]> gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
projects / apply-default-acl.git / blob
? search:


06d2508843593307613d601bd76cc5aa7a080bef
[apply-default-acl.git] / run-tests.sh
1 #!/bin/bash
2
3 #
4 # Exit codes
5 #
6
7 EXIT_SUCCESS=0
8
9 # Exit with this when a test fails.
10 EXIT_FAILURE=1
11
12 # We use a few system users in the tests. If these users aren't
13 # present, we exit with a different (non-EXIT_FAILURE).
14 EXIT_MISSING_USERS=2
15
16 # Define the users that we'll use in the tests below. We store the
17 # names as variables to avoid repeating them everywhere.
18 #
19 # WARNING: These must be in alphabetical order; otherwise the getfacl
20 # output will not match.
21 #
22 USERS=( bin daemon )
23
24 # Check to see if the above users exist. If not, bail.
25 for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
26 id "${USERS[idx]}" >/dev/null 2>&1
27
28 if [ $? -ne $EXIT_SUCCESS ]; then
29 echo "Error: missing test user ${USERS[idx]}." 1>&2
30 exit $EXIT_MISSING_USERS
31 fi
32 done
33
34 # The program name.
35 BIN=$(realpath src/apply-default-acl)
36
37 # The directory where we'll do all the ACL manipulation.
38 TESTDIR=test
39
40 # Will auto-increment.
41 TESTNUM=0
42
43 acl_reset() {
44 # Remove any ACLs on our test directory and remove its contents.
45 setfacl --remove-all --recursive "${TESTDIR}"
46 chmod 755 "${TESTDIR}"
47 rm -rf "${TESTDIR}"/*
48 }
49
50 compare() {
51 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
52 echo "Success (#${TESTNUM})"
53 acl_reset
54 else
55 echo "Failure (#${TESTNUM})"
56 echo 'Expected result:'
57 echo '================'
58 echo "${EXPECTED}"
59 echo '================'
60 echo 'Actual result:'
61 echo '================'
62 echo "${ACTUAL}"
63 echo '================'
64 exit $EXIT_FAILURE
65 fi
66 }
67
68 # Start by removing and recreating the 'acl' directory.
69 rm -rf "${TESTDIR}"
70 mkdir "${TESTDIR}"
71
72
73 # When using a minimal ACL, the default user, group, and other
74 # permissions should all be propagated to the mode bits.
75 ((TESTNUM++))
76 TARGET="${TESTDIR}"/foo
77 touch "${TARGET}"
78 chmod 777 "${TARGET}"
79 setfacl -d -m user::r-- "${TESTDIR}"
80 setfacl -d -m group::r-- "${TESTDIR}"
81 setfacl -d -m other::r-- "${TESTDIR}"
82 $BIN "${TARGET}"
83
84 EXPECTED=$(cat <<EOF
85 user::r--
86 group::r--
87 other::r--
88
89 EOF
90 )
91
92 ACTUAL=$(getfacl --omit-header "${TARGET}")
93 compare
94
95 # Do the same thing as the last test, except with an extended ACL.
96 ((TESTNUM++))
97 setfacl -d -m user::r-- "${TESTDIR}"
98 setfacl -d -m group::r-- "${TESTDIR}"
99 setfacl -d -m other::r-- "${TESTDIR}"
100 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
101 touch "${TARGET}"
102 chmod 777 "${TARGET}"
103 $BIN "${TARGET}"
104
105 EXPECTED=$(cat <<EOF
106 user::r--
107 user:${USERS[0]}:rwx
108 group::r--
109 mask::rwx
110 other::r--
111
112 EOF
113 )
114
115 ACTUAL=$(getfacl --omit-header "${TARGET}")
116 compare
117
118
119 # A file shared by a group, should still be group-writable
120 # afterwards.
121 ((TESTNUM++))
122 touch "${TARGET}"
123 chmod 644 "${TARGET}"
124 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
125 $BIN "${TARGET}"
126
127 EXPECTED=$(cat <<EOF
128 user::rw-
129 group::r--
130 group:${USERS[0]}:rwx #effective:rw-
131 mask::rw-
132 other::r--
133
134 EOF
135 )
136
137 ACTUAL=$(getfacl --omit-header "${TARGET}")
138 compare
139
140
141 # Same test as before except with a directory.
142 ((TESTNUM++))
143 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
144 mkdir "${TARGET}"
145 chmod 755 "${TARGET}"
146 $BIN "${TARGET}"
147
148 EXPECTED=$(cat <<EOF
149 user::rwx
150 group::r-x
151 group:${USERS[0]}:rwx
152 mask::rwx
153 other::r-x
154 default:user::rwx
155 default:group::r-x
156 default:group:${USERS[0]}:rwx
157 default:mask::rwx
158 default:other::r-x
159
160 EOF
161 )
162
163 ACTUAL=$(getfacl --omit-header "${TARGET}")
164 compare
165
166
167 # With no default, things are left alone.
168 ((TESTNUM++))
169 touch "${TARGET}"
170 chmod 744 "${TARGET}"
171 $BIN "${TARGET}"
172
173
174 EXPECTED=$(cat <<EOF
175 user::rwx
176 group::r--
177 other::r--
178
179 EOF
180 )
181
182 ACTUAL=$(getfacl --omit-header "${TARGET}")
183 compare
184
185
186
187 # Since the default ACL will grant r-x to group/other, they will wind
188 # up with it.
189 ((TESTNUM++))
190 touch "${TARGET}"
191 chmod 744 "${TARGET}"
192 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
193 $BIN "${TARGET}"
194
195
196 EXPECTED=$(cat <<EOF
197 user::rwx
198 user:${USERS[0]}:rwx
199 group::r-x
200 mask::rwx
201 other::r-x
202
203 EOF
204 )
205
206 ACTUAL=$(getfacl --omit-header "${TARGET}")
207 compare
208
209
210 # Some named entries can be granted execute permissions as the result
211 # of reapplication.
212 ((TESTNUM++))
213 touch "${TARGET}"
214 chmod 744 "${TARGET}"
215 setfacl -m user:${USERS[1]}:rw "${TARGET}"
216 # If we don't add 'x' to the mask here, nobody can execute the file.
217 # setfacl will update the mask for us under most circumstances, but
218 # note that we didn't create an entry with an 'x' bit using setfacl --
219 # therefore, setfacl won't unmask 'x' for us.
220 setfacl -m mask::rwx "${TARGET}"
221 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
222 setfacl -d -m user:${USERS[1]}:rwx "${TESTDIR}"
223 $BIN "${TARGET}"
224
225 EXPECTED=$(cat <<EOF
226 user::rwx
227 user:${USERS[0]}:rwx
228 user:${USERS[1]}:rwx
229 group::r-x
230 mask::rwx
231 other::r-x
232
233 EOF
234 )
235
236 ACTUAL=$(getfacl --omit-header "${TARGET}")
237 compare
238
239
240 # We should not retain any entries that aren't in the default.
241 ((TESTNUM++))
242 touch "${TARGET}"
243 chmod 644 "${TARGET}"
244 setfacl -m user:${USERS[1]}:rw "${TARGET}"
245 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
246 $BIN "${TARGET}"
247
248 EXPECTED=$(cat <<EOF
249 user::rw-
250 user:${USERS[0]}:rwx #effective:rw-
251 group::r--
252 mask::rw-
253 other::r--
254
255 EOF
256 )
257
258 ACTUAL=$(getfacl --omit-header "${TARGET}")
259 compare
260
261
262 # A slightly modified version of the first test, to make sure it works.
263 ((TESTNUM++))
264 TARGET="${TESTDIR}"/foo
265 touch "${TARGET}"
266 chmod 777 "${TARGET}"
267 setfacl -d -m user::r-- "${TESTDIR}"
268 $BIN "${TARGET}"
269
270 EXPECTED=$(cat <<EOF
271 user::r--
272 group::r-x
273 other::r-x
274
275 EOF
276 )
277
278 ACTUAL=$(getfacl --omit-header "${TARGET}")
279 compare
280
281
282 # If the default ACL mask denies execute, we should respect that
283 # regardless of the existing execute permissions.
284 ((TESTNUM++))
285 TARGET="${TESTDIR}"/foo
286 touch "${TARGET}"
287 chmod 777 "${TARGET}"
288 setfacl -m user:${USERS[0]}:rwx "${TESTDIR}"
289 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
290 setfacl -d -m mask::rw- "${TESTDIR}"
291 $BIN "${TARGET}"
292
293 EXPECTED=$(cat <<EOF
294 user::rwx
295 user:${USERS[0]}:rwx #effective:rw-
296 group::r-x #effective:r--
297 mask::rw-
298 other::r-x
299
300 EOF
301 )
302
303 ACTUAL=$(getfacl --omit-header "${TARGET}")
304 compare
305
306
307
308 # The --recursive mode should work normally if the argument is a
309 # normal file. See the first test.
310 ((TESTNUM++))
311 TARGET="${TESTDIR}"/foo
312 setfacl -d -m user::r-- "${TESTDIR}"
313 setfacl -d -m group::r-- "${TESTDIR}"
314 setfacl -d -m other::r-- "${TESTDIR}"
315 touch "${TARGET}"
316 chmod 777 "${TARGET}"
317 $BIN --recursive "${TARGET}"
318
319 EXPECTED=$(cat <<EOF
320 user::r--
321 group::r--
322 other::r--
323
324 EOF
325 )
326
327 ACTUAL=$(getfacl --omit-header "${TARGET}")
328 compare
329
330
331 # The --recursive mode should work recursively.
332 ((TESTNUM++))
333 TARGET="${TESTDIR}"/foo
334 mkdir -p "${TARGET}"
335 touch "${TARGET}"/baz
336 mkdir -p "${TARGET}"/bar
337 touch "${TARGET}"/bar/quux
338 setfacl -d -m user::rwx "${TESTDIR}"
339 setfacl -d -m group::r-- "${TESTDIR}"
340 setfacl -d -m other::r-- "${TESTDIR}"
341 chmod -R 777 "${TARGET}"
342 $BIN --recursive "${TARGET}"
343
344 EXPECTED=$(cat <<EOF
345 user::rwx
346 group::r--
347 other::r--
348
349 EOF
350 )
351
352 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar/quux)
353 compare
354
355
356 # The --recursive mode should work recursively. This time
357 # check a directory, and pass the short command-line flag.
358 ((TESTNUM++))
359 TARGET="${TESTDIR}"/foo
360 mkdir -p "${TARGET}"
361 touch "${TARGET}"/baz
362 mkdir -p "${TARGET}"/bar
363 touch "${TARGET}"/bar/quux
364 setfacl -d -m user::rwx "${TESTDIR}"
365 setfacl -d -m group::r-- "${TESTDIR}"
366 setfacl -d -m other::r-- "${TESTDIR}"
367 chmod -R 777 "${TARGET}"
368 $BIN -r "${TARGET}"
369
370 EXPECTED=$(cat <<EOF
371 user::rwx
372 group::r--
373 other::r--
374 default:user::rwx
375 default:group::r--
376 default:other::r--
377
378 EOF
379 )
380
381 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar)
382 compare
383
384
385 # Test double application on a directory.
386 #
387 ((TESTNUM++))
388 TARGET="${TESTDIR}"/baz
389 mkdir "${TARGET}"
390 chmod 644 "${TARGET}"
391 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
392
393 $BIN "${TARGET}"
394 $BIN "${TARGET}"
395
396 EXPECTED=$(cat <<EOF
397 user::rwx
398 user:${USERS[0]}:rwx
399 group::r-x
400 mask::rwx
401 other::r-x
402 default:user::rwx
403 default:user:${USERS[0]}:rwx
404 default:group::r-x
405 default:mask::rwx
406 default:other::r-x
407
408 EOF
409 )
410
411 ACTUAL=$(getfacl --omit-header "${TARGET}")
412 compare
413
414
415 # Same as previous test, with 755 initial perms.
416 #
417 ((TESTNUM++))
418 TARGET="${TESTDIR}"/baz
419 mkdir "${TARGET}"
420 chmod 755 "${TARGET}"
421 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
422
423 $BIN "${TARGET}"
424 $BIN "${TARGET}"
425
426 EXPECTED=$(cat <<EOF
427 user::rwx
428 user:${USERS[0]}:rwx
429 group::r-x
430 mask::rwx
431 other::r-x
432 default:user::rwx
433 default:user:${USERS[0]}:rwx
434 default:group::r-x
435 default:mask::rwx
436 default:other::r-x
437
438 EOF
439 )
440
441 ACTUAL=$(getfacl --omit-header "${TARGET}")
442 compare
443
444
445 # Same as previous two tests, only with a file.
446 #
447 ((TESTNUM++))
448 TARGET="${TESTDIR}"/foo
449 touch "${TARGET}"
450 chmod 644 "${TARGET}"
451 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
452
453 $BIN "${TARGET}"
454 $BIN "${TARGET}"
455
456 EXPECTED=$(cat <<EOF
457 user::rw-
458 user:${USERS[0]}:rwx #effective:rw-
459 group::r--
460 mask::rw-
461 other::r--
462 EOF
463 )
464
465 ACTUAL=$(getfacl --omit-header "${TARGET}")
466 compare
467
468
469 # User-executable files should not wind up exec-masked.
470 ((TESTNUM++))
471 TARGET="${TESTDIR}"/foo
472 touch "${TARGET}"
473 chmod 700 "${TARGET}"
474 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
475 $BIN "${TARGET}"
476
477 EXPECTED=$(cat <<EOF
478 user::rwx
479 user:${USERS[0]}:rwx
480 group::r-x
481 mask::rwx
482 other::r-x
483
484 EOF
485 )
486
487 ACTUAL=$(getfacl --omit-header "${TARGET}")
488 compare
489
490
491 # Group-executable files should not wind up exec-masked.
492 ((TESTNUM++))
493 TARGET="${TESTDIR}"/foo
494 touch "${TARGET}"
495 chmod 670 "${TARGET}"
496 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
497 $BIN "${TARGET}"
498
499 EXPECTED=$(cat <<EOF
500 user::rwx
501 user:${USERS[0]}:rwx
502 group::r-x
503 mask::rwx
504 other::r-x
505
506 EOF
507 )
508
509 ACTUAL=$(getfacl --omit-header "${TARGET}")
510 compare
511
512
513 # Other-executable files should not wind up exec-masked.
514 ((TESTNUM++))
515 TARGET="${TESTDIR}"/foo
516 touch "${TARGET}"
517 chmod 607 "${TARGET}"
518 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
519 $BIN "${TARGET}"
520
521 EXPECTED=$(cat <<EOF
522 user::rwx
523 user:${USERS[0]}:rwx
524 group::r-x
525 mask::rwx
526 other::r-x
527
528 EOF
529 )
530
531 ACTUAL=$(getfacl --omit-header "${TARGET}")
532 compare
533
534
535
536
537 # Make sure a mask with an execute bit doesn't count as being
538 # executable.
539 #
540 ((TESTNUM++))
541 TARGET="${TESTDIR}"/foo
542 touch "${TARGET}"
543 chmod 644 "${TARGET}"
544 setfacl -m user::rw "${TARGET}"
545 setfacl -m group::rw "${TARGET}"
546 # Even though the mask has an 'x' bit, nobody can execute it.
547 setfacl -m mask::rwx "${TARGET}"
548 setfacl -d -m user::rwx "${TESTDIR}"
549 setfacl -d -m group::rwx "${TESTDIR}"
550 $BIN "${TARGET}"
551
552
553 EXPECTED=$(cat <<EOF
554 user::rw-
555 group::rw-
556 other::r--
557
558 EOF
559 )
560
561 ACTUAL=$(getfacl --omit-header "${TARGET}")
562 compare
563
564
565 # Same as the second test, except we pass multiple files on the
566 # command line and check the result of the first one.
567 ((TESTNUM++))
568 setfacl -d -m user::r-- "${TESTDIR}"
569 setfacl -d -m group::r-- "${TESTDIR}"
570 setfacl -d -m other::r-- "${TESTDIR}"
571 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
572 DUMMY="${TESTDIR}/dummy"
573 touch "${DUMMY}"
574 chmod 777 "${DUMMY}"
575 touch "${TARGET}"
576 chmod 777 "${TARGET}"
577 $BIN "${TARGET}" "${DUMMY}"
578
579 EXPECTED=$(cat <<EOF
580 user::r--
581 user:${USERS[0]}:rwx
582 group::r--
583 mask::rwx
584 other::r--
585
586 EOF
587 )
588
589 ACTUAL=$(getfacl --omit-header "${TARGET}")
590 compare
591
592
593
594 # Same as the previous test with the argument order switched.
595 ((TESTNUM++))
596 setfacl -d -m user::r-- "${TESTDIR}"
597 setfacl -d -m group::r-- "${TESTDIR}"
598 setfacl -d -m other::r-- "${TESTDIR}"
599 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
600 DUMMY="${TESTDIR}/dummy"
601 touch "${DUMMY}"
602 chmod 777 "${DUMMY}"
603 touch "${TARGET}"
604 chmod 777 "${TARGET}"
605 $BIN "${DUMMY}" "${TARGET}"
606
607 EXPECTED=$(cat <<EOF
608 user::r--
609 user:${USERS[0]}:rwx
610 group::r--
611 mask::rwx
612 other::r--
613
614 EOF
615 )
616
617 ACTUAL=$(getfacl --omit-header "${TARGET}")
618 compare
619
620
621 # If we call apply-default-acl on a single file that does not exist,
622 # we get the expected error.
623 ((TESTNUM++))
624 ACTUAL=$( "${BIN}" test/nonexistent 2>&1 )
625 EXPECTED="test/nonexistent: No such file or directory"
626 compare
627
628
629 # Same as the previous test, but with --recursive.
630 ((TESTNUM++))
631 ACTUAL=$( "${BIN}" --recursive test/nonexistent 2>&1 )
632 EXPECTED="test/nonexistent: No such file or directory"
633 compare
634
635
636 # If we call apply-default-acl on more than one file, it should report any
637 # that don't exist (but proceed to operate on the others).
638 ((TESTNUM++))
639 DUMMY1="${TESTDIR}/dummy1"
640 DUMMY2="${TESTDIR}/dummy2"
641 touch "${DUMMY1}" "${DUMMY2}"
642 ACTUAL=$( "${BIN}" "${DUMMY1}" test/nonexistent "${DUMMY2}" 2>&1 )
643 EXPECTED="test/nonexistent: No such file or directory"
644 compare
645
646
647 # Ensure that symlinks are not followed.
648 ((TESTNUM++))
649 TARGET="${TESTDIR}/foo"
650 LINK2TARGET="${TESTDIR}/foo-sym"
651 touch "${TARGET}"
652 ln -s "${TARGET#${TESTDIR}/}" "${LINK2TARGET}"
653 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
654 "${BIN}" "${LINK2TARGET}"
655 ACTUAL=$( getfacl --omit-header "${TARGET}" )
656 EXPECTED=$(cat <<EOF
657 user::rw-
658 group::r--
659 other::r--
660
661 EOF
662 )
663 compare
664
665
666 # Ensure that symlinks are not followed in subdirectories (recursively).
667 ((TESTNUM++))
668 TARGET="${TESTDIR}/bar"
669 touch "${TARGET}"
670 mkdir "${TESTDIR}/foo"
671 LINK2TARGET="${TESTDIR}/foo/bar-sym"
672 ln -s "../bar" "${LINK2TARGET}"
673 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}/foo"
674 EXPECTED=$(getfacl --omit-header "${TARGET}")
675 "${BIN}" --recursive "${TESTDIR}/foo"
676 ACTUAL=$( getfacl --omit-header "${TARGET}" )
677 compare
678
679
680 # Ensure that hard links are ignored.
681 ((TESTNUM++))
682 TARGET="${TESTDIR}/foo"
683 LINK2TARGET="${TESTDIR}/bar"
684 touch "${TARGET}"
685 ln "${TARGET}" "${LINK2TARGET}"
686 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
687 "${BIN}" "${LINK2TARGET}"
688 ACTUAL=$( getfacl --omit-header "${TARGET}" )
689 EXPECTED=$(cat <<EOF
690 user::rw-
691 group::r--
692 other::r--
693
694 EOF
695 )
696 compare
697
698
699 # We should be able to run the tool with a relative path from within a
700 # directory that contains a symlink, so long as the relative path
701 # doesn't contain one.
702 ((TESTNUM++))
703 TARGET="${TESTDIR}/foo/bar"
704 LINK2TARGET="${TESTDIR}/baz"
705 mkdir -p $(dirname "${TARGET}")
706 touch "${TARGET}"
707 ln -s foo "${TESTDIR}/baz"
708 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
709 pushd "${TESTDIR}/baz" > /dev/null
710 "${BIN}" bar
711 popd > /dev/null
712 ACTUAL=$( getfacl --omit-header "${TARGET}" )
713 EXPECTED=$(cat <<EOF
714 user::rw-
715 user:${USERS[0]}:rw-
716 group::r--
717 mask::rw-
718 other::r--
719
720 EOF
721 )
722 compare
723
724
725 # Ensure that symlinks in non-terminal path components are not followed.
726 ((TESTNUM++))
727 TARGET="${TESTDIR}/foo/bar/baz"
728 LINK2FOO="${TESTDIR}/quux"
729 mkdir -p $(dirname "${TARGET}")
730 touch "${TARGET}"
731 ln -s foo "${LINK2FOO}"
732 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
733 EXPECTED=$(getfacl --omit-header "${TARGET}")
734 "${BIN}" "${LINK2FOO}/bar/baz"
735 ACTUAL=$( getfacl --omit-header "${TARGET}" )
736 compare
737
738
739 # Test that our exit code succeeds on a single, normal path.
740 ((TESTNUM++))
741 TARGET="${TESTDIR}/foo"
742 touch "${TARGET}"
743 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
744 "${BIN}" "${TARGET}"
745 ACTUAL="$?"
746 EXPECTED="0"
747 compare
748
749
750 # Test that our exit code fails on a symlink.
751 ((TESTNUM++))
752 TARGET="${TESTDIR}/bar"
753 touch "${TESTDIR}/foo"
754 ln -s foo "${TARGET}"
755 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
756 "${BIN}" "${TARGET}"
757 ACTUAL="$?"
758 EXPECTED="1"
759 compare
760
761
762 # The previous test should fail, even if we use --recursive.
763 ((TESTNUM++))
764 TARGET="${TESTDIR}/bar"
765 touch "${TESTDIR}/foo"
766 ln -s foo "${TARGET}"
767 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
768 "${BIN}" --recursive "${TARGET}"
769 ACTUAL="$?"
770 EXPECTED="1"
771 compare
772
773
774 # Test the return value for nonexistent paths.
775 ((TESTNUM++))
776 TARGET="${TESTDIR}/foo"
777 "${BIN}" "${TARGET}" &>/dev/null
778 ACTUAL="$?"
779 EXPECTED="1"
780 compare
781
782
783 # Test that one "failure" exit code overrides two "successes"
784 # We need a default ACL on ${TESTDIR} because otherwise we do
785 # nothing, successfully, on the symlink path.
786 ((TESTNUM++))
787 mkdir "${TESTDIR}/foo"
788 ln -s foo "${TESTDIR}/bar"
789 mkdir "${TESTDIR}/baz"
790 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
791 "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
792 ACTUAL="$?"
793 EXPECTED="1"
794 compare
795
796
797 # The failure should prevail when using --recursive, too.
798 ((TESTNUM++))
799 mkdir "${TESTDIR}/foo"
800 ln -s foo "${TESTDIR}/bar"
801 mkdir "${TESTDIR}/baz"
802 "${BIN}" --recursive "${TESTDIR}"
803 ACTUAL="$?"
804 EXPECTED="1"
805 compare
806
807
808 # We should get "Not a directory" if we stick a trailing slash on the
809 # end of the path to a file.
810 ((TESTNUM++))
811 TARGET="${TESTDIR}/foo"
812 touch "${TARGET}"
813 ACTUAL=$( "${BIN}" "${TARGET}/" 2>&1 )
814 EXPECTED="${TARGET}/: Not a directory"
815 compare
816
817
818 # We should be a no-op on files contained in directories that have no
819 # default ACL.
820 ((TESTNUM++))
821 TARGET="${TESTDIR}/foo"
822 touch "${TARGET}"
823 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
824 EXPECTED=$( getfacl --omit-header "${TARGET}" )
825 "${BIN}" "${TARGET}"
826 ACTUAL=$( getfacl --omit-header "${TARGET}" )
827 compare
828
829
830 # We should be a no-op on directories contained in directories that
831 # have no default ACL (same as the previous test, but with a directory).
832 ((TESTNUM++))
833 TARGET="${TESTDIR}/foo"
834 mkdir "${TARGET}"
835 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
836 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
837 EXPECTED=$( getfacl --omit-header "${TARGET}" )
838 "${BIN}" --recursive "${TARGET}"
839 ACTUAL=$( getfacl --omit-header "${TARGET}" )
840 compare
841
842
843 # Make sure we descend into subdirectories that don't have default ACLs.
844 ((TESTNUM++))
845 TARGET="${TESTDIR}/foo/bar/baz"
846 mkdir -p $(dirname "${TARGET}")
847 touch "${TARGET}"
848 touch "${TARGET}-direct"
849 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
850 "${BIN}" "${TARGET}-direct"
851 EXPECTED=$( getfacl --omit-header "${TARGET}-direct" )
852 "${BIN}" --recursive "${TESTDIR}"
853 ACTUAL=$( getfacl --omit-header "${TARGET}" )
854 compare
855
856
857 # Ensure that we don't get "error" results for symlinks encountered
858 # during a recursive traversal.
859 ((TESTNUM++))
860 TARGET="${TESTDIR}"
861 mkdir "${TARGET}/foo"
862 mkdir "${TARGET}/bar"
863 ln -s "../foo" "${TARGET}/bar/baz"
864 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
865 EXPECTED="1"
866 "${BIN}" --recursive "${TARGET}"
867 ACTUAL=$?
868 compare
869
870
871 # Ensure that "." works as an argument.
872 ((TESTNUM++))
873 TARGET="${TESTDIR}"
874 mkdir "${TARGET}/foo"
875 mkdir "${TARGET}/bar"
876 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
877 "${BIN}" "${TARGET}/foo"
878 EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
879 pushd "${TARGET}/bar" > /dev/null
880 "${BIN}" "."
881 ACTUAL=$( getfacl --omit-header "." )
882 popd > /dev/null
883 compare
884
885 # Ensure that "." works as an argument (recursive).
886 ((TESTNUM++))
887 TARGET="${TESTDIR}"
888 mkdir -p "${TARGET}/foo/baz"
889 mkdir -p "${TARGET}/bar/baz"
890 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
891 "${BIN}" --recursive "${TARGET}/foo"
892 EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" )
893 pushd "${TARGET}/bar" > /dev/null
894 "${BIN}" --recursive "."
895 ACTUAL=$( getfacl --omit-header "./baz" )
896 popd > /dev/null
897 compare
898
899 # Ensure that ".." works as an argument.
900 ((TESTNUM++))
901 TARGET="${TESTDIR}"
902 mkdir "${TARGET}/foo"
903 mkdir -p "${TARGET}/bar/baz"
904 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
905 "${BIN}" "${TARGET}/foo"
906 EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
907 pushd "${TARGET}/bar/baz" > /dev/null
908 "${BIN}" ".."
909 ACTUAL=$( getfacl --omit-header ".." )
910 popd > /dev/null
911 compare
912
913 # Ensure that ".." works as an argument (recursive).
914 ((TESTNUM++))
915 TARGET="${TESTDIR}"
916 mkdir -p "${TARGET}/foo/baz"
917 mkdir -p "${TARGET}/bar/baz"
918 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
919 "${BIN}" --recursive "${TARGET}/foo"
920 EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" )
921 pushd "${TARGET}/bar/baz" > /dev/null
922 "${BIN}" --recursive ".."
923 ACTUAL=$( getfacl --omit-header "." )
924 popd > /dev/null
925 compare
Applies default POSIX ACLs to files and directories.