1#!/bin/sh 2# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/05.t 211352 2010-08-15 21:24:17Z pjd $ 3 4desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD with directories" 5 6dir=`dirname $0` 7. ${dir}/../misc.sh 8 9[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit 10 11echo "1..68" 12 13n0=`namegen` 14n1=`namegen` 15n2=`namegen` 16n3=`namegen` 17 18expect 0 mkdir ${n2} 0755 19expect 0 mkdir ${n3} 0777 20cdir=`pwd` 21cd ${n2} 22 23# Unlink allowed on writable directory. 24expect 0 mkdir ${n0} 0755 25expect EACCES -u 65534 -g 65534 rmdir ${n0} 26expect 0 prependacl . user:65534:write_data::allow 27expect 0 -u 65534 -g 65534 rmdir ${n0} 28 29# Moving directory elsewhere allowed on writable directory. 30expect 0 mkdir ${n0} 0777 31expect 0 prependacl . user:65534:write_data::deny 32expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 33expect 0 prependacl . user:65534:write_data::allow 34expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 35 36# 12 37# Moving directory from elsewhere allowed on writable directory. 38expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 39expect 0 prependacl . user:65534:append_data::allow 40expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 41expect 0 -u 65534 -g 65534 rmdir ${n0} 42 43# Moving directory from elsewhere overwriting local directory allowed 44# on writable directory. 45expect 0 mkdir ${n0} 0755 46expect 0 mkdir ../${n3}/${n0} 0777 47expect 0 prependacl . user:65534:write_data::deny 48expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 49expect 0 prependacl . user:65534:write_data::allow 50expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 51expect 0 -u 65534 -g 65534 rmdir ${n0} 52 53# 23 54# Denied DELETE changes nothing wrt removing. 55expect 0 mkdir ${n0} 0755 56expect 0 prependacl ${n0} user:65534:delete::deny 57expect 0 -u 65534 -g 65534 rmdir ${n0} 58 59# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere. 60expect 0 mkdir ${n0} 0777 61expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 62expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 63expect 0 -u 65534 -g 65534 rmdir ${n0} 64 65# DELETE_CHILD denies unlink on writable directory. 66expect 0 mkdir ${n0} 0755 67expect 0 prependacl . user:65534:delete_child::deny 68expect EPERM -u 65534 -g 65534 rmdir ${n0} 69expect 0 rmdir ${n0} 70 71# 35 72# DELETE_CHILD denies moving directory elsewhere. 73expect 0 mkdir ${n0} 0777 74expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 75expect 0 rename ${n0} ../${n3}/${n0} 76 77# DELETE_CHILD does not deny moving directory from elsewhere 78# to a writable directory. 79expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 80 81# DELETE_CHILD denies moving directory from elsewhere 82# to a writable directory overwriting local directory. 83expect 0 mkdir ../${n3}/${n0} 0755 84expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 85 86# DELETE allowed on directory allows for unlinking, no matter 87# what permissions on containing directory are. 88expect 0 prependacl ${n0} user:65534:delete::allow 89expect 0 -u 65534 -g 65534 rmdir ${n0} 90 91# Same for moving the directory elsewhere. 92expect 0 mkdir ${n0} 0777 93expect 0 prependacl ${n0} user:65534:delete::allow 94expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 95 96# 46 97# Same for moving the directory from elsewhere into a writable 98# directory with DELETE_CHILD denied. 99expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 100expect 0 rmdir ${n0} 101 102# DELETE does not allow for overwriting a directory in a unwritable 103# directory with DELETE_CHILD denied. 104expect 0 mkdir ${n0} 0755 105expect 0 mkdir ../${n3}/${n0} 0777 106expect 0 prependacl . user:65534:write_data::deny 107expect 0 prependacl . user:65534:delete_child::deny 108expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 109expect 0 prependacl ${n0} user:65534:delete::allow 110# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 111expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 112 113# 54 114# But it allows for plain deletion. 115# XXX: expect 0 -u 65534 -g 65534 rmdir ${n0} 116expect 0 rmdir ${n0} 117 118# DELETE_CHILD allowed on unwritable directory. 119expect 0 mkdir ${n0} 0755 120expect 0 prependacl . user:65534:delete_child::allow 121expect 0 -u 65534 -g 65534 rmdir ${n0} 122 123# Moving things elsewhere is allowed. 124expect 0 mkdir ${n0} 0777 125expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} 126 127# 60 128# Moving things back is not. 129# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 130expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 131 132# Even if we're overwriting. 133# XXX: expect 0 mkdir ${n0} 0755 134expect 0 mkdir ../${n3}/${n0} 0777 135# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 136expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 137expect 0 mkdir ../${n3}/${n0} 0777 138 139# Even if we have DELETE on the existing directory. 140expect 0 prependacl ${n0} user:65534:delete::allow 141# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 142expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} 143 144# Denied DELETE changes nothing wrt removing. 145expect 0 prependacl ${n0} user:65534:delete::deny 146expect 0 -u 65534 -g 65534 rmdir ${n0} 147 148cd ${cdir} 149expect 0 rmdir ${n2} 150