1196938Strasz# Copyright (c) 2008, 2009 Edward Tomasz Napiera��a <trasz@FreeBSD.org> 2196938Strasz# All rights reserved. 3196938Strasz# 4196938Strasz# Redistribution and use in source and binary forms, with or without 5196938Strasz# modification, are permitted provided that the following conditions 6196938Strasz# are met: 7196938Strasz# 1. Redistributions of source code must retain the above copyright 8196938Strasz# notice, this list of conditions and the following disclaimer. 9196938Strasz# 2. Redistributions in binary form must reproduce the above copyright 10196938Strasz# notice, this list of conditions and the following disclaimer in the 11196938Strasz# documentation and/or other materials provided with the distribution. 12196938Strasz# 13196938Strasz# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14196938Strasz# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15196938Strasz# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16196938Strasz# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17196938Strasz# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18196938Strasz# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19196938Strasz# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20196938Strasz# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21196938Strasz# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22196938Strasz# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23196938Strasz# SUCH DAMAGE. 24196938Strasz# 25196938Strasz# $FreeBSD: releng/11.0/tests/sys/acl/tools-posix.test 196938 2009-09-07 16:26:03Z trasz $ 26196938Strasz# 27196938Strasz 28185304Strasz# This is a tools-level test for POSIX.1e ACL functionality. Run it as root 29185304Strasz# using ACL-enabled kernel: 30185304Strasz# 31185304Strasz# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test 32185304Strasz# 33185304Strasz# WARNING: Creates files in unsafe way. 34185304Strasz 35185304Strasz$ whoami 36185304Strasz> root 37185304Strasz$ umask 022 38185304Strasz 39185304Strasz# Smoke test for getfacl(1). 40185304Strasz$ touch xxx 41196938Strasz$ getfacl -n xxx 42185304Strasz> # file: xxx 43185304Strasz> # owner: root 44185304Strasz> # group: wheel 45185304Strasz> user::rw- 46185304Strasz> group::r-- 47185304Strasz> other::r-- 48185304Strasz 49185304Strasz$ getfacl -q xxx 50185304Strasz> user::rw- 51185304Strasz> group::r-- 52185304Strasz> other::r-- 53185304Strasz 54185304Strasz$ setfacl -m u:42:r,g:43:w xxx 55196938Strasz$ getfacl -n xxx 56185304Strasz> # file: xxx 57185304Strasz> # owner: root 58185304Strasz> # group: wheel 59185304Strasz> user::rw- 60185304Strasz> user:42:r-- 61185304Strasz> group::r-- 62185304Strasz> group:43:-w- 63185304Strasz> mask::rw- 64185304Strasz> other::r-- 65185304Strasz 66185304Strasz# Check whether ls correctly marks files with "+". 67185304Strasz$ ls -l xxx | cut -d' ' -f1 68185304Strasz> -rw-rw-r--+ 69185304Strasz 70191000Strasz# Same as above, but for symlinks. 71191000Strasz$ ln -s xxx lll 72191000Strasz$ getfacl -h lll 73191000Strasz> # file: lll 74191000Strasz> # owner: root 75191000Strasz> # group: wheel 76191000Strasz> user::rwx 77191000Strasz> group::r-x 78191000Strasz> other::r-x 79191000Strasz 80191000Strasz$ getfacl -qh lll 81191000Strasz> user::rwx 82191000Strasz> group::r-x 83191000Strasz> other::r-x 84191000Strasz 85191000Strasz$ getfacl -q lll 86191000Strasz> user::rw- 87191000Strasz> user:42:r-- 88191000Strasz> group::r-- 89191000Strasz> group:43:-w- 90191000Strasz> mask::rw- 91191000Strasz> other::r-- 92191000Strasz 93191000Strasz$ setfacl -hm u:44:x,g:45:w lll 94191000Strasz$ getfacl -h lll 95191000Strasz> # file: lll 96191000Strasz> # owner: root 97191000Strasz> # group: wheel 98191000Strasz> user::rwx 99191000Strasz> user:44:--x 100191000Strasz> group::r-x 101191000Strasz> group:45:-w- 102191000Strasz> mask::rwx 103191000Strasz> other::r-x 104191000Strasz 105191000Strasz$ ls -l lll | cut -d' ' -f1 106196736Strasz> lrwxrwxr-x+ 107191000Strasz 108191000Strasz# Check whether the original file is left untouched. 109191000Strasz$ ls -l xxx | cut -d' ' -f1 110191000Strasz> -rw-rw-r--+ 111191000Strasz 112191000Strasz$ rm lll 113191000Strasz 114185304Strasz# Test removing entries. 115185304Strasz$ setfacl -x user:42: xxx 116185304Strasz$ getfacl xxx 117185304Strasz> # file: xxx 118185304Strasz> # owner: root 119185304Strasz> # group: wheel 120185304Strasz> user::rw- 121185304Strasz> group::r-- 122185304Strasz> group:43:-w- 123185304Strasz> mask::rw- 124185304Strasz> other::r-- 125185304Strasz 126196938Strasz$ setfacl -m u:42:r xxx 127196938Strasz$ getfacl -n xxx 128196938Strasz> # file: xxx 129196938Strasz> # owner: root 130196938Strasz> # group: wheel 131196938Strasz> user::rw- 132196938Strasz> user:42:r-- 133196938Strasz> group::r-- 134196938Strasz> group:43:-w- 135196938Strasz> mask::rw- 136196938Strasz> other::r-- 137196938Strasz 138196938Strasz# Test removing entries by number. 139196938Strasz$ setfacl -x 1 xxx 140196938Strasz$ getfacl -n xxx 141196938Strasz> # file: xxx 142196938Strasz> # owner: root 143196938Strasz> # group: wheel 144196938Strasz> user::rw- 145196938Strasz> group::r-- 146196938Strasz> group:43:-w- 147196938Strasz> mask::rw- 148196938Strasz> other::r-- 149196938Strasz 150185304Strasz$ setfacl -m g:43:r xxx 151196938Strasz$ getfacl -n xxx 152185304Strasz> # file: xxx 153185304Strasz> # owner: root 154185304Strasz> # group: wheel 155185304Strasz> user::rw- 156185304Strasz> group::r-- 157185304Strasz> group:43:r-- 158185304Strasz> mask::r-- 159185304Strasz> other::r-- 160185304Strasz 161185304Strasz# Make sure cp without any flags does not copy the ACL. 162185304Strasz$ cp xxx yyy 163185304Strasz$ ls -l yyy | cut -d' ' -f1 164185304Strasz> -rw-r--r-- 165185304Strasz 166185304Strasz# Make sure it does with the "-p" flag. 167185304Strasz$ rm yyy 168185304Strasz$ cp -p xxx yyy 169196938Strasz$ getfacl -n yyy 170185304Strasz> # file: yyy 171185304Strasz> # owner: root 172185304Strasz> # group: wheel 173185304Strasz> user::rw- 174185304Strasz> group::r-- 175185304Strasz> group:43:r-- 176185304Strasz> mask::r-- 177185304Strasz> other::r-- 178185304Strasz 179185304Strasz$ rm yyy 180185304Strasz 181185304Strasz# Test removing entries by... by example? 182185304Strasz$ setfacl -m u:42:r,g:43:w xxx 183185304Strasz$ setfacl -x u:42: xxx 184196938Strasz$ getfacl -n xxx 185185304Strasz> # file: xxx 186185304Strasz> # owner: root 187185304Strasz> # group: wheel 188185304Strasz> user::rw- 189185304Strasz> group::r-- 190185304Strasz> group:43:-w- 191185304Strasz> mask::rw- 192185304Strasz> other::r-- 193185304Strasz 194185304Strasz# Test setfacl -b. 195185304Strasz$ setfacl -b xxx 196196938Strasz$ getfacl -n xxx 197185304Strasz> # file: xxx 198185304Strasz> # owner: root 199185304Strasz> # group: wheel 200185304Strasz> user::rw- 201185304Strasz> group::r-- 202185304Strasz> mask::r-- 203185304Strasz> other::r-- 204185304Strasz 205185304Strasz$ ls -l xxx | cut -d' ' -f1 206185304Strasz> -rw-r--r--+ 207185304Strasz 208185304Strasz$ setfacl -nb xxx 209196938Strasz$ getfacl -n xxx 210185304Strasz> # file: xxx 211185304Strasz> # owner: root 212185304Strasz> # group: wheel 213185304Strasz> user::rw- 214185304Strasz> group::r-- 215185304Strasz> other::r-- 216185304Strasz 217185304Strasz$ ls -l xxx | cut -d' ' -f1 218185304Strasz> -rw-r--r-- 219185304Strasz 220185304Strasz# Check setfacl(1) and getfacl(1) with multiple files. 221185304Strasz$ touch xxx yyy zzz 222185304Strasz 223185304Strasz$ ls -l xxx yyy zzz | cut -d' ' -f1 224185304Strasz> -rw-r--r-- 225185304Strasz> -rw-r--r-- 226185304Strasz> -rw-r--r-- 227185304Strasz 228185304Strasz$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz 229196938Strasz> setfacl: nnn: stat() failed: No such file or directory 230185304Strasz 231185304Strasz$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 232185304Strasz> ls: nnn: No such file or directory 233185304Strasz> -rw-rwxr--+ 234185304Strasz> -rw-rwxr--+ 235185304Strasz> -rw-rwxr--+ 236185304Strasz 237196938Strasz$ getfacl -nq nnn xxx yyy zzz 238196938Strasz> getfacl: nnn: stat() failed: No such file or directory 239185304Strasz> user::rw- 240185304Strasz> user:42:--x 241185304Strasz> group::r-- 242185304Strasz> group:43:-w- 243185304Strasz> mask::rwx 244185304Strasz> other::r-- 245185304Strasz> 246185304Strasz> user::rw- 247185304Strasz> user:42:--x 248185304Strasz> group::r-- 249185304Strasz> group:43:-w- 250185304Strasz> mask::rwx 251185304Strasz> other::r-- 252185304Strasz> 253185304Strasz> user::rw- 254185304Strasz> user:42:--x 255185304Strasz> group::r-- 256185304Strasz> group:43:-w- 257185304Strasz> mask::rwx 258185304Strasz> other::r-- 259185304Strasz 260185304Strasz$ setfacl -b nnn xxx yyy zzz 261196938Strasz> setfacl: nnn: stat() failed: No such file or directory 262185304Strasz 263185304Strasz$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 264185304Strasz> ls: nnn: No such file or directory 265185304Strasz> -rw-r--r--+ 266185304Strasz> -rw-r--r--+ 267185304Strasz> -rw-r--r--+ 268185304Strasz 269191000Strasz$ setfacl -bn nnn xxx yyy zzz 270196938Strasz> setfacl: nnn: stat() failed: No such file or directory 271191000Strasz 272191000Strasz$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 273191000Strasz> ls: nnn: No such file or directory 274191000Strasz> -rw-r--r-- 275191000Strasz> -rw-r--r-- 276191000Strasz> -rw-r--r-- 277191000Strasz 278185304Strasz$ rm xxx yyy zzz 279185304Strasz 280185304Strasz# Check whether chmod actually does what it should do. 281185304Strasz$ touch xxx 282185304Strasz$ setfacl -m u:42:rwx,g:43:rwx xxx 283185304Strasz$ chmod 600 xxx 284196938Strasz$ getfacl -n xxx 285185304Strasz> # file: xxx 286185304Strasz> # owner: root 287185304Strasz> # group: wheel 288185304Strasz> user::rw- 289185304Strasz> user:42:rwx # effective: --- 290185304Strasz> group::r-- # effective: --- 291185304Strasz> group:43:rwx # effective: --- 292185304Strasz> mask::--- 293185304Strasz> other::--- 294185304Strasz 295185304Strasz$ chmod 060 xxx 296196938Strasz$ getfacl -n xxx 297185304Strasz> # file: xxx 298185304Strasz> # owner: root 299185304Strasz> # group: wheel 300185304Strasz> user::--- 301185304Strasz> user:42:rwx # effective: rw- 302185304Strasz> group::r-- 303185304Strasz> group:43:rwx # effective: rw- 304185304Strasz> mask::rw- 305185304Strasz> other::--- 306185304Strasz 307185304Strasz# Test default ACLs. 308185304Strasz$ umask 022 309185304Strasz$ mkdir ddd 310196938Strasz$ getfacl -qn ddd 311185304Strasz> user::rwx 312185304Strasz> group::r-x 313185304Strasz> other::r-x 314185304Strasz 315191000Strasz$ ls -l | grep ddd | cut -d' ' -f1 316191000Strasz> drwxr-xr-x 317191000Strasz 318185304Strasz$ getfacl -dq ddd 319191000Strasz$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 320196938Strasz$ getfacl -dqn ddd 321185304Strasz> user::rwx 322185304Strasz> group::r-x 323185304Strasz> mask::rwx 324185304Strasz> other::r-x 325185304Strasz 326191000Strasz# No change - ls(1) output doesn't take into account default ACLs. 327191000Strasz$ ls -l | grep ddd | cut -d' ' -f1 328191000Strasz> drwxr-xr-x 329191000Strasz 330185304Strasz$ setfacl -dm g:42:rwx,u:42:r ddd 331185304Strasz$ setfacl -dm g::w ddd 332196938Strasz$ getfacl -dqn ddd 333185304Strasz> user::rwx 334185304Strasz> user:42:r-- 335185304Strasz> group::-w- 336185304Strasz> group:42:rwx 337185304Strasz> mask::rwx 338185304Strasz> other::r-x 339185304Strasz 340185304Strasz$ setfacl -dx group:42: ddd 341196938Strasz$ getfacl -dqn ddd 342185304Strasz> user::rwx 343185304Strasz> user:42:r-- 344185304Strasz> group::-w- 345185304Strasz> mask::rw- 346185304Strasz> other::r-x 347185304Strasz 348191000Strasz$ ls -l | grep ddd | cut -d' ' -f1 349191000Strasz> drwxr-xr-x 350185304Strasz 351185304Strasz$ rmdir ddd 352185304Strasz$ rm xxx 353185304Strasz 354191000Strasz# Test inheritance. 355191000Strasz$ mkdir ddd 356191000Strasz 357191000Strasz$ touch ddd/xxx 358191000Strasz$ getfacl -q ddd/xxx 359191000Strasz> user::rw- 360191000Strasz> group::r-- 361191000Strasz> other::r-- 362191000Strasz 363191000Strasz$ mkdir ddd/ddd 364191000Strasz$ getfacl -q ddd/ddd 365191000Strasz> user::rwx 366191000Strasz> group::r-x 367191000Strasz> other::r-x 368191000Strasz 369191000Strasz$ rmdir ddd/ddd 370191000Strasz$ rm ddd/xxx 371191000Strasz 372191000Strasz$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd 373191000Strasz$ setfacl -dm g:42:rwx,u:43:r ddd 374191000Strasz$ getfacl -dq ddd 375191000Strasz> user::rwx 376191000Strasz> user:43:r-- 377191000Strasz> group::r-x 378191000Strasz> group:42:rwx 379191000Strasz> mask::rwx 380191000Strasz> other::r-x 381191000Strasz 382191000Strasz$ touch ddd/xxx 383191000Strasz$ getfacl -q ddd/xxx 384191000Strasz> user::rw- 385191000Strasz> user:43:r-- 386191000Strasz> group::r-x # effective: r-- 387191000Strasz> group:42:rwx # effective: r-- 388191000Strasz> mask::r-- 389191000Strasz> other::r-- 390191000Strasz 391191000Strasz$ mkdir ddd/ddd 392191000Strasz$ getfacl -q ddd/ddd 393191000Strasz> user::rwx 394191000Strasz> user:43:r-- 395191000Strasz> group::r-x 396191000Strasz> group:42:rwx # effective: r-x 397191000Strasz> mask::r-x 398191000Strasz> other::r-x 399191000Strasz 400191000Strasz$ rmdir ddd/ddd 401191000Strasz$ rm ddd/xxx 402191000Strasz$ rmdir ddd 403191000Strasz 404195296Strasz# Test if we deal properly with fifos. 405195296Strasz$ mkfifo fff 406195296Strasz$ ls -l fff | cut -d' ' -f1 407195296Strasz> prw-r--r-- 408195296Strasz 409195296Strasz$ setfacl -m u:42:r,g:43:w fff 410195296Strasz$ getfacl fff 411195296Strasz> # file: fff 412195296Strasz> # owner: root 413195296Strasz> # group: wheel 414195296Strasz> user::rw- 415195296Strasz> user:42:r-- 416195296Strasz> group::r-- 417195296Strasz> group:43:-w- 418195296Strasz> mask::rw- 419195296Strasz> other::r-- 420195296Strasz 421195296Strasz$ ls -l fff | cut -d' ' -f1 422195296Strasz> prw-rw-r--+ 423195296Strasz 424195296Strasz$ setfacl -bn fff 425195296Strasz$ getfacl fff 426195296Strasz> # file: fff 427195296Strasz> # owner: root 428195296Strasz> # group: wheel 429195296Strasz> user::rw- 430195296Strasz> group::r-- 431195296Strasz> other::r-- 432195296Strasz 433195296Strasz$ ls -l fff | cut -d' ' -f1 434195296Strasz> prw-r--r-- 435195296Strasz 436195296Strasz$ rm fff 437195296Strasz 438196710Strasz# Test if we deal properly with device files. 439196710Strasz$ mknod bbb b 1 1 440196710Strasz$ setfacl -m u:42:r,g:43:w bbb 441196938Strasz> setfacl: bbb: acl_get_file() failed: Operation not supported 442196710Strasz$ ls -l bbb | cut -d' ' -f1 443196710Strasz> brw-r--r-- 444196710Strasz 445196710Strasz$ rm bbb 446196710Strasz 447196710Strasz$ mknod ccc c 1 1 448196710Strasz$ setfacl -m u:42:r,g:43:w ccc 449196938Strasz> setfacl: ccc: acl_get_file() failed: Operation not supported 450196710Strasz$ ls -l ccc | cut -d' ' -f1 451196710Strasz> crw-r--r-- 452196710Strasz 453196710Strasz$ rm ccc 454