150276Speter# Copyright (c) 2008, 2009 Edward Tomasz Napiera��a <trasz@FreeBSD.org> 2166124Srafan# All rights reserved. 350276Speter# 450276Speter# Redistribution and use in source and binary forms, with or without 550276Speter# modification, are permitted provided that the following conditions 650276Speter# are met: 750276Speter# 1. Redistributions of source code must retain the above copyright 850276Speter# notice, this list of conditions and the following disclaimer. 950276Speter# 2. Redistributions in binary form must reproduce the above copyright 1050276Speter# notice, this list of conditions and the following disclaimer in the 1150276Speter# documentation and/or other materials provided with the distribution. 1250276Speter# 1350276Speter# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1450276Speter# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1550276Speter# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1650276Speter# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1750276Speter# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 1850276Speter# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 1950276Speter# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2050276Speter# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2150276Speter# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2250276Speter# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2350276Speter# SUCH DAMAGE. 2450276Speter# 2550276Speter# $FreeBSD: releng/11.0/tests/sys/acl/tools-nfs4-psarc.test 288314 2015-09-27 23:33:54Z ngie $ 2650276Speter# 2750276Speter 2850276Speter# This is a tools-level test for NFSv4 ACL functionality with PSARC/2010/029 2950276Speter# semantics. Run it as root using ACL-enabled kernel: 30166124Srafan# 3150276Speter# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4-psarc.test 3250276Speter# 3350276Speter# WARNING: Creates files in unsafe way. 3450276Speter 3550276Speter$ whoami 3650276Speter> root 3750276Speter$ umask 022 3850276Speter 3950276Speter# Smoke test for getfacl(1). 40166124Srafan$ touch xxx 4150276Speter$ getfacl xxx 4250276Speter> # file: xxx 4350276Speter> # owner: root 4450276Speter> # group: wheel 4550276Speter> owner@:rw-p--aARWcCos:-------:allow 4650276Speter> group@:r-----a-R-c--s:-------:allow 4750276Speter> everyone@:r-----a-R-c--s:-------:allow 4850276Speter 4950276Speter$ getfacl -q xxx 5050276Speter> owner@:rw-p--aARWcCos:-------:allow 5150276Speter> group@:r-----a-R-c--s:-------:allow 5276726Speter> everyone@:r-----a-R-c--s:-------:allow 5350276Speter 54166124Srafan# Check verbose mode formatting. 5550276Speter$ getfacl -v xxx 5650276Speter> # file: xxx 5750276Speter> # owner: root 5850276Speter> # group: wheel 5950276Speter> owner@:read_data/write_data/append_data/read_attributes/write_attributes/read_xattr/write_xattr/read_acl/write_acl/write_owner/synchronize::allow 6050276Speter> group@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow 6150276Speter> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow 6250276Speter 6350276Speter# Test setfacl -a. 6450276Speter$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx 6550276Speter$ getfacl -n xxx 66166124Srafan> # file: xxx 6750276Speter> # owner: root 6876726Speter> # group: wheel 6950276Speter> owner@:rw-p--aARWcCos:-------:allow 70166124Srafan> group@:r-----a-R-c--s:-------:allow 71166124Srafan> user:0:-----------C--:-------:allow 7250276Speter> group:1:----------c---:-------:deny 7350276Speter> everyone@:r-----a-R-c--s:-------:allow 7450276Speter 7550276Speter# Test user and group name resolving. 7650276Speter$ rm xxx 7750276Speter$ touch xxx 7850276Speter$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx 79166124Srafan$ getfacl xxx 8050276Speter> # file: xxx 8150276Speter> # owner: root 8250276Speter> # group: wheel 8350276Speter> owner@:rw-p--aARWcCos:-------:allow 8450276Speter> group@:r-----a-R-c--s:-------:allow 8550276Speter> user:root:-----------C--:-------:allow 86166124Srafan> group:daemon:----------c---:-------:deny 8750276Speter> everyone@:r-----a-R-c--s:-------:allow 8850276Speter 8950276Speter# Check whether ls correctly marks files with "+". 9050276Speter$ ls -l xxx | cut -d' ' -f1 9150276Speter> -rw-r--r--+ 9250276Speter 9350276Speter# Test removing entries by number. 9450276Speter$ setfacl -x 1 xxx 9550276Speter$ getfacl -n xxx 9650276Speter> # file: xxx 9750276Speter> # owner: root 98166124Srafan> # group: wheel 9950276Speter> owner@:rw-p--aARWcCos:-------:allow 10050276Speter> user:0:-----------C--:-------:allow 10150276Speter> group:1:----------c---:-------:deny 10250276Speter> everyone@:r-----a-R-c--s:-------:allow 10350276Speter 10450276Speter# Test setfacl -m. 10550276Speter$ setfacl -a0 everyone@:rwx:deny xxx 10650276Speter$ setfacl -a0 everyone@:rwx:deny xxx 10750276Speter$ setfacl -a0 everyone@:rwx:deny xxx 10850276Speter$ setfacl -m everyone@::deny xxx 10950276Speter$ getfacl -n xxx 110166124Srafan> # file: xxx 11150276Speter> # owner: root 11250276Speter> # group: wheel 11350276Speter> everyone@:--------------:-------:deny 11450276Speter> everyone@:--------------:-------:deny 11550276Speter> everyone@:--------------:-------:deny 11650276Speter> owner@:rw-p--aARWcCos:-------:allow 11750276Speter> user:0:-----------C--:-------:allow 11850276Speter> group:1:----------c---:-------:deny 11950276Speter> everyone@:r-----a-R-c--s:-------:allow 12050276Speter 121166124Srafan# Test getfacl -i. 12250276Speter$ getfacl -i xxx 12350276Speter> # file: xxx 12450276Speter> # owner: root 12550276Speter> # group: wheel 12650276Speter> everyone@:--------------:-------:deny 12750276Speter> everyone@:--------------:-------:deny 12850276Speter> everyone@:--------------:-------:deny 12950276Speter> owner@:rw-p--aARWcCos:-------:allow 13050276Speter> user:root:-----------C--:-------:allow:0 13150276Speter> group:daemon:----------c---:-------:deny:1 132166124Srafan> everyone@:r-----a-R-c--s:-------:allow 13350276Speter 13450276Speter# Make sure cp without any flags does not copy copy the ACL. 13550276Speter$ cp xxx yyy 13650276Speter$ ls -l yyy | cut -d' ' -f1 13750276Speter> -rw-r--r-- 13850276Speter 13950276Speter# Make sure it does with the "-p" flag. 14050276Speter$ rm yyy 14150276Speter$ cp -p xxx yyy 142166124Srafan$ getfacl -n yyy 14350276Speter> # file: yyy 144> # owner: root 145> # group: wheel 146> everyone@:--------------:-------:deny 147> everyone@:--------------:-------:deny 148> everyone@:--------------:-------:deny 149> owner@:rw-p--aARWcCos:-------:allow 150> user:0:-----------C--:-------:allow 151> group:1:----------c---:-------:deny 152> everyone@:r-----a-R-c--s:-------:allow 153 154$ rm yyy 155 156# Test removing entries by... by example? 157$ setfacl -x everyone@::deny xxx 158$ getfacl -n xxx 159> # file: xxx 160> # owner: root 161> # group: wheel 162> owner@:rw-p--aARWcCos:-------:allow 163> user:0:-----------C--:-------:allow 164> group:1:----------c---:-------:deny 165> everyone@:r-----a-R-c--s:-------:allow 166 167# Test setfacl -b. 168$ setfacl -b xxx 169$ getfacl -n xxx 170> # file: xxx 171> # owner: root 172> # group: wheel 173> owner@:rw-p--aARWcCos:-------:allow 174> group@:r-----a-R-c--s:-------:allow 175> everyone@:r-----a-R-c--s:-------:allow 176 177$ ls -l xxx | cut -d' ' -f1 178> -rw-r--r-- 179 180# Check setfacl(1) and getfacl(1) with multiple files. 181$ touch xxx yyy zzz 182 183$ ls -l xxx yyy zzz | cut -d' ' -f1 184> -rw-r--r-- 185> -rw-r--r-- 186> -rw-r--r-- 187 188$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz 189> setfacl: nnn: stat() failed: No such file or directory 190 191$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 192> ls: nnn: No such file or directory 193> -rw-r--r--+ 194> -rw-r--r--+ 195> -rw-r--r--+ 196 197$ getfacl -nq nnn xxx yyy zzz 198> getfacl: nnn: stat() failed: No such file or directory 199> user:42:--x-----------:-------:allow 200> group:43:-w------------:-------:allow 201> owner@:rw-p--aARWcCos:-------:allow 202> group@:r-----a-R-c--s:-------:allow 203> everyone@:r-----a-R-c--s:-------:allow 204> 205> user:42:--x-----------:-------:allow 206> group:43:-w------------:-------:allow 207> owner@:rw-p--aARWcCos:-------:allow 208> group@:r-----a-R-c--s:-------:allow 209> everyone@:r-----a-R-c--s:-------:allow 210> 211> user:42:--x-----------:-------:allow 212> group:43:-w------------:-------:allow 213> owner@:rw-p--aARWcCos:-------:allow 214> group@:r-----a-R-c--s:-------:allow 215> everyone@:r-----a-R-c--s:-------:allow 216 217$ setfacl -b nnn xxx yyy zzz 218> setfacl: nnn: stat() failed: No such file or directory 219 220$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 221> ls: nnn: No such file or directory 222> -rw-r--r-- 223> -rw-r--r-- 224> -rw-r--r-- 225 226$ rm xxx yyy zzz 227 228# Test applying mode to an ACL. 229$ touch xxx 230$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx 231$ chmod 600 xxx 232$ getfacl -n xxx 233> # file: xxx 234> # owner: root 235> # group: wheel 236> owner@:rw-p--aARWcCos:-------:allow 237> group@:------a-R-c--s:-------:allow 238> everyone@:------a-R-c--s:-------:allow 239 240$ ls -l xxx | cut -d' ' -f1 241> -rw------- 242 243$ rm xxx 244$ touch xxx 245$ chown 42 xxx 246$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx 247$ chmod 600 xxx 248$ getfacl -n xxx 249> # file: xxx 250> # owner: 42 251> # group: wheel 252> owner@:rw-p--aARWcCos:-------:allow 253> group@:------a-R-c--s:-------:allow 254> everyone@:------a-R-c--s:-------:allow 255$ ls -l xxx | cut -d' ' -f1 256> -rw------- 257 258$ rm xxx 259$ touch xxx 260$ chown 43 xxx 261$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx 262$ chmod 124 xxx 263$ getfacl -n xxx 264> # file: xxx 265> # owner: 43 266> # group: wheel 267> owner@:rw-p----------:-------:deny 268> group@:r-------------:-------:deny 269> owner@:--x---aARWcCos:-------:allow 270> group@:-w-p--a-R-c--s:-------:allow 271> everyone@:r-----a-R-c--s:-------:allow 272$ ls -l xxx | cut -d' ' -f1 273> ---x-w-r-- 274 275$ rm xxx 276$ touch xxx 277$ chown 43 xxx 278$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx 279$ chmod 412 xxx 280$ getfacl -n xxx 281> # file: xxx 282> # owner: 43 283> # group: wheel 284> owner@:-wxp----------:-------:deny 285> group@:-w-p----------:-------:deny 286> owner@:r-----aARWcCos:-------:allow 287> group@:--x---a-R-c--s:-------:allow 288> everyone@:-w-p--a-R-c--s:-------:allow 289$ ls -l xxx | cut -d' ' -f1 290> -r----x-w- 291 292$ mkdir ddd 293$ setfacl -a0 group:44:rwapd:allow ddd 294$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd 295$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd 296$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd 297$ getfacl -n ddd 298> # file: ddd 299> # owner: root 300> # group: wheel 301> user:42:r-x-----------:f-i----:allow 302> group:42:-w--D---------:-d-----:allow 303> group:43:-w--D---------:-d-----:deny 304> group@:-----da-------:-------:allow 305> group:44:rw-p-da-------:-------:allow 306> owner@:rwxp--aARWcCos:-------:allow 307> group@:r-x---a-R-c--s:-------:allow 308> everyone@:-w-p--a-R-c--s:f-i----:allow 309 310$ chmod 777 ddd 311$ getfacl -n ddd 312> # file: ddd 313> # owner: root 314> # group: wheel 315> owner@:rwxp--aARWcCos:-------:allow 316> group@:rwxp--a-R-c--s:-------:allow 317> everyone@:rwxp--a-R-c--s:-------:allow 318 319# Test applying ACL to mode. 320$ rmdir ddd 321$ mkdir ddd 322$ setfacl -a0 u:42:rwx:fi:allow ddd 323$ ls -ld ddd | cut -d' ' -f1 324> drwxr-xr-x+ 325 326$ rmdir ddd 327$ mkdir ddd 328$ chmod 0 ddd 329$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd 330$ ls -ld ddd | cut -d' ' -f1 331> dr----x---+ 332 333$ rmdir ddd 334$ mkdir ddd 335$ chmod 0 ddd 336$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd 337$ ls -ld ddd | cut -d' ' -f1 338> dr---wx---+ 339 340$ rmdir ddd 341$ mkdir ddd 342$ chmod 0 ddd 343$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd 344$ ls -ld ddd | cut -d' ' -f1 345> dr--------+ 346 347$ rmdir ddd 348$ mkdir ddd 349$ chmod 0 ddd 350$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd 351$ ls -ld ddd | cut -d' ' -f1 352> dr--------+ 353 354# Test inheritance. 355$ rmdir ddd 356$ mkdir ddd 357$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd 358$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd 359$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd 360$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd 361$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd 362$ getfacl -qn ddd 363> user:41:-w-----A------:f--n---:allow 364> group:41:r-----a-------:-din---:allow 365> user:42:-----------Co-:f-i----:allow 366> user:42:r-x-----------:f-i----:allow 367> group:42:-w--D---------:-d-n---:deny 368> group:43:-w---------C--:f-in---:deny 369> user:43:rwxp----------:-------:allow 370> owner@:rwxp--aARWcCos:-------:allow 371> group@:r-x---a-R-c--s:-------:allow 372> everyone@:r-x---a-R-c--s:-------:allow 373 374$ cd ddd 375$ touch xxx 376$ getfacl -qn xxx 377> user:41:--------------:------I:allow 378> user:42:--------------:------I:allow 379> user:42:r-------------:------I:allow 380> group:43:-w---------C--:------I:deny 381> owner@:rw-p--aARWcCos:-------:allow 382> group@:r-----a-R-c--s:-------:allow 383> everyone@:r-----a-R-c--s:-------:allow 384 385$ rm xxx 386$ umask 077 387$ touch xxx 388$ getfacl -qn xxx 389> user:41:--------------:------I:allow 390> user:42:--------------:------I:allow 391> user:42:--------------:------I:allow 392> group:43:-w---------C--:------I:deny 393> owner@:rw-p--aARWcCos:-------:allow 394> group@:------a-R-c--s:-------:allow 395> everyone@:------a-R-c--s:-------:allow 396 397$ rm xxx 398$ umask 770 399$ touch xxx 400$ getfacl -qn xxx 401> owner@:rw-p----------:-------:deny 402> group@:rw-p----------:-------:deny 403> user:41:--------------:------I:allow 404> user:42:--------------:------I:allow 405> user:42:--------------:------I:allow 406> group:43:-w---------C--:------I:deny 407> owner@:------aARWcCos:-------:allow 408> group@:------a-R-c--s:-------:allow 409> everyone@:rw-p--a-R-c--s:-------:allow 410 411$ rm xxx 412$ umask 707 413$ touch xxx 414$ getfacl -qn xxx 415> owner@:rw-p----------:-------:deny 416> user:41:-w------------:------I:allow 417> user:42:--------------:------I:allow 418> user:42:r-------------:------I:allow 419> group:43:-w---------C--:------I:deny 420> owner@:------aARWcCos:-------:allow 421> group@:rw-p--a-R-c--s:-------:allow 422> everyone@:------a-R-c--s:-------:allow 423 424$ umask 077 425$ mkdir yyy 426$ getfacl -qn yyy 427> group:41:------a-------:------I:allow 428> user:42:-----------Co-:f-i---I:allow 429> user:42:r-x-----------:f-i---I:allow 430> group:42:-w--D---------:------I:deny 431> owner@:rwxp--aARWcCos:-------:allow 432> group@:------a-R-c--s:-------:allow 433> everyone@:------a-R-c--s:-------:allow 434 435$ rmdir yyy 436$ umask 770 437$ mkdir yyy 438$ getfacl -qn yyy 439> owner@:rwxp----------:-------:deny 440> group@:rwxp----------:-------:deny 441> group:41:------a-------:------I:allow 442> user:42:-----------Co-:f-i---I:allow 443> user:42:r-x-----------:f-i---I:allow 444> group:42:-w--D---------:------I:deny 445> owner@:------aARWcCos:-------:allow 446> group@:------a-R-c--s:-------:allow 447> everyone@:rwxp--a-R-c--s:-------:allow 448 449$ rmdir yyy 450$ umask 707 451$ mkdir yyy 452$ getfacl -qn yyy 453> owner@:rwxp----------:-------:deny 454> group:41:r-----a-------:------I:allow 455> user:42:-----------Co-:f-i---I:allow 456> user:42:r-x-----------:f-i---I:allow 457> group:42:-w--D---------:------I:deny 458> owner@:------aARWcCos:-------:allow 459> group@:rwxp--a-R-c--s:-------:allow 460> everyone@:------a-R-c--s:-------:allow 461 462# There is some complication regarding how write_acl and write_owner flags 463# get inherited. Make sure we got it right. 464$ setfacl -b . 465$ setfacl -a0 u:42:Co:f:allow . 466$ setfacl -a0 u:43:Co:d:allow . 467$ setfacl -a0 u:44:Co:fd:allow . 468$ setfacl -a0 u:45:Co:fi:allow . 469$ setfacl -a0 u:46:Co:di:allow . 470$ setfacl -a0 u:47:Co:fdi:allow . 471$ setfacl -a0 u:48:Co:fn:allow . 472$ setfacl -a0 u:49:Co:dn:allow . 473$ setfacl -a0 u:50:Co:fdn:allow . 474$ setfacl -a0 u:51:Co:fni:allow . 475$ setfacl -a0 u:52:Co:dni:allow . 476$ setfacl -a0 u:53:Co:fdni:allow . 477$ umask 022 478$ rm xxx 479$ touch xxx 480$ getfacl -nq xxx 481> user:53:--------------:------I:allow 482> user:51:--------------:------I:allow 483> user:50:--------------:------I:allow 484> user:48:--------------:------I:allow 485> user:47:--------------:------I:allow 486> user:45:--------------:------I:allow 487> user:44:--------------:------I:allow 488> user:42:--------------:------I:allow 489> owner@:rw-p--aARWcCos:-------:allow 490> group@:r-----a-R-c--s:-------:allow 491> everyone@:r-----a-R-c--s:-------:allow 492 493$ rmdir yyy 494$ mkdir yyy 495$ getfacl -nq yyy 496> user:53:--------------:------I:allow 497> user:52:--------------:------I:allow 498> user:50:--------------:------I:allow 499> user:49:--------------:------I:allow 500> user:47:--------------:fd----I:allow 501> user:46:--------------:-d----I:allow 502> user:45:-----------Co-:f-i---I:allow 503> user:44:--------------:fd----I:allow 504> user:43:--------------:-d----I:allow 505> user:42:-----------Co-:f-i---I:allow 506> owner@:rwxp--aARWcCos:-------:allow 507> group@:r-x---a-R-c--s:-------:allow 508> everyone@:r-x---a-R-c--s:-------:allow 509 510$ setfacl -b . 511$ setfacl -a0 u:42:Co:f:deny . 512$ setfacl -a0 u:43:Co:d:deny . 513$ setfacl -a0 u:44:Co:fd:deny . 514$ setfacl -a0 u:45:Co:fi:deny . 515$ setfacl -a0 u:46:Co:di:deny . 516$ setfacl -a0 u:47:Co:fdi:deny . 517$ setfacl -a0 u:48:Co:fn:deny . 518$ setfacl -a0 u:49:Co:dn:deny . 519$ setfacl -a0 u:50:Co:fdn:deny . 520$ setfacl -a0 u:51:Co:fni:deny . 521$ setfacl -a0 u:52:Co:dni:deny . 522$ setfacl -a0 u:53:Co:fdni:deny . 523$ umask 022 524$ rm xxx 525$ touch xxx 526$ getfacl -nq xxx 527> user:53:-----------Co-:------I:deny 528> user:51:-----------Co-:------I:deny 529> user:50:-----------Co-:------I:deny 530> user:48:-----------Co-:------I:deny 531> user:47:-----------Co-:------I:deny 532> user:45:-----------Co-:------I:deny 533> user:44:-----------Co-:------I:deny 534> user:42:-----------Co-:------I:deny 535> owner@:rw-p--aARWcCos:-------:allow 536> group@:r-----a-R-c--s:-------:allow 537> everyone@:r-----a-R-c--s:-------:allow 538 539$ rmdir yyy 540$ mkdir yyy 541$ getfacl -nq yyy 542> user:53:-----------Co-:------I:deny 543> user:52:-----------Co-:------I:deny 544> user:50:-----------Co-:------I:deny 545> user:49:-----------Co-:------I:deny 546> user:47:-----------Co-:fd----I:deny 547> user:46:-----------Co-:-d----I:deny 548> user:45:-----------Co-:f-i---I:deny 549> user:44:-----------Co-:fd----I:deny 550> user:43:-----------Co-:-d----I:deny 551> user:42:-----------Co-:f-i---I:deny 552> owner@:rwxp--aARWcCos:-------:allow 553> group@:r-x---a-R-c--s:-------:allow 554> everyone@:r-x---a-R-c--s:-------:allow 555 556$ rmdir yyy 557$ rm xxx 558$ cd .. 559$ rmdir ddd 560 561$ rm xxx 562 563