1271294Sngie#!/bin/sh 2271294Sngie# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/03.t 211352 2010-08-15 21:24:17Z pjd $ 3271294Sngie 4271294Sngiedesc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD" 5271294Sngie 6271294Sngiedir=`dirname $0` 7271294Sngie. ${dir}/../misc.sh 8271294Sngie 9271294Sngie[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit 10271294Sngie 11271294Sngieecho "1..65" 12271294Sngie 13271294Sngien0=`namegen` 14271294Sngien1=`namegen` 15271294Sngien2=`namegen` 16271294Sngien3=`namegen` 17271294Sngie 18271294Sngieexpect 0 mkdir ${n2} 0755 19271294Sngieexpect 0 mkdir ${n3} 0777 20271294Sngiecdir=`pwd` 21271294Sngiecd ${n2} 22271294Sngie 23271294Sngie# Unlink allowed on writable directory. 24271294Sngieexpect 0 create ${n0} 0644 25271294Sngieexpect EACCES -u 65534 -g 65534 unlink ${n0} 26271294Sngieexpect 0 prependacl . user:65534:write_data::allow 27271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 28271294Sngie 29271294Sngie# Moving file elsewhere allowed on writable directory. 30271294Sngieexpect 0 create ${n0} 0644 31271294Sngieexpect 0 prependacl . user:65534:write_data::deny 32271294Sngieexpect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 33271294Sngieexpect 0 prependacl . user:65534:write_data::allow 34271294Sngieexpect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 35271294Sngie 36271294Sngie# Moving file from elsewhere allowed on writable directory. 37271294Sngieexpect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 38271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 39271294Sngie 40271294Sngie# Moving file from elsewhere overwriting local file allowed 41271294Sngie# on writable directory. 42271294Sngieexpect 0 create ${n0} 0644 43271294Sngieexpect 0 create ../${n3}/${n0} 0644 44271294Sngieexpect 0 prependacl . user:65534:write_data::deny 45271294Sngieexpect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 46271294Sngieexpect 0 prependacl . user:65534:write_data::allow 47271294Sngieexpect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 48271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 49271294Sngie 50271294Sngie# Denied DELETE changes nothing wrt removing. 51271294Sngieexpect 0 create ${n0} 0644 52271294Sngieexpect 0 prependacl ${n0} user:65534:delete::deny 53271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 54271294Sngie 55271294Sngie# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere. 56271294Sngieexpect 0 create ${n0} 0644 57271294Sngieexpect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 58271294Sngieexpect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 59271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 60271294Sngie 61271294Sngie# DELETE_CHILD denies unlink on writable directory. 62271294Sngieexpect 0 create ${n0} 0644 63271294Sngieexpect 0 prependacl . user:65534:delete_child::deny 64271294Sngieexpect EPERM -u 65534 -g 65534 unlink ${n0} 65271294Sngieexpect 0 unlink ${n0} 66271294Sngie 67271294Sngie# DELETE_CHILD denies moving file elsewhere. 68271294Sngieexpect 0 create ${n0} 0644 69271294Sngieexpect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 70271294Sngieexpect 0 rename ${n0} ../${n3}/${n0} 71271294Sngie 72271294Sngie# DELETE_CHILD does not deny moving file from elsewhere 73271294Sngie# to a writable directory. 74271294Sngieexpect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 75271294Sngie 76271294Sngie# DELETE_CHILD denies moving file from elsewhere 77271294Sngie# to a writable directory overwriting local file. 78271294Sngieexpect 0 create ../${n3}/${n0} 0644 79271294Sngieexpect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 80271294Sngie 81271294Sngie# DELETE allowed on file allows for unlinking, no matter 82271294Sngie# what permissions on containing directory are. 83271294Sngieexpect 0 prependacl ${n0} user:65534:delete::allow 84271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 85271294Sngie 86271294Sngie# Same for moving the file elsewhere. 87271294Sngieexpect 0 create ${n0} 0644 88271294Sngieexpect 0 prependacl ${n0} user:65534:delete::allow 89271294Sngieexpect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 90271294Sngie 91271294Sngie# Same for moving the file from elsewhere into a writable 92271294Sngie# directory with DELETE_CHILD denied. 93271294Sngieexpect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 94271294Sngieexpect 0 unlink ${n0} 95271294Sngie 96271294Sngie# DELETE does not allow for overwriting a file in a unwritable 97271294Sngie# directory with DELETE_CHILD denied. 98271294Sngieexpect 0 create ${n0} 0644 99271294Sngieexpect 0 create ../${n3}/${n0} 0644 100271294Sngieexpect 0 prependacl . user:65534:write_data::deny 101271294Sngieexpect 0 prependacl . user:65534:delete_child::deny 102271294Sngieexpect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 103271294Sngieexpect 0 prependacl ${n0} user:65534:delete::allow 104271294Sngieexpect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 105271294Sngie 106271294Sngie# But it allows for plain deletion. 107271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 108271294Sngie 109271294Sngie# DELETE_CHILD allowed on unwritable directory. 110271294Sngieexpect 0 create ${n0} 0644 111271294Sngieexpect 0 prependacl . user:65534:delete_child::allow 112271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 113271294Sngie 114271294Sngie# Moving things elsewhere is allowed. 115271294Sngieexpect 0 create ${n0} 0644 116271294Sngieexpect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 117271294Sngie 118271294Sngie# Moving things back is not. 119271294Sngieexpect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 120271294Sngie 121271294Sngie# Even if we're overwriting. 122271294Sngieexpect 0 create ${n0} 0644 123271294Sngieexpect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 124271294Sngie 125271294Sngie# Even if we have DELETE on the existing file. 126271294Sngieexpect 0 prependacl ${n0} user:65534:delete::allow 127271294Sngieexpect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 128271294Sngie 129271294Sngie# Denied DELETE changes nothing wrt removing. 130271294Sngieexpect 0 prependacl ${n0} user:65534:delete::deny 131271294Sngieexpect 0 -u 65534 -g 65534 unlink ${n0} 132271294Sngie 133271294Sngiecd ${cdir} 134271294Sngieexpect 0 rmdir ${n2} 135