 0 ddd 329196938Strasz$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd 330196938Strasz$ ls -ld ddd | cut -d' ' -f1 331196938Strasz> dr----x---+ 332196938Strasz 333196938Strasz$ rmdir ddd 334196938Strasz$ mkdir ddd 335196938Strasz$ chmod 0 ddd 336196938Strasz$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd 337196938Strasz$ ls -ld ddd | cut -d' ' -f1 338196938Strasz> dr---wx---+ 339196938Strasz 340196938Strasz$ rmdir ddd 341196938Strasz$ mkdir ddd 342196938Strasz$ chmod 0 ddd 343196938Strasz$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd 344196938Strasz$ ls -ld ddd | cut -d' ' -f1 345196938Strasz> dr--------+ 346196938Strasz 347196938Strasz$ rmdir ddd 348196938Strasz$ mkdir ddd 349196938Strasz$ chmod 0 ddd 350196938Strasz$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd 351196938Strasz$ ls -ld ddd | cut -d' ' -f1 352196938Strasz> dr--------+ 353196938Strasz 354196938Strasz# Test inheritance. 355196938Strasz$ rmdir ddd 356196938Strasz$ mkdir ddd 357196938Strasz$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd 358196938Strasz$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd 359196938Strasz$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd 360196938Strasz$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd 361196938Strasz$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd 362196938Strasz$ getfacl -qn ddd 363196938Strasz> user:41:-w-----A------:f--n--:allow 364196938Strasz> group:41:r-----a-------:-din--:allow 365196938Strasz> user:42:-----------Co-:f-i---:allow 366196938Strasz> user:42:r-x-----------:f-i---:allow 367196938Strasz> group:42:-w--D---------:-d-n--:deny 368196938Strasz> group:43:-w---------C--:f-in--:deny 369196938Strasz> user:43:rwxp----------:------:allow 370216393Strasz> owner@:rwxp--aARWcCos:------:allow 371216393Strasz> group@:r-x---a-R-c--s:------:allow 372196938Strasz> everyone@:r-x---a-R-c--s:------:allow 373196938Strasz 374196938Strasz$ cd ddd 375196938Strasz$ touch xxx 376196938Strasz$ getfacl -qn xxx 377216393Strasz> user:41:--------------:------:allow 378196938Strasz> user:42:--------------:------:allow 379216393Strasz> user:42:r-------------:------:allow 380196938Strasz> group:43:-w---------C--:------:deny 381216393Strasz> owner@:rw-p--aARWcCos:------:allow 382216393Strasz> group@:r-----a-R-c--s:------:allow 383196938Strasz> everyone@:r-----a-R-c--s:------:allow 384196938Strasz 385196938Strasz$ rm xxx 386196938Strasz$ umask 077 387196938Strasz$ touch xxx 388196938Strasz$ getfacl -qn xxx 389216393Strasz> user:41:--------------:------:allow 390196938Strasz> user:42:--------------:------:allow 391216393Strasz> user:42:--------------:------:allow 392196938Strasz> group:43:-w---------C--:------:deny 393216393Strasz> owner@:rw-p--aARWcCos:------:allow 394216393Strasz> group@:------a-R-c--s:------:allow 395196938Strasz> everyone@:------a-R-c--s:------:allow 396196938Strasz 397196938Strasz$ rm xxx 398196938Strasz$ umask 770 399196938Strasz$ touch xxx 400196938Strasz$ getfacl -qn xxx 401216393Strasz> owner@:rw-p----------:------:deny 402216393Strasz> group@:rw-p----------:------:deny 403216393Strasz> user:41:--------------:------:allow 404196938Strasz> user:42:--------------:------:allow 405216393Strasz> user:42:--------------:------:allow 406196938Strasz> group:43:-w---------C--:------:deny 407216393Strasz> owner@:------aARWcCos:------:allow 408216393Strasz> group@:------a-R-c--s:------:allow 409196938Strasz> everyone@:rw-p--a-R-c--s:------:allow 410196938Strasz 411196938Strasz$ rm xxx 412196938Strasz$ umask 707 413196938Strasz$ touch xxx 414196938Strasz$ getfacl -qn xxx 415216393Strasz> owner@:rw-p----------:------:deny 416216393Strasz> user:41:-w------------:------:allow 417196938Strasz> user:42:--------------:------:allow 418216393Strasz> user:42:r-------------:------:allow 419196938Strasz> group:43:-w---------C--:------:deny 420216393Strasz> owner@:------aARWcCos:------:allow 421216393Strasz> group@:rw-p--a-R-c--s:------:allow 422196938Strasz> everyone@:------a-R-c--s:------:allow 423196938Strasz 424196938Strasz$ umask 077 425196938Strasz$ mkdir yyy 426196938Strasz$ getfacl -qn yyy 427216393Strasz> group:41:------a-------:------:allow 428196938Strasz> user:42:-----------Co-:f-i---:allow 429196938Strasz> user:42:r-x-----------:f-i---:allow 430196938Strasz> group:42:-w--D---------:------:deny 431216393Strasz> owner@:rwxp--aARWcCos:------:allow 432216393Strasz> group@:------a-R-c--s:------:allow 433196938Strasz> everyone@:------a-R-c--s:------:allow 434196938Strasz 435196938Strasz$ rmdir yyy 436196938Strasz$ umask 770 437196938Strasz$ mkdir yyy 438196938Strasz$ getfacl -qn yyy 439216393Strasz> owner@:rwxp----------:------:deny 440216393Strasz> group@:rwxp----------:------:deny 441216393Strasz> group:41:------a-------:------:allow 442196938Strasz> user:42:-----------Co-:f-i---:allow 443196938Strasz> user:42:r-x-----------:f-i---:allow 444196938Strasz> group:42:-w--D---------:------:deny 445216393Strasz> owner@:------aARWcCos:------:allow 446216393Strasz> group@:------a-R-c--s:------:allow 447196938Strasz> everyone@:rwxp--a-R-c--s:------:allow 448196938Strasz 449196938Strasz$ rmdir yyy 450196938Strasz$ umask 707 451196938Strasz$ mkdir yyy 452196938Strasz$ getfacl -qn yyy 453216393Strasz> owner@:rwxp----------:------:deny 454216393Strasz> group:41:r-----a-------:------:allow 455196938Strasz> user:42:-----------Co-:f-i---:allow 456196938Strasz> user:42:r-x-----------:f-i---:allow 457196938Strasz> group:42:-w--D---------:------:deny 458216393Strasz> owner@:------aARWcCos:------:allow 459216393Strasz> group@:rwxp--a-R-c--s:------:allow 460196938Strasz> everyone@:------a-R-c--s:------:allow 461196938Strasz 462196938Strasz# There is some complication regarding how write_acl and write_owner flags 463196938Strasz# get inherited. Make sure we got it right. 464196938Strasz$ setfacl -b . 465196938Strasz$ setfacl -a0 u:42:Co:f:allow . 466196938Strasz$ setfacl -a0 u:43:Co:d:allow . 467196938Strasz$ setfacl -a0 u:44:Co:fd:allow . 468196938Strasz$ setfacl -a0 u:45:Co:fi:allow . 469196938Strasz$ setfacl -a0 u:46:Co:di:allow . 470196938Strasz$ setfacl -a0 u:47:Co:fdi:allow . 471196938Strasz$ setfacl -a0 u:48:Co:fn:allow . 472196938Strasz$ setfacl -a0 u:49:Co:dn:allow . 473196938Strasz$ setfacl -a0 u:50:Co:fdn:allow . 474196938Strasz$ setfacl -a0 u:51:Co:fni:allow . 475196938Strasz$ setfacl -a0 u:52:Co:dni:allow . 476196938Strasz$ setfacl -a0 u:53:Co:fdni:allow . 477196938Strasz$ umask 022 478196938Strasz$ rm xxx 479196938Strasz$ touch xxx 480196938Strasz$ getfacl -nq xxx 481196938Strasz> user:53:--------------:------:allow 482196938Strasz> user:51:--------------:------:allow 483196938Strasz> user:50:--------------:------:allow 484196938Strasz> user:48:--------------:------:allow 485196938Strasz> user:47:--------------:------:allow 486196938Strasz> user:45:--------------:------:allow 487196938Strasz> user:44:--------------:------:allow 488196938Strasz> user:42:--------------:------:allow 489216393Strasz> owner@:rw-p--aARWcCos:------:allow 490216393Strasz> group@:r-----a-R-c--s:------:allow 491196938Strasz> everyone@:r-----a-R-c--s:------:allow 492196938Strasz 493196938Strasz$ rmdir yyy 494196938Strasz$ mkdir yyy 495196938Strasz$ getfacl -nq yyy 496196938Strasz> user:53:--------------:------:allow 497196938Strasz> user:52:--------------:------:allow 498196938Strasz> user:50:--------------:------:allow 499196938Strasz> user:49:--------------:------:allow 500216393Strasz> user:47:--------------:fd----:allow 501216393Strasz> user:46:--------------:-d----:allow 502196938Strasz> user:45:-----------Co-:f-i---:allow 503216393Strasz> user:44:--------------:fd----:allow 504216393Strasz> user:43:--------------:-d----:allow 505196938Strasz> user:42:-----------Co-:f-i---:allow 506216393Strasz> owner@:rwxp--aARWcCos:------:allow 507216393Strasz> group@:r-x---a-R-c--s:------:allow 508196938Strasz> everyone@:r-x---a-R-c--s:------:allow 509196938Strasz 510196938Strasz$ setfacl -b . 511196938Strasz$ setfacl -a0 u:42:Co:f:deny . 512196938Strasz$ setfacl -a0 u:43:Co:d:deny . 513196938Strasz$ setfacl -a0 u:44:Co:fd:deny . 514196938Strasz$ setfacl -a0 u:45:Co:fi:deny . 515196938Strasz$ setfacl -a0 u:46:Co:di:deny . 516196938Strasz$ setfacl -a0 u:47:Co:fdi:deny . 517196938Strasz$ setfacl -a0 u:48:Co:fn:deny . 518196938Strasz$ setfacl -a0 u:49:Co:dn:deny . 519196938Strasz$ setfacl -a0 u:50:Co:fdn:deny . 520196938Strasz$ setfacl -a0 u:51:Co:fni:deny . 521196938Strasz$ setfacl -a0 u:52:Co:dni:deny . 522196938Strasz$ setfacl -a0 u:53:Co:fdni:deny . 523196938Strasz$ umask 022 524196938Strasz$ rm xxx 525196938Strasz$ touch xxx 526196938Strasz$ getfacl -nq xxx 527196938Strasz> user:53:-----------Co-:------:deny 528196938Strasz> user:51:-----------Co-:------:deny 529196938Strasz> user:50:-----------Co-:------:deny 530196938Strasz> user:48:-----------Co-:------:deny 531196938Strasz> user:47:-----------Co-:------:deny 532196938Strasz> user:45:-----------Co-:------:deny 533196938Strasz> user:44:-----------Co-:------:deny 534196938Strasz> user:42:-----------Co-:------:deny 535216393Strasz> owner@:rw-p--aARWcCos:------:allow 536216393Strasz> group@:r-----a-R-c--s:------:allow 537196938Strasz> everyone@:r-----a-R-c--s:------:allow 538196938Strasz 539196938Strasz$ rmdir yyy 540196938Strasz$ mkdir yyy 541196938Strasz$ getfacl -nq yyy 542196938Strasz> user:53:-----------Co-:------:deny 543196938Strasz> user:52:-----------Co-:------:deny 544196938Strasz> user:50:-----------Co-:------:deny 545196938Strasz> user:49:-----------Co-:------:deny 546216393Strasz> user:47:-----------Co-:fd----:deny 547216393Strasz> user:46:-----------Co-:-d----:deny 548196938Strasz> user:45:-----------Co-:f-i---:deny 549216393Strasz> user:44:-----------Co-:fd----:deny 550216393Strasz> user:43:-----------Co-:-d----:deny 551196938Strasz> user:42:-----------Co-:f-i---:deny 552216393Strasz> owner@:rwxp--aARWcCos:------:allow 553216393Strasz> group@:r-x---a-R-c--s:------:allow 554196938Strasz> everyone@:r-x---a-R-c--s:------:allow 555196938Strasz 556196938Strasz$ rmdir yyy 557196938Strasz$ rm xxx 558196938Strasz$ cd .. 559196938Strasz$ rmdir ddd 560196938Strasz 561196938Strasz$ rm xxx 562196938Strasz 563