1 |
#!/bin/sh |
2 |
# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/03.t 211352 2010-08-15 21:24:17Z pjd $ |
3 |
|
4 |
desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD" |
5 |
|
6 |
dir=`dirname $0` |
7 |
. ${dir}/../misc.sh |
8 |
|
9 |
[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit |
10 |
|
11 |
echo "1..65" |
12 |
|
13 |
n0=`namegen` |
14 |
n1=`namegen` |
15 |
n2=`namegen` |
16 |
n3=`namegen` |
17 |
|
18 |
expect 0 mkdir ${n2} 0755 |
19 |
expect 0 mkdir ${n3} 0777 |
20 |
cdir=`pwd` |
21 |
cd ${n2} |
22 |
|
23 |
# Unlink allowed on writable directory. |
24 |
expect 0 create ${n0} 0644 |
25 |
expect EACCES -u 65534 -g 65534 unlink ${n0} |
26 |
expect 0 prependacl . user:65534:write_data::allow |
27 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
28 |
|
29 |
# Moving file elsewhere allowed on writable directory. |
30 |
expect 0 create ${n0} 0644 |
31 |
expect 0 prependacl . user:65534:write_data::deny |
32 |
expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} |
33 |
expect 0 prependacl . user:65534:write_data::allow |
34 |
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} |
35 |
|
36 |
# Moving file from elsewhere allowed on writable directory. |
37 |
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
38 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
39 |
|
40 |
# Moving file from elsewhere overwriting local file allowed |
41 |
# on writable directory. |
42 |
expect 0 create ${n0} 0644 |
43 |
expect 0 create ../${n3}/${n0} 0644 |
44 |
expect 0 prependacl . user:65534:write_data::deny |
45 |
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
46 |
expect 0 prependacl . user:65534:write_data::allow |
47 |
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
48 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
49 |
|
50 |
# Denied DELETE changes nothing wrt removing. |
51 |
expect 0 create ${n0} 0644 |
52 |
expect 0 prependacl ${n0} user:65534:delete::deny |
53 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
54 |
|
55 |
# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere. |
56 |
expect 0 create ${n0} 0644 |
57 |
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} |
58 |
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
59 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
60 |
|
61 |
# DELETE_CHILD denies unlink on writable directory. |
62 |
expect 0 create ${n0} 0644 |
63 |
expect 0 prependacl . user:65534:delete_child::deny |
64 |
expect EPERM -u 65534 -g 65534 unlink ${n0} |
65 |
expect 0 unlink ${n0} |
66 |
|
67 |
# DELETE_CHILD denies moving file elsewhere. |
68 |
expect 0 create ${n0} 0644 |
69 |
expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} |
70 |
expect 0 rename ${n0} ../${n3}/${n0} |
71 |
|
72 |
# DELETE_CHILD does not deny moving file from elsewhere |
73 |
# to a writable directory. |
74 |
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
75 |
|
76 |
# DELETE_CHILD denies moving file from elsewhere |
77 |
# to a writable directory overwriting local file. |
78 |
expect 0 create ../${n3}/${n0} 0644 |
79 |
expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
80 |
|
81 |
# DELETE allowed on file allows for unlinking, no matter |
82 |
# what permissions on containing directory are. |
83 |
expect 0 prependacl ${n0} user:65534:delete::allow |
84 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
85 |
|
86 |
# Same for moving the file elsewhere. |
87 |
expect 0 create ${n0} 0644 |
88 |
expect 0 prependacl ${n0} user:65534:delete::allow |
89 |
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} |
90 |
|
91 |
# Same for moving the file from elsewhere into a writable |
92 |
# directory with DELETE_CHILD denied. |
93 |
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
94 |
expect 0 unlink ${n0} |
95 |
|
96 |
# DELETE does not allow for overwriting a file in a unwritable |
97 |
# directory with DELETE_CHILD denied. |
98 |
expect 0 create ${n0} 0644 |
99 |
expect 0 create ../${n3}/${n0} 0644 |
100 |
expect 0 prependacl . user:65534:write_data::deny |
101 |
expect 0 prependacl . user:65534:delete_child::deny |
102 |
expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
103 |
expect 0 prependacl ${n0} user:65534:delete::allow |
104 |
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
105 |
|
106 |
# But it allows for plain deletion. |
107 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
108 |
|
109 |
# DELETE_CHILD allowed on unwritable directory. |
110 |
expect 0 create ${n0} 0644 |
111 |
expect 0 prependacl . user:65534:delete_child::allow |
112 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
113 |
|
114 |
# Moving things elsewhere is allowed. |
115 |
expect 0 create ${n0} 0644 |
116 |
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0} |
117 |
|
118 |
# Moving things back is not. |
119 |
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
120 |
|
121 |
# Even if we're overwriting. |
122 |
expect 0 create ${n0} 0644 |
123 |
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
124 |
|
125 |
# Even if we have DELETE on the existing file. |
126 |
expect 0 prependacl ${n0} user:65534:delete::allow |
127 |
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0} |
128 |
|
129 |
# Denied DELETE changes nothing wrt removing. |
130 |
expect 0 prependacl ${n0} user:65534:delete::deny |
131 |
expect 0 -u 65534 -g 65534 unlink ${n0} |
132 |
|
133 |
cd ${cdir} |
134 |
expect 0 rmdir ${n2} |