]>
gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
06d2508843593307613d601bd76cc5aa7a080bef
9 # Exit with this when a test fails.
12 # We use a few system users in the tests. If these users aren't
13 # present, we exit with a different (non-EXIT_FAILURE).
16 # Define the users that we'll use in the tests below. We store the
17 # names as variables to avoid repeating them everywhere.
19 # WARNING: These must be in alphabetical order; otherwise the getfacl
20 # output will not match.
24 # Check to see if the above users exist. If not, bail.
25 for idx
in $( seq 0 $((${#USERS[@]} - 1)) ); do
26 id
"${USERS[idx]}" >/dev
/null
2>&1
28 if [ $?
-ne $EXIT_SUCCESS ]; then
29 echo "Error: missing test user ${USERS[idx]}." 1>&2
30 exit $EXIT_MISSING_USERS
35 BIN
=$(realpath src/apply-default-acl)
37 # The directory where we'll do all the ACL manipulation.
40 # Will auto-increment.
44 # Remove any ACLs on our test directory and remove its contents.
45 setfacl
--remove-all --recursive "${TESTDIR}"
46 chmod 755 "${TESTDIR}"
51 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
52 echo "Success (#${TESTNUM})"
55 echo "Failure (#${TESTNUM})"
56 echo 'Expected result:'
57 echo '================'
59 echo '================'
61 echo '================'
63 echo '================'
68 # Start by removing and recreating the 'acl' directory.
73 # When using a minimal ACL, the default user, group, and other
74 # permissions should all be propagated to the mode bits.
76 TARGET
="${TESTDIR}"/foo
79 setfacl
-d -m user
::r
-- "${TESTDIR}"
80 setfacl
-d -m group
::r
-- "${TESTDIR}"
81 setfacl
-d -m other
::r
-- "${TESTDIR}"
92 ACTUAL
=$(getfacl --omit-header "${TARGET}")
95 # Do the same thing as the last test, except with an extended ACL.
97 setfacl
-d -m user
::r
-- "${TESTDIR}"
98 setfacl
-d -m group
::r
-- "${TESTDIR}"
99 setfacl
-d -m other
::r
-- "${TESTDIR}"
100 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
102 chmod 777 "${TARGET}"
115 ACTUAL
=$(getfacl --omit-header "${TARGET}")
119 # A file shared by a group, should still be group-writable
123 chmod 644 "${TARGET}"
124 setfacl
-d -m group
:${USERS[0]}:rwx
"${TESTDIR}"
130 group:${USERS[0]}:rwx #effective:rw-
137 ACTUAL
=$(getfacl --omit-header "${TARGET}")
141 # Same test as before except with a directory.
143 setfacl
-d -m group
:${USERS[0]}:rwx
"${TESTDIR}"
145 chmod 755 "${TARGET}"
151 group:${USERS[0]}:rwx
156 default:group:${USERS[0]}:rwx
163 ACTUAL
=$(getfacl --omit-header "${TARGET}")
167 # With no default, things are left alone.
170 chmod 744 "${TARGET}"
182 ACTUAL
=$(getfacl --omit-header "${TARGET}")
187 # Since the default ACL will grant r-x to group/other, they will wind
191 chmod 744 "${TARGET}"
192 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
206 ACTUAL
=$(getfacl --omit-header "${TARGET}")
210 # Some named entries can be granted execute permissions as the result
214 chmod 744 "${TARGET}"
215 setfacl
-m user
:${USERS[1]}:rw
"${TARGET}"
216 # If we don't add 'x' to the mask here, nobody can execute the file.
217 # setfacl will update the mask for us under most circumstances, but
218 # note that we didn't create an entry with an 'x' bit using setfacl --
219 # therefore, setfacl won't unmask 'x' for us.
220 setfacl
-m mask
::rwx
"${TARGET}"
221 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
222 setfacl
-d -m user
:${USERS[1]}:rwx
"${TESTDIR}"
236 ACTUAL
=$(getfacl --omit-header "${TARGET}")
240 # We should not retain any entries that aren't in the default.
243 chmod 644 "${TARGET}"
244 setfacl
-m user
:${USERS[1]}:rw
"${TARGET}"
245 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
250 user:${USERS[0]}:rwx #effective:rw-
258 ACTUAL
=$(getfacl --omit-header "${TARGET}")
262 # A slightly modified version of the first test, to make sure it works.
264 TARGET
="${TESTDIR}"/foo
266 chmod 777 "${TARGET}"
267 setfacl
-d -m user
::r
-- "${TESTDIR}"
278 ACTUAL
=$(getfacl --omit-header "${TARGET}")
282 # If the default ACL mask denies execute, we should respect that
283 # regardless of the existing execute permissions.
285 TARGET
="${TESTDIR}"/foo
287 chmod 777 "${TARGET}"
288 setfacl
-m user
:${USERS[0]}:rwx
"${TESTDIR}"
289 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
290 setfacl
-d -m mask
::rw
- "${TESTDIR}"
295 user:${USERS[0]}:rwx #effective:rw-
296 group::r-x #effective:r--
303 ACTUAL
=$(getfacl --omit-header "${TARGET}")
308 # The --recursive mode should work normally if the argument is a
309 # normal file. See the first test.
311 TARGET
="${TESTDIR}"/foo
312 setfacl
-d -m user
::r
-- "${TESTDIR}"
313 setfacl
-d -m group
::r
-- "${TESTDIR}"
314 setfacl
-d -m other
::r
-- "${TESTDIR}"
316 chmod 777 "${TARGET}"
317 $BIN --recursive "${TARGET}"
327 ACTUAL
=$(getfacl --omit-header "${TARGET}")
331 # The --recursive mode should work recursively.
333 TARGET
="${TESTDIR}"/foo
335 touch "${TARGET}"/baz
336 mkdir -p "${TARGET}"/bar
337 touch "${TARGET}"/bar
/quux
338 setfacl
-d -m user
::rwx
"${TESTDIR}"
339 setfacl
-d -m group
::r
-- "${TESTDIR}"
340 setfacl
-d -m other
::r
-- "${TESTDIR}"
341 chmod -R 777 "${TARGET}"
342 $BIN --recursive "${TARGET}"
352 ACTUAL
=$(getfacl --omit-header "${TARGET}"/bar/quux)
356 # The --recursive mode should work recursively. This time
357 # check a directory, and pass the short command-line flag.
359 TARGET
="${TESTDIR}"/foo
361 touch "${TARGET}"/baz
362 mkdir -p "${TARGET}"/bar
363 touch "${TARGET}"/bar
/quux
364 setfacl
-d -m user
::rwx
"${TESTDIR}"
365 setfacl
-d -m group
::r
-- "${TESTDIR}"
366 setfacl
-d -m other
::r
-- "${TESTDIR}"
367 chmod -R 777 "${TARGET}"
381 ACTUAL
=$(getfacl --omit-header "${TARGET}"/bar)
385 # Test double application on a directory.
388 TARGET
="${TESTDIR}"/baz
390 chmod 644 "${TARGET}"
391 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
403 default:user:${USERS[0]}:rwx
411 ACTUAL
=$(getfacl --omit-header "${TARGET}")
415 # Same as previous test, with 755 initial perms.
418 TARGET
="${TESTDIR}"/baz
420 chmod 755 "${TARGET}"
421 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
433 default:user:${USERS[0]}:rwx
441 ACTUAL
=$(getfacl --omit-header "${TARGET}")
445 # Same as previous two tests, only with a file.
448 TARGET
="${TESTDIR}"/foo
450 chmod 644 "${TARGET}"
451 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
458 user:${USERS[0]}:rwx #effective:rw-
465 ACTUAL
=$(getfacl --omit-header "${TARGET}")
469 # User-executable files should not wind up exec-masked.
471 TARGET
="${TESTDIR}"/foo
473 chmod 700 "${TARGET}"
474 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
487 ACTUAL
=$(getfacl --omit-header "${TARGET}")
491 # Group-executable files should not wind up exec-masked.
493 TARGET
="${TESTDIR}"/foo
495 chmod 670 "${TARGET}"
496 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
509 ACTUAL
=$(getfacl --omit-header "${TARGET}")
513 # Other-executable files should not wind up exec-masked.
515 TARGET
="${TESTDIR}"/foo
517 chmod 607 "${TARGET}"
518 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
531 ACTUAL
=$(getfacl --omit-header "${TARGET}")
537 # Make sure a mask with an execute bit doesn't count as being
541 TARGET
="${TESTDIR}"/foo
543 chmod 644 "${TARGET}"
544 setfacl
-m user
::rw
"${TARGET}"
545 setfacl
-m group
::rw
"${TARGET}"
546 # Even though the mask has an 'x' bit, nobody can execute it.
547 setfacl
-m mask
::rwx
"${TARGET}"
548 setfacl
-d -m user
::rwx
"${TESTDIR}"
549 setfacl
-d -m group
::rwx
"${TESTDIR}"
561 ACTUAL
=$(getfacl --omit-header "${TARGET}")
565 # Same as the second test, except we pass multiple files on the
566 # command line and check the result of the first one.
568 setfacl
-d -m user
::r
-- "${TESTDIR}"
569 setfacl
-d -m group
::r
-- "${TESTDIR}"
570 setfacl
-d -m other
::r
-- "${TESTDIR}"
571 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
572 DUMMY
="${TESTDIR}/dummy"
576 chmod 777 "${TARGET}"
577 $BIN "${TARGET}" "${DUMMY}"
589 ACTUAL
=$(getfacl --omit-header "${TARGET}")
594 # Same as the previous test with the argument order switched.
596 setfacl
-d -m user
::r
-- "${TESTDIR}"
597 setfacl
-d -m group
::r
-- "${TESTDIR}"
598 setfacl
-d -m other
::r
-- "${TESTDIR}"
599 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
600 DUMMY
="${TESTDIR}/dummy"
604 chmod 777 "${TARGET}"
605 $BIN "${DUMMY}" "${TARGET}"
617 ACTUAL
=$(getfacl --omit-header "${TARGET}")
621 # If we call apply-default-acl on a single file that does not exist,
622 # we get the expected error.
624 ACTUAL
=$( "${BIN}" test/nonexistent 2>&1 )
625 EXPECTED
="test/nonexistent: No such file or directory"
629 # Same as the previous test, but with --recursive.
631 ACTUAL
=$( "${BIN}" --recursive test/nonexistent 2>&1 )
632 EXPECTED
="test/nonexistent: No such file or directory"
636 # If we call apply-default-acl on more than one file, it should report any
637 # that don't exist (but proceed to operate on the others).
639 DUMMY1
="${TESTDIR}/dummy1"
640 DUMMY2
="${TESTDIR}/dummy2"
641 touch "${DUMMY1}" "${DUMMY2}"
642 ACTUAL
=$( "${BIN}" "${DUMMY1}" test/nonexistent "${DUMMY2}" 2>&1 )
643 EXPECTED
="test/nonexistent: No such file or directory"
647 # Ensure that symlinks are not followed.
649 TARGET
="${TESTDIR}/foo"
650 LINK2TARGET
="${TESTDIR}/foo-sym"
652 ln -s "${TARGET#${TESTDIR}/}" "${LINK2TARGET}"
653 setfacl
--default --modify user
:${USERS[0]}:rwx
"${TESTDIR}"
654 "${BIN}" "${LINK2TARGET}"
655 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
666 # Ensure that symlinks are not followed in subdirectories (recursively).
668 TARGET
="${TESTDIR}/bar"
670 mkdir "${TESTDIR}/foo"
671 LINK2TARGET
="${TESTDIR}/foo/bar-sym"
672 ln -s "../bar" "${LINK2TARGET}"
673 setfacl
--default --modify user
:${USERS[0]}:rwx
"${TESTDIR}/foo"
674 EXPECTED
=$(getfacl --omit-header "${TARGET}")
675 "${BIN}" --recursive "${TESTDIR}/foo"
676 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
680 # Ensure that hard links are ignored.
682 TARGET
="${TESTDIR}/foo"
683 LINK2TARGET
="${TESTDIR}/bar"
685 ln "${TARGET}" "${LINK2TARGET}"
686 setfacl
--default --modify user
:${USERS[0]}:rwx
"${TESTDIR}"
687 "${BIN}" "${LINK2TARGET}"
688 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
699 # We should be able to run the tool with a relative path from within a
700 # directory that contains a symlink, so long as the relative path
701 # doesn't contain one.
703 TARGET
="${TESTDIR}/foo/bar"
704 LINK2TARGET
="${TESTDIR}/baz"
705 mkdir -p $(dirname "${TARGET}")
707 ln -s foo
"${TESTDIR}/baz"
708 setfacl
--default --modify user
:${USERS[0]}:rw
$(dirname "${TARGET}")
709 pushd "${TESTDIR}/baz" > /dev
/null
712 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
725 # Ensure that symlinks in non-terminal path components are not followed.
727 TARGET
="${TESTDIR}/foo/bar/baz"
728 LINK2FOO
="${TESTDIR}/quux"
729 mkdir -p $(dirname "${TARGET}")
731 ln -s foo
"${LINK2FOO}"
732 setfacl
--default --modify user
:${USERS[0]}:rw
$(dirname "${TARGET}")
733 EXPECTED
=$(getfacl --omit-header "${TARGET}")
734 "${BIN}" "${LINK2FOO}/bar/baz"
735 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
739 # Test that our exit code succeeds on a single, normal path.
741 TARGET
="${TESTDIR}/foo"
743 setfacl
--default --modify user
:${USERS[0]}:rw
"${TESTDIR}"
750 # Test that our exit code fails on a symlink.
752 TARGET
="${TESTDIR}/bar"
753 touch "${TESTDIR}/foo"
754 ln -s foo
"${TARGET}"
755 setfacl
--default --modify user
:${USERS[0]}:rw
"${TESTDIR}"
762 # The previous test should fail, even if we use --recursive.
764 TARGET
="${TESTDIR}/bar"
765 touch "${TESTDIR}/foo"
766 ln -s foo
"${TARGET}"
767 setfacl
--default --modify user
:${USERS[0]}:rw
"${TESTDIR}"
768 "${BIN}" --recursive "${TARGET}"
774 # Test the return value for nonexistent paths.
776 TARGET
="${TESTDIR}/foo"
777 "${BIN}" "${TARGET}" &>/dev
/null
783 # Test that one "failure" exit code overrides two "successes"
784 # We need a default ACL on ${TESTDIR} because otherwise we do
785 # nothing, successfully, on the symlink path.
787 mkdir "${TESTDIR}/foo"
788 ln -s foo
"${TESTDIR}/bar"
789 mkdir "${TESTDIR}/baz"
790 setfacl
--default --modify user
:${USERS[0]}:rw
"${TESTDIR}"
791 "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
797 # The failure should prevail when using --recursive, too.
799 mkdir "${TESTDIR}/foo"
800 ln -s foo
"${TESTDIR}/bar"
801 mkdir "${TESTDIR}/baz"
802 "${BIN}" --recursive "${TESTDIR}"
808 # We should get "Not a directory" if we stick a trailing slash on the
809 # end of the path to a file.
811 TARGET
="${TESTDIR}/foo"
813 ACTUAL
=$( "${BIN}" "${TARGET}/" 2>&1 )
814 EXPECTED
="${TARGET}/: Not a directory"
818 # We should be a no-op on files contained in directories that have no
821 TARGET
="${TESTDIR}/foo"
823 setfacl
--modify user
:${USERS[0]}:rw
"${TARGET}"
824 EXPECTED
=$( getfacl --omit-header "${TARGET}" )
826 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
830 # We should be a no-op on directories contained in directories that
831 # have no default ACL (same as the previous test, but with a directory).
833 TARGET
="${TESTDIR}/foo"
835 setfacl
--modify user
:${USERS[0]}:rw
"${TARGET}"
836 setfacl
--default --modify user
:${USERS[0]}:rw
"${TARGET}"
837 EXPECTED
=$( getfacl --omit-header "${TARGET}" )
838 "${BIN}" --recursive "${TARGET}"
839 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
843 # Make sure we descend into subdirectories that don't have default ACLs.
845 TARGET
="${TESTDIR}/foo/bar/baz"
846 mkdir -p $(dirname "${TARGET}")
848 touch "${TARGET}-direct"
849 setfacl
--default --modify user
:${USERS[0]}:rw
$(dirname "${TARGET}")
850 "${BIN}" "${TARGET}-direct"
851 EXPECTED
=$( getfacl --omit-header "${TARGET}-direct" )
852 "${BIN}" --recursive "${TESTDIR}"
853 ACTUAL
=$( getfacl --omit-header "${TARGET}" )
857 # Ensure that we don't get "error" results for symlinks encountered
858 # during a recursive traversal.
861 mkdir "${TARGET}/foo"
862 mkdir "${TARGET}/bar"
863 ln -s "../foo" "${TARGET}/bar/baz"
864 setfacl
--default --modify user
:${USERS[0]}:rw
"${TARGET}"
866 "${BIN}" --recursive "${TARGET}"
871 # Ensure that "." works as an argument.
874 mkdir "${TARGET}/foo"
875 mkdir "${TARGET}/bar"
876 setfacl
--default --modify user
:${USERS[0]}:rw
"${TARGET}"
877 "${BIN}" "${TARGET}/foo"
878 EXPECTED
=$( getfacl --omit-header "${TARGET}/foo" )
879 pushd "${TARGET}/bar" > /dev
/null
881 ACTUAL
=$( getfacl --omit-header "." )
885 # Ensure that "." works as an argument (recursive).
888 mkdir -p "${TARGET}/foo/baz"
889 mkdir -p "${TARGET}/bar/baz"
890 setfacl
--default --modify user
:${USERS[0]}:rw
"${TARGET}"
891 "${BIN}" --recursive "${TARGET}/foo"
892 EXPECTED
=$( getfacl --omit-header "${TARGET}/foo/baz" )
893 pushd "${TARGET}/bar" > /dev
/null
894 "${BIN}" --recursive "."
895 ACTUAL
=$( getfacl --omit-header "./baz" )
899 # Ensure that ".." works as an argument.
902 mkdir "${TARGET}/foo"
903 mkdir -p "${TARGET}/bar/baz"
904 setfacl
--default --modify user
:${USERS[0]}:rw
"${TARGET}"
905 "${BIN}" "${TARGET}/foo"
906 EXPECTED
=$( getfacl --omit-header "${TARGET}/foo" )
907 pushd "${TARGET}/bar/baz" > /dev
/null
909 ACTUAL
=$( getfacl --omit-header ".." )
913 # Ensure that ".." works as an argument (recursive).
916 mkdir -p "${TARGET}/foo/baz"
917 mkdir -p "${TARGET}/bar/baz"
918 setfacl
--default --modify user
:${USERS[0]}:rw
"${TARGET}"
919 "${BIN}" --recursive "${TARGET}/foo"
920 EXPECTED
=$( getfacl --omit-header "${TARGET}/foo/baz" )
921 pushd "${TARGET}/bar/baz" > /dev
/null
922 "${BIN}" --recursive ".."
923 ACTUAL
=$( getfacl --omit-header "." )