]> gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
projects / apply-default-acl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Improve the error message for most types of inaccessible paths.
[apply-default-acl.git] / run-tests.sh
1 #!/bin/bash
2
3 #
4 # Exit codes
5 #
6
7 EXIT_SUCCESS=0
8
9 # Exit with this when a test fails.
10 EXIT_FAILURE=1
11
12 # We use a few system users in the tests. If these users aren't
13 # present, we exit with a different (non-EXIT_FAILURE).
14 EXIT_MISSING_USERS=2
15
16 # Define the users that we'll use in the tests below. We store the
17 # names as variables to avoid repeating them everywhere.
18 #
19 # WARNING: These must be in alphabetical order; otherwise the getfacl
20 # output will not match.
21 #
22 USERS=( bin daemon )
23
24 # Check to see if the above users exist. If not, bail.
25 for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
26 id "${USERS[idx]}" >/dev/null 2>&1
27
28 if [ $? -ne $EXIT_SUCCESS ]; then
29 echo "Error: missing test user ${USERS[idx]}." 1>&2
30 exit $EXIT_MISSING_USERS
31 fi
32 done
33
34 # The program name.
35 BIN=$(realpath src/apply-default-acl)
36
37 # The directory where we'll do all the ACL manipulation.
38 TESTDIR=test
39
40 acl_reset() {
41 # Remove any ACLs on our test directory and remove its contents.
42 setfacl --remove-all --recursive "${TESTDIR}"
43 chmod 755 "${TESTDIR}"
44 rm -rf "${TESTDIR}"/*
45 }
46
47 compare() {
48 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
49 echo "Success (#${TESTNUM})"
50 acl_reset
51 else
52 echo "Failure (#${TESTNUM})"
53 echo 'Expected result:'
54 echo '================'
55 echo "${EXPECTED}"
56 echo '================'
57 echo 'Actual result:'
58 echo '================'
59 echo "${ACTUAL}"
60 echo '================'
61 exit $EXIT_FAILURE
62 fi
63 }
64
65 # Start by removing and recreating the 'acl' directory.
66 rm -rf "${TESTDIR}"
67 mkdir "${TESTDIR}"
68
69
70 # When using a minimal ACL, the default user, group, and other
71 # permissions should all be propagated to the mode bits.
72 TESTNUM=1
73 TARGET="${TESTDIR}"/foo
74 touch "${TARGET}"
75 chmod 777 "${TARGET}"
76 setfacl -d -m user::r-- "${TESTDIR}"
77 setfacl -d -m group::r-- "${TESTDIR}"
78 setfacl -d -m other::r-- "${TESTDIR}"
79 $BIN "${TARGET}"
80
81 EXPECTED=$(cat <<EOF
82 user::r--
83 group::r--
84 other::r--
85
86 EOF
87 )
88
89 ACTUAL=$(getfacl --omit-header "${TARGET}")
90 compare
91
92 # Do the same thing as the last test, except with an extended ACL.
93 TESTNUM=2
94 setfacl -d -m user::r-- "${TESTDIR}"
95 setfacl -d -m group::r-- "${TESTDIR}"
96 setfacl -d -m other::r-- "${TESTDIR}"
97 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
98 touch "${TARGET}"
99 chmod 777 "${TARGET}"
100 $BIN "${TARGET}"
101
102 EXPECTED=$(cat <<EOF
103 user::r--
104 user:${USERS[0]}:rwx
105 group::r--
106 mask::rwx
107 other::r--
108
109 EOF
110 )
111
112 ACTUAL=$(getfacl --omit-header "${TARGET}")
113 compare
114
115
116 # A file shared by a group, should still be group-writable
117 # afterwards.
118 TESTNUM=3
119 touch "${TARGET}"
120 chmod 644 "${TARGET}"
121 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
122 $BIN "${TARGET}"
123
124 EXPECTED=$(cat <<EOF
125 user::rw-
126 group::r--
127 group:${USERS[0]}:rwx #effective:rw-
128 mask::rw-
129 other::r--
130
131 EOF
132 )
133
134 ACTUAL=$(getfacl --omit-header "${TARGET}")
135 compare
136
137
138 # Same test as before except with a directory.
139 TESTNUM=4
140 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
141 mkdir "${TARGET}"
142 chmod 755 "${TARGET}"
143 $BIN "${TARGET}"
144
145 EXPECTED=$(cat <<EOF
146 user::rwx
147 group::r-x
148 group:${USERS[0]}:rwx
149 mask::rwx
150 other::r-x
151 default:user::rwx
152 default:group::r-x
153 default:group:${USERS[0]}:rwx
154 default:mask::rwx
155 default:other::r-x
156
157 EOF
158 )
159
160 ACTUAL=$(getfacl --omit-header "${TARGET}")
161 compare
162
163
164 # With no default, things are left alone.
165 TESTNUM=5
166 touch "${TARGET}"
167 chmod 744 "${TARGET}"
168 $BIN "${TARGET}"
169
170
171 EXPECTED=$(cat <<EOF
172 user::rwx
173 group::r--
174 other::r--
175
176 EOF
177 )
178
179 ACTUAL=$(getfacl --omit-header "${TARGET}")
180 compare
181
182
183
184 # Since the default ACL will grant r-x to group/other, they will wind
185 # up with it.
186 TESTNUM=6
187 touch "${TARGET}"
188 chmod 744 "${TARGET}"
189 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
190 $BIN "${TARGET}"
191
192
193 EXPECTED=$(cat <<EOF
194 user::rwx
195 user:${USERS[0]}:rwx
196 group::r-x
197 mask::rwx
198 other::r-x
199
200 EOF
201 )
202
203 ACTUAL=$(getfacl --omit-header "${TARGET}")
204 compare
205
206
207 # Some named entries can be granted execute permissions as the result
208 # of reapplication.
209 TESTNUM=7
210 touch "${TARGET}"
211 chmod 744 "${TARGET}"
212 setfacl -m user:${USERS[1]}:rw "${TARGET}"
213 # If we don't add 'x' to the mask here, nobody can execute the file.
214 # setfacl will update the mask for us under most circumstances, but
215 # note that we didn't create an entry with an 'x' bit using setfacl --
216 # therefore, setfacl won't unmask 'x' for us.
217 setfacl -m mask::rwx "${TARGET}"
218 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
219 setfacl -d -m user:${USERS[1]}:rwx "${TESTDIR}"
220 $BIN "${TARGET}"
221
222
223 EXPECTED=$(cat <<EOF
224 user::rwx
225 user:${USERS[0]}:rwx
226 user:${USERS[1]}:rwx
227 group::r-x
228 mask::rwx
229 other::r-x
230
231 EOF
232 )
233
234 ACTUAL=$(getfacl --omit-header "${TARGET}")
235 compare
236
237
238 # We should not retain any entries that aren't in the default.
239 TESTNUM=8
240 touch "${TARGET}"
241 chmod 644 "${TARGET}"
242 setfacl -m user:${USERS[1]}:rw "${TARGET}"
243 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
244 $BIN "${TARGET}"
245
246
247 EXPECTED=$(cat <<EOF
248 user::rw-
249 user:${USERS[0]}:rwx #effective:rw-
250 group::r--
251 mask::rw-
252 other::r--
253
254 EOF
255 )
256
257 ACTUAL=$(getfacl --omit-header "${TARGET}")
258 compare
259
260
261 # A slightly modified test #1 to make sure it works right.
262 TESTNUM=9
263 TARGET="${TESTDIR}"/foo
264 touch "${TARGET}"
265 chmod 777 "${TARGET}"
266 setfacl -d -m user::r-- "${TESTDIR}"
267 $BIN "${TARGET}"
268
269 EXPECTED=$(cat <<EOF
270 user::r--
271 group::r-x
272 other::r-x
273
274 EOF
275 )
276
277 ACTUAL=$(getfacl --omit-header "${TARGET}")
278 compare
279
280
281 # If the default ACL mask denies execute, we should respect that
282 # regardless of the existing execute permissions.
283 TESTNUM=10
284 TARGET="${TESTDIR}"/foo
285 touch "${TARGET}"
286 chmod 777 "${TARGET}"
287 setfacl -m user:${USERS[0]}:rwx "${TESTDIR}"
288 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
289 setfacl -d -m mask::rw- "${TESTDIR}"
290 $BIN "${TARGET}"
291
292 EXPECTED=$(cat <<EOF
293 user::rwx
294 user:${USERS[0]}:rwx #effective:rw-
295 group::r-x #effective:r--
296 mask::rw-
297 other::r-x
298
299 EOF
300 )
301
302 ACTUAL=$(getfacl --omit-header "${TARGET}")
303 compare
304
305
306
307 # The --recursive mode should work normally if the argument is a
308 # normal file. See Test #1.
309 TESTNUM=11
310 TARGET="${TESTDIR}"/foo
311 setfacl -d -m user::r-- "${TESTDIR}"
312 setfacl -d -m group::r-- "${TESTDIR}"
313 setfacl -d -m other::r-- "${TESTDIR}"
314 touch "${TARGET}"
315 chmod 777 "${TARGET}"
316 $BIN --recursive "${TARGET}"
317
318 EXPECTED=$(cat <<EOF
319 user::r--
320 group::r--
321 other::r--
322
323 EOF
324 )
325
326 ACTUAL=$(getfacl --omit-header "${TARGET}")
327 compare
328
329
330 # The --recursive mode should work recursively.
331 TESTNUM=12
332 TARGET="${TESTDIR}"/foo
333 mkdir -p "${TARGET}"
334 touch "${TARGET}"/baz
335 mkdir -p "${TARGET}"/bar
336 touch "${TARGET}"/bar/quux
337 setfacl -d -m user::rwx "${TESTDIR}"
338 setfacl -d -m group::r-- "${TESTDIR}"
339 setfacl -d -m other::r-- "${TESTDIR}"
340 chmod -R 777 "${TARGET}"
341 $BIN --recursive "${TARGET}"
342
343 EXPECTED=$(cat <<EOF
344 user::rwx
345 group::r--
346 other::r--
347
348 EOF
349 )
350
351 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar/quux)
352 compare
353
354
355 # The --recursive mode should work recursively. This time
356 # check a directory, and pass the short command-line flag.
357 TESTNUM=13
358 TARGET="${TESTDIR}"/foo
359 mkdir -p "${TARGET}"
360 touch "${TARGET}"/baz
361 mkdir -p "${TARGET}"/bar
362 touch "${TARGET}"/bar/quux
363 setfacl -d -m user::rwx "${TESTDIR}"
364 setfacl -d -m group::r-- "${TESTDIR}"
365 setfacl -d -m other::r-- "${TESTDIR}"
366 chmod -R 777 "${TARGET}"
367 $BIN -r "${TARGET}"
368
369 EXPECTED=$(cat <<EOF
370 user::rwx
371 group::r--
372 other::r--
373 default:user::rwx
374 default:group::r--
375 default:other::r--
376
377 EOF
378 )
379
380 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar)
381 compare
382
383
384 # Test double application on a directory.
385 #
386 TESTNUM=14
387 TARGET="${TESTDIR}"/baz
388 mkdir "${TARGET}"
389 chmod 644 "${TARGET}"
390 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
391
392 $BIN "${TARGET}"
393 $BIN "${TARGET}"
394
395 EXPECTED=$(cat <<EOF
396 user::rwx
397 user:${USERS[0]}:rwx
398 group::r-x
399 mask::rwx
400 other::r-x
401 default:user::rwx
402 default:user:${USERS[0]}:rwx
403 default:group::r-x
404 default:mask::rwx
405 default:other::r-x
406
407 EOF
408 )
409
410 ACTUAL=$(getfacl --omit-header "${TARGET}")
411 compare
412
413
414 # Same as previous test, with 755 initial perms.
415 #
416 TESTNUM=15
417 TARGET="${TESTDIR}"/baz
418 mkdir "${TARGET}"
419 chmod 755 "${TARGET}"
420 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
421
422 $BIN "${TARGET}"
423 $BIN "${TARGET}"
424
425 EXPECTED=$(cat <<EOF
426 user::rwx
427 user:${USERS[0]}:rwx
428 group::r-x
429 mask::rwx
430 other::r-x
431 default:user::rwx
432 default:user:${USERS[0]}:rwx
433 default:group::r-x
434 default:mask::rwx
435 default:other::r-x
436
437 EOF
438 )
439
440 ACTUAL=$(getfacl --omit-header "${TARGET}")
441 compare
442
443
444 # Same as previous two tests, only with a file.
445 #
446 TESTNUM=16
447 TARGET="${TESTDIR}"/foo
448 touch "${TARGET}"
449 chmod 644 "${TARGET}"
450 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
451
452 $BIN "${TARGET}"
453 $BIN "${TARGET}"
454
455 EXPECTED=$(cat <<EOF
456 user::rw-
457 user:${USERS[0]}:rwx #effective:rw-
458 group::r--
459 mask::rw-
460 other::r--
461 EOF
462 )
463
464 ACTUAL=$(getfacl --omit-header "${TARGET}")
465 compare
466
467
468 # User-executable files should not wind up exec-masked.
469 TESTNUM=17
470 TARGET="${TESTDIR}"/foo
471 touch "${TARGET}"
472 chmod 700 "${TARGET}"
473 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
474 $BIN "${TARGET}"
475
476 EXPECTED=$(cat <<EOF
477 user::rwx
478 user:${USERS[0]}:rwx
479 group::r-x
480 mask::rwx
481 other::r-x
482
483 EOF
484 )
485
486 ACTUAL=$(getfacl --omit-header "${TARGET}")
487 compare
488
489
490 # Group-executable files should not wind up exec-masked.
491 TESTNUM=18
492 TARGET="${TESTDIR}"/foo
493 touch "${TARGET}"
494 chmod 670 "${TARGET}"
495 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
496 $BIN "${TARGET}"
497
498 EXPECTED=$(cat <<EOF
499 user::rwx
500 user:${USERS[0]}:rwx
501 group::r-x
502 mask::rwx
503 other::r-x
504
505 EOF
506 )
507
508 ACTUAL=$(getfacl --omit-header "${TARGET}")
509 compare
510
511
512 # Other-executable files should not wind up exec-masked.
513 TESTNUM=19
514 TARGET="${TESTDIR}"/foo
515 touch "${TARGET}"
516 chmod 607 "${TARGET}"
517 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
518 $BIN "${TARGET}"
519
520 EXPECTED=$(cat <<EOF
521 user::rwx
522 user:${USERS[0]}:rwx
523 group::r-x
524 mask::rwx
525 other::r-x
526
527 EOF
528 )
529
530 ACTUAL=$(getfacl --omit-header "${TARGET}")
531 compare
532
533
534
535 # Test #16's setup repeated with the --no-exec-mask flag.
536 #
537 TESTNUM=20
538 TARGET="${TESTDIR}"/foo
539 touch "${TARGET}"
540 chmod 644 "${TARGET}"
541 # The directory allows execute for user, group, and other, so the file
542 # should actually inherit them regardless of its initial mode when the
543 # --no-exec-mask flag is passed.
544 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
545
546 $BIN --no-exec-mask "${TARGET}"
547
548 EXPECTED=$(cat <<EOF
549 user::rwx
550 user:${USERS[0]}:rwx
551 group::r-x
552 mask::rwx
553 other::r-x
554 EOF
555 )
556
557 ACTUAL=$(getfacl --omit-header "${TARGET}")
558 compare
559
560
561
562 # Test #20 repeated recursively to make sure the flags play nice
563 # together.
564 TESTNUM=21
565 PARENT_DIR="${TESTDIR}"/foo
566 TARGET="${PARENT_DIR}"/bar
567 mkdir "${PARENT_DIR}"
568 touch "${TARGET}"
569 chmod 644 "${TARGET}"
570 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
571
572 $BIN --recursive --no-exec-mask "${PARENT_DIR}"
573
574 EXPECTED=$(cat <<EOF
575 user::rwx
576 user:${USERS[0]}:rwx
577 group::r-x
578 mask::rwx
579 other::r-x
580 EOF
581 )
582
583 ACTUAL=$(getfacl --omit-header "${TARGET}")
584 compare
585
586
587 # Make sure a mask with an execute bit doesn't count as being
588 # executable.
589 #
590 TESTNUM=22
591 TARGET="${TESTDIR}"/foo
592 touch "${TARGET}"
593 chmod 644 "${TARGET}"
594 setfacl -m user::rw "${TARGET}"
595 setfacl -m group::rw "${TARGET}"
596 # Even though the mask has an 'x' bit, nobody can execute it.
597 setfacl -m mask::rwx "${TARGET}"
598 setfacl -d -m user::rwx "${TESTDIR}"
599 setfacl -d -m group::rwx "${TESTDIR}"
600 $BIN "${TARGET}"
601
602
603 EXPECTED=$(cat <<EOF
604 user::rw-
605 group::rw-
606 other::r--
607
608 EOF
609 )
610
611 ACTUAL=$(getfacl --omit-header "${TARGET}")
612 compare
613
614
615 # Same as test #2, except we pass multiple files on the command
616 # line and check the result of the first one.
617 TESTNUM=23
618 setfacl -d -m user::r-- "${TESTDIR}"
619 setfacl -d -m group::r-- "${TESTDIR}"
620 setfacl -d -m other::r-- "${TESTDIR}"
621 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
622 DUMMY="${TESTDIR}/dummy"
623 touch "${DUMMY}"
624 chmod 777 "${DUMMY}"
625 touch "${TARGET}"
626 chmod 777 "${TARGET}"
627 $BIN "${TARGET}" "${DUMMY}"
628
629 EXPECTED=$(cat <<EOF
630 user::r--
631 user:${USERS[0]}:rwx
632 group::r--
633 mask::rwx
634 other::r--
635
636 EOF
637 )
638
639 ACTUAL=$(getfacl --omit-header "${TARGET}")
640 compare
641
642
643
644 # Same as the previous test with the argument order switched.
645 TESTNUM=24
646 setfacl -d -m user::r-- "${TESTDIR}"
647 setfacl -d -m group::r-- "${TESTDIR}"
648 setfacl -d -m other::r-- "${TESTDIR}"
649 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
650 DUMMY="${TESTDIR}/dummy"
651 touch "${DUMMY}"
652 chmod 777 "${DUMMY}"
653 touch "${TARGET}"
654 chmod 777 "${TARGET}"
655 $BIN "${DUMMY}" "${TARGET}"
656
657 EXPECTED=$(cat <<EOF
658 user::r--
659 user:${USERS[0]}:rwx
660 group::r--
661 mask::rwx
662 other::r--
663
664 EOF
665 )
666
667 ACTUAL=$(getfacl --omit-header "${TARGET}")
668 compare
669
670
671 # If we call apply-default-acl on a single file that does not exist,
672 # we get the expected error.
673 TESTNUM=25
674 ACTUAL=$( "${BIN}" test/nonexistent 2>&1 )
675 EXPECTED="test/nonexistent: No such file or directory"
676 compare
677
678 # Same as the previous test, but with --recursive.
679 TESTNUM=26
680 ACTUAL=$( "${BIN}" --recursive test/nonexistent 2>&1 )
681 EXPECTED="test/nonexistent: No such file or directory"
682 compare
683
684 # If we call apply-default-acl on more than one file, it should report any
685 # that don't exist (but proceed to operate on the others).
686 TESTNUM=27
687 DUMMY1="${TESTDIR}/dummy1"
688 DUMMY2="${TESTDIR}/dummy2"
689 touch "${DUMMY1}" "${DUMMY2}"
690 ACTUAL=$( "${BIN}" "${DUMMY1}" test/nonexistent "${DUMMY2}" 2>&1 )
691 EXPECTED="test/nonexistent: No such file or directory"
692 compare
693
694
695 # Ensure that symlinks are not followed.
696 TESTNUM=28
697 TARGET="${TESTDIR}/foo"
698 LINK2TARGET="${TESTDIR}/foo-sym"
699 touch "${TARGET}"
700 ln -s "${TARGET#${TESTDIR}/}" "${LINK2TARGET}"
701 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
702 "${BIN}" "${LINK2TARGET}"
703 ACTUAL=$( getfacl --omit-header "${TARGET}" )
704 EXPECTED=$(cat <<EOF
705 user::rw-
706 group::r--
707 other::r--
708
709 EOF
710 )
711 compare
712
713
714 # Ensure that symlinks are not followed in subdirectories
715 # (recursively).
716 TESTNUM=29
717 TARGET="${TESTDIR}/bar"
718 touch "${TARGET}"
719 mkdir "${TESTDIR}/foo"
720 LINK2TARGET="${TESTDIR}/foo/bar-sym"
721 ln -s "../bar" "${LINK2TARGET}"
722 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}/foo"
723 "${BIN}" --recursive "${TESTDIR}/foo"
724 ACTUAL=$( getfacl --omit-header "${TARGET}" )
725 EXPECTED=$(cat <<EOF
726 user::rw-
727 group::r--
728 other::r--
729
730 EOF
731 )
732 compare
733
734
735 # Ensure that hard links are ignored.
736 TESTNUM=30
737 TARGET="${TESTDIR}/foo"
738 LINK2TARGET="${TESTDIR}/bar"
739 touch "${TARGET}"
740 ln "${TARGET}" "${LINK2TARGET}"
741 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
742 "${BIN}" "${LINK2TARGET}"
743 ACTUAL=$( getfacl --omit-header "${TARGET}" )
744 EXPECTED=$(cat <<EOF
745 user::rw-
746 group::r--
747 other::r--
748
749 EOF
750 )
751 compare
752
753
754 # We should be able to run the tool with a relative path from within a
755 # directory that contains a symlink, so long as the relative path
756 # doesn't contain one.
757 TESTNUM=31
758 TARGET="${TESTDIR}/foo/bar"
759 LINK2TARGET="${TESTDIR}/baz"
760 mkdir -p $(dirname "${TARGET}")
761 touch "${TARGET}"
762 ln -s foo "${TESTDIR}/baz"
763 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
764 pushd "${TESTDIR}/baz" > /dev/null
765 "${BIN}" bar
766 popd > /dev/null
767 ACTUAL=$( getfacl --omit-header "${TARGET}" )
768 EXPECTED=$(cat <<EOF
769 user::rw-
770 user:${USERS[0]}:rw-
771 group::r--
772 mask::rw-
773 other::r--
774
775 EOF
776 )
777 compare
778
779
780 # Ensure that symlinks in non-terminal path components are not followed.
781 TESTNUM=32
782 TARGET="${TESTDIR}/foo/bar/baz"
783 LINK2FOO="${TESTDIR}/quux"
784 mkdir -p $(dirname "${TARGET}")
785 touch "${TARGET}"
786 ln -s foo "${LINK2FOO}"
787 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
788 "${BIN}" "${LINK2FOO}/bar/baz"
789 ACTUAL=$( getfacl --omit-header "${TARGET}" )
790 EXPECTED=$(cat <<EOF
791 user::rw-
792 group::r--
793 other::r--
794
795 EOF
796 )
797 compare
798
799
800 # Test that our exit code succeeds on a single, normal path.
801 TESTNUM=33
802 TARGET="${TESTDIR}/foo"
803 touch "${TARGET}"
804 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
805 "${BIN}" "${TARGET}"
806 ACTUAL="$?"
807 EXPECTED="0"
808 compare
809
810
811 # Test that our exit code fails on a symlink.
812 TESTNUM=34
813 TARGET="${TESTDIR}/bar"
814 touch "${TESTDIR}/foo"
815 ln -s foo "${TARGET}"
816 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
817 "${BIN}" "${TARGET}"
818 ACTUAL="$?"
819 EXPECTED="1"
820 compare
821
822
823 # The previous test should "succeed" if we use --recursive. This is
824 # buggy, but it's documented.
825 TESTNUM=35
826 TARGET="${TESTDIR}/bar"
827 touch "${TESTDIR}/foo"
828 ln -s foo "${TARGET}"
829 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
830 "${BIN}" --recursive "${TARGET}"
831 ACTUAL="$?"
832 EXPECTED="0"
833 compare
834
835
836 # Test the return value for nonexistent paths.
837 TESTNUM=36
838 TARGET="${TESTDIR}/foo"
839 "${BIN}" "${TARGET}" &>/dev/null
840 ACTUAL="$?"
841 EXPECTED="1"
842 compare
843
844
845 # Test that one "failure" exit code overrides two "successes"
846 # We need a default ACL on ${TESTDIR} because otherwise we do
847 # nothing, successfully, on the symlink path.
848 TESTNUM=37
849 mkdir "${TESTDIR}/foo"
850 ln -s foo "${TESTDIR}/bar"
851 mkdir "${TESTDIR}/baz"
852 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
853 "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
854 ACTUAL="$?"
855 EXPECTED="1"
856 compare
857
858
859 # And test the buggy behavior again; the previous test should return
860 # success (ignoring the failure) when --recursive is used.
861 TESTNUM=38
862 mkdir "${TESTDIR}/foo"
863 ln -s foo "${TESTDIR}/bar"
864 mkdir "${TESTDIR}/baz"
865 "${BIN}" --recursive "${TESTDIR}"
866 ACTUAL="$?"
867 EXPECTED="0"
868 compare
Applies default POSIX ACLs to files and directories.