03.t revision 196948
1#!/bin/sh 2# $FreeBSD: head/tools/regression/fstest/tests/granular/03.t 196948 2009-09-07 19:40:22Z trasz $ 3 4desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD" 5 6dir=`dirname $0` 7. ${dir}/../misc.sh 8 9echo "1..65" 10 11n0=`namegen` 12n1=`namegen` 13n2=`namegen` 14n3=`namegen` 15 16expect 0 mkdir ${n2} 0755 17expect 0 mkdir ${n3} 0777 18cdir=`pwd` 19cd ${n2} 20 21# Unlink allowed on writable directory. 22expect 0 create ${n0} 0644 23expect EACCES -u 65534 -g 65534 unlink ${n0} 24expect 0 prependacl . user:65534:write_data::allow 25expect 0 -u 65534 -g 65534 unlink ${n0} 26 27# Moving file elsewhere allowed on writable directory. 28expect 0 create ${n0} 0644 29expect 0 prependacl . user:65534:write_data::deny 30expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 31expect 0 prependacl . user:65534:write_data::allow 32expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 33 34# Moving file from elsewhere allowed on writable directory. 35expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 36expect 0 -u 65534 -g 65534 unlink ${n0} 37 38# Moving file from elsewhere overwriting local file allowed 39# on writable directory. 40expect 0 create ${n0} 0644 41expect 0 create ../${n3}/${n0} 0644 42expect 0 prependacl . user:65534:write_data::deny 43expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 44expect 0 prependacl . user:65534:write_data::allow 45expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 46expect 0 -u 65534 -g 65534 unlink ${n0} 47 48# Denied DELETE changes nothing wrt removing. 49expect 0 create ${n0} 0644 50expect 0 prependacl ${n0} user:65534:delete::deny 51expect 0 -u 65534 -g 65534 unlink ${n0} 52 53# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere. 54expect 0 create ${n0} 0644 55expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 56expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 57expect 0 -u 65534 -g 65534 unlink ${n0} 58 59# DELETE_CHILD denies unlink on writable directory. 60expect 0 create ${n0} 0644 61expect 0 prependacl . user:65534:delete_child::deny 62expect EPERM -u 65534 -g 65534 unlink ${n0} 63expect 0 unlink ${n0} 64 65# DELETE_CHILD denies moving file elsewhere. 66expect 0 create ${n0} 0644 67expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 68expect 0 rename ${n0} ../${n3}/${n0} 69 70# DELETE_CHILD does not deny moving file from elsewhere 71# to a writable directory. 72expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 73 74# DELETE_CHILD denies moving file from elsewhere 75# to a writable directory overwriting local file. 76expect 0 create ../${n3}/${n0} 0644 77expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 78 79# DELETE allowed on file allows for unlinking, no matter 80# what permissions on containing directory are. 81expect 0 prependacl ${n0} user:65534:delete::allow 82expect 0 -u 65534 -g 65534 unlink ${n0} 83 84# Same for moving the file elsewhere. 85expect 0 create ${n0} 0644 86expect 0 prependacl ${n0} user:65534:delete::allow 87expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 88 89# Same for moving the file from elsewhere into a writable 90# directory with DELETE_CHILD denied. 91expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 92expect 0 unlink ${n0} 93 94# DELETE does not allow for overwriting a file in a unwritable 95# directory with DELETE_CHILD denied. 96expect 0 create ${n0} 0644 97expect 0 create ../${n3}/${n0} 0644 98expect 0 prependacl . user:65534:write_data::deny 99expect 0 prependacl . user:65534:delete_child::deny 100expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 101expect 0 prependacl ${n0} user:65534:delete::allow 102expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 103 104# But it allows for plain deletion. 105expect 0 -u 65534 -g 65534 unlink ${n0} 106 107# DELETE_CHILD allowed on unwritable directory. 108expect 0 create ${n0} 0644 109expect 0 prependacl . user:65534:delete_child::allow 110expect 0 -u 65534 -g 65534 unlink ${n0} 111 112# Moving things elsewhere is allowed. 113expect 0 create ${n0} 0644 114expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 115 116# Moving things back is not. 117expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 118 119# Even if we're overwriting. 120expect 0 create ${n0} 0644 121expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 122 123# Even if we have DELETE on the existing file. 124expect 0 prependacl ${n0} user:65534:delete::allow 125expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 126 127# Denied DELETE changes nothing wrt removing. 128expect 0 prependacl ${n0} user:65534:delete::deny 129expect 0 -u 65534 -g 65534 unlink ${n0} 130 131cd ${cdir} 132expect 0 rmdir ${n2} 133