summaryrefslogtreecommitdiffstats
path: root/contrib/pjdfstest/tests/granular/03.t
blob: 3b825ccef3a3f410ee65ccc89998aa1f45bd046d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

#!/bin/sh
# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/03.t 211352 2010-08-15 21:24:17Z pjd $

desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD"

dir=`dirname $0`
. ${dir}/../misc.sh

[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit

echo "1..65"

n0=`namegen`
n1=`namegen`
n2=`namegen`
n3=`namegen`

expect 0 mkdir ${n2} 0755
expect 0 mkdir ${n3} 0777
cdir=`pwd`
cd ${n2}

# Unlink allowed on writable directory.
expect 0 create ${n0} 0644
expect EACCES -u 65534 -g 65534 unlink ${n0}
expect 0 prependacl . user:65534:write_data::allow
expect 0 -u 65534 -g 65534 unlink ${n0}

# Moving file elsewhere allowed on writable directory.
expect 0 create ${n0} 0644
expect 0 prependacl . user:65534:write_data::deny
expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
expect 0 prependacl . user:65534:write_data::allow
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}

# Moving file from elsewhere allowed on writable directory.
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 unlink ${n0}

# Moving file from elsewhere overwriting local file allowed
# on writable directory.
expect 0 create ${n0} 0644
expect 0 create ../${n3}/${n0} 0644
expect 0 prependacl . user:65534:write_data::deny
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 prependacl . user:65534:write_data::allow
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 unlink ${n0}

# Denied DELETE changes nothing wrt removing.
expect 0 create ${n0} 0644
expect 0 prependacl ${n0} user:65534:delete::deny
expect 0 -u 65534 -g 65534 unlink ${n0}

# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
expect 0 create ${n0} 0644
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 unlink ${n0}

# DELETE_CHILD denies unlink on writable directory.
expect 0 create ${n0} 0644
expect 0 prependacl . user:65534:delete_child::deny
expect EPERM -u 65534 -g 65534 unlink ${n0}
expect 0 unlink ${n0}

# DELETE_CHILD denies moving file elsewhere.
expect 0 create ${n0} 0644
expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
expect 0 rename ${n0} ../${n3}/${n0}

# DELETE_CHILD does not deny moving file from elsewhere
# to a writable directory.
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# DELETE_CHILD denies moving file from elsewhere
# to a writable directory overwriting local file.
expect 0 create ../${n3}/${n0} 0644
expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# DELETE allowed on file allows for unlinking, no matter
# what permissions on containing directory are.
expect 0 prependacl ${n0} user:65534:delete::allow
expect 0 -u 65534 -g 65534 unlink ${n0}

# Same for moving the file elsewhere.
expect 0 create ${n0} 0644
expect 0 prependacl ${n0} user:65534:delete::allow
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}

# Same for moving the file from elsewhere into a writable
# directory with DELETE_CHILD denied.
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 unlink ${n0}

# DELETE does not allow for overwriting a file in a unwritable
# directory with DELETE_CHILD denied.
expect 0 create ${n0} 0644
expect 0 create ../${n3}/${n0} 0644
expect 0 prependacl . user:65534:write_data::deny
expect 0 prependacl . user:65534:delete_child::deny
expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 prependacl ${n0} user:65534:delete::allow
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# But it allows for plain deletion.
expect 0 -u 65534 -g 65534 unlink ${n0}

# DELETE_CHILD allowed on unwritable directory.
expect 0 create ${n0} 0644
expect 0 prependacl . user:65534:delete_child::allow
expect 0 -u 65534 -g 65534 unlink ${n0}

# Moving things elsewhere is allowed.
expect 0 create ${n0} 0644
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}

# Moving things back is not.
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# Even if we're overwriting.
expect 0 create ${n0} 0644
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# Even if we have DELETE on the existing file.
expect 0 prependacl ${n0} user:65534:delete::allow
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# Denied DELETE changes nothing wrt removing.
expect 0 prependacl ${n0} user:65534:delete::deny
expect 0 -u 65534 -g 65534 unlink ${n0}

cd ${cdir}
expect 0 rmdir ${n2}
OpenPOWER on IntegriCloud