]> gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
projects / apply-default-acl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
run-tests.sh: simplify the EXPECTED output in test 29.
[apply-default-acl.git] / run-tests.sh
1 #!/bin/bash
2
3 #
4 # Exit codes
5 #
6
7 EXIT_SUCCESS=0
8
9 # Exit with this when a test fails.
10 EXIT_FAILURE=1
11
12 # We use a few system users in the tests. If these users aren't
13 # present, we exit with a different (non-EXIT_FAILURE).
14 EXIT_MISSING_USERS=2
15
16 # Define the users that we'll use in the tests below. We store the
17 # names as variables to avoid repeating them everywhere.
18 #
19 # WARNING: These must be in alphabetical order; otherwise the getfacl
20 # output will not match.
21 #
22 USERS=( bin daemon )
23
24 # Check to see if the above users exist. If not, bail.
25 for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
26 id "${USERS[idx]}" >/dev/null 2>&1
27
28 if [ $? -ne $EXIT_SUCCESS ]; then
29 echo "Error: missing test user ${USERS[idx]}." 1>&2
30 exit $EXIT_MISSING_USERS
31 fi
32 done
33
34 # The program name.
35 BIN=$(realpath src/apply-default-acl)
36
37 # The directory where we'll do all the ACL manipulation.
38 TESTDIR=test
39
40 acl_reset() {
41 # Remove any ACLs on our test directory and remove its contents.
42 setfacl --remove-all --recursive "${TESTDIR}"
43 chmod 755 "${TESTDIR}"
44 rm -rf "${TESTDIR}"/*
45 }
46
47 compare() {
48 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
49 echo "Success (#${TESTNUM})"
50 acl_reset
51 else
52 echo "Failure (#${TESTNUM})"
53 echo 'Expected result:'
54 echo '================'
55 echo "${EXPECTED}"
56 echo '================'
57 echo 'Actual result:'
58 echo '================'
59 echo "${ACTUAL}"
60 echo '================'
61 exit $EXIT_FAILURE
62 fi
63 }
64
65 # Start by removing and recreating the 'acl' directory.
66 rm -rf "${TESTDIR}"
67 mkdir "${TESTDIR}"
68
69
70 # When using a minimal ACL, the default user, group, and other
71 # permissions should all be propagated to the mode bits.
72 TESTNUM=1
73 TARGET="${TESTDIR}"/foo
74 touch "${TARGET}"
75 chmod 777 "${TARGET}"
76 setfacl -d -m user::r-- "${TESTDIR}"
77 setfacl -d -m group::r-- "${TESTDIR}"
78 setfacl -d -m other::r-- "${TESTDIR}"
79 $BIN "${TARGET}"
80
81 EXPECTED=$(cat <<EOF
82 user::r--
83 group::r--
84 other::r--
85
86 EOF
87 )
88
89 ACTUAL=$(getfacl --omit-header "${TARGET}")
90 compare
91
92 # Do the same thing as the last test, except with an extended ACL.
93 TESTNUM=2
94 setfacl -d -m user::r-- "${TESTDIR}"
95 setfacl -d -m group::r-- "${TESTDIR}"
96 setfacl -d -m other::r-- "${TESTDIR}"
97 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
98 touch "${TARGET}"
99 chmod 777 "${TARGET}"
100 $BIN "${TARGET}"
101
102 EXPECTED=$(cat <<EOF
103 user::r--
104 user:${USERS[0]}:rwx
105 group::r--
106 mask::rwx
107 other::r--
108
109 EOF
110 )
111
112 ACTUAL=$(getfacl --omit-header "${TARGET}")
113 compare
114
115
116 # A file shared by a group, should still be group-writable
117 # afterwards.
118 TESTNUM=3
119 touch "${TARGET}"
120 chmod 644 "${TARGET}"
121 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
122 $BIN "${TARGET}"
123
124 EXPECTED=$(cat <<EOF
125 user::rw-
126 group::r--
127 group:${USERS[0]}:rwx #effective:rw-
128 mask::rw-
129 other::r--
130
131 EOF
132 )
133
134 ACTUAL=$(getfacl --omit-header "${TARGET}")
135 compare
136
137
138 # Same test as before except with a directory.
139 TESTNUM=4
140 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
141 mkdir "${TARGET}"
142 chmod 755 "${TARGET}"
143 $BIN "${TARGET}"
144
145 EXPECTED=$(cat <<EOF
146 user::rwx
147 group::r-x
148 group:${USERS[0]}:rwx
149 mask::rwx
150 other::r-x
151 default:user::rwx
152 default:group::r-x
153 default:group:${USERS[0]}:rwx
154 default:mask::rwx
155 default:other::r-x
156
157 EOF
158 )
159
160 ACTUAL=$(getfacl --omit-header "${TARGET}")
161 compare
162
163
164 # With no default, things are left alone.
165 TESTNUM=5
166 touch "${TARGET}"
167 chmod 744 "${TARGET}"
168 $BIN "${TARGET}"
169
170
171 EXPECTED=$(cat <<EOF
172 user::rwx
173 group::r--
174 other::r--
175
176 EOF
177 )
178
179 ACTUAL=$(getfacl --omit-header "${TARGET}")
180 compare
181
182
183
184 # Since the default ACL will grant r-x to group/other, they will wind
185 # up with it.
186 TESTNUM=6
187 touch "${TARGET}"
188 chmod 744 "${TARGET}"
189 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
190 $BIN "${TARGET}"
191
192
193 EXPECTED=$(cat <<EOF
194 user::rwx
195 user:${USERS[0]}:rwx
196 group::r-x
197 mask::rwx
198 other::r-x
199
200 EOF
201 )
202
203 ACTUAL=$(getfacl --omit-header "${TARGET}")
204 compare
205
206
207 # Some named entries can be granted execute permissions as the result
208 # of reapplication.
209 TESTNUM=7
210 touch "${TARGET}"
211 chmod 744 "${TARGET}"
212 setfacl -m user:${USERS[1]}:rw "${TARGET}"
213 # If we don't add 'x' to the mask here, nobody can execute the file.
214 # setfacl will update the mask for us under most circumstances, but
215 # note that we didn't create an entry with an 'x' bit using setfacl --
216 # therefore, setfacl won't unmask 'x' for us.
217 setfacl -m mask::rwx "${TARGET}"
218 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
219 setfacl -d -m user:${USERS[1]}:rwx "${TESTDIR}"
220 $BIN "${TARGET}"
221
222 EXPECTED=$(cat <<EOF
223 user::rwx
224 user:${USERS[0]}:rwx
225 user:${USERS[1]}:rwx
226 group::r-x
227 mask::rwx
228 other::r-x
229
230 EOF
231 )
232
233 ACTUAL=$(getfacl --omit-header "${TARGET}")
234 compare
235
236
237 # We should not retain any entries that aren't in the default.
238 TESTNUM=8
239 touch "${TARGET}"
240 chmod 644 "${TARGET}"
241 setfacl -m user:${USERS[1]}:rw "${TARGET}"
242 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
243 $BIN "${TARGET}"
244
245 EXPECTED=$(cat <<EOF
246 user::rw-
247 user:${USERS[0]}:rwx #effective:rw-
248 group::r--
249 mask::rw-
250 other::r--
251
252 EOF
253 )
254
255 ACTUAL=$(getfacl --omit-header "${TARGET}")
256 compare
257
258
259 # A slightly modified test #1 to make sure it works right.
260 TESTNUM=9
261 TARGET="${TESTDIR}"/foo
262 touch "${TARGET}"
263 chmod 777 "${TARGET}"
264 setfacl -d -m user::r-- "${TESTDIR}"
265 $BIN "${TARGET}"
266
267 EXPECTED=$(cat <<EOF
268 user::r--
269 group::r-x
270 other::r-x
271
272 EOF
273 )
274
275 ACTUAL=$(getfacl --omit-header "${TARGET}")
276 compare
277
278
279 # If the default ACL mask denies execute, we should respect that
280 # regardless of the existing execute permissions.
281 TESTNUM=10
282 TARGET="${TESTDIR}"/foo
283 touch "${TARGET}"
284 chmod 777 "${TARGET}"
285 setfacl -m user:${USERS[0]}:rwx "${TESTDIR}"
286 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
287 setfacl -d -m mask::rw- "${TESTDIR}"
288 $BIN "${TARGET}"
289
290 EXPECTED=$(cat <<EOF
291 user::rwx
292 user:${USERS[0]}:rwx #effective:rw-
293 group::r-x #effective:r--
294 mask::rw-
295 other::r-x
296
297 EOF
298 )
299
300 ACTUAL=$(getfacl --omit-header "${TARGET}")
301 compare
302
303
304
305 # The --recursive mode should work normally if the argument is a
306 # normal file. See Test #1.
307 TESTNUM=11
308 TARGET="${TESTDIR}"/foo
309 setfacl -d -m user::r-- "${TESTDIR}"
310 setfacl -d -m group::r-- "${TESTDIR}"
311 setfacl -d -m other::r-- "${TESTDIR}"
312 touch "${TARGET}"
313 chmod 777 "${TARGET}"
314 $BIN --recursive "${TARGET}"
315
316 EXPECTED=$(cat <<EOF
317 user::r--
318 group::r--
319 other::r--
320
321 EOF
322 )
323
324 ACTUAL=$(getfacl --omit-header "${TARGET}")
325 compare
326
327
328 # The --recursive mode should work recursively.
329 TESTNUM=12
330 TARGET="${TESTDIR}"/foo
331 mkdir -p "${TARGET}"
332 touch "${TARGET}"/baz
333 mkdir -p "${TARGET}"/bar
334 touch "${TARGET}"/bar/quux
335 setfacl -d -m user::rwx "${TESTDIR}"
336 setfacl -d -m group::r-- "${TESTDIR}"
337 setfacl -d -m other::r-- "${TESTDIR}"
338 chmod -R 777 "${TARGET}"
339 $BIN --recursive "${TARGET}"
340
341 EXPECTED=$(cat <<EOF
342 user::rwx
343 group::r--
344 other::r--
345
346 EOF
347 )
348
349 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar/quux)
350 compare
351
352
353 # The --recursive mode should work recursively. This time
354 # check a directory, and pass the short command-line flag.
355 TESTNUM=13
356 TARGET="${TESTDIR}"/foo
357 mkdir -p "${TARGET}"
358 touch "${TARGET}"/baz
359 mkdir -p "${TARGET}"/bar
360 touch "${TARGET}"/bar/quux
361 setfacl -d -m user::rwx "${TESTDIR}"
362 setfacl -d -m group::r-- "${TESTDIR}"
363 setfacl -d -m other::r-- "${TESTDIR}"
364 chmod -R 777 "${TARGET}"
365 $BIN -r "${TARGET}"
366
367 EXPECTED=$(cat <<EOF
368 user::rwx
369 group::r--
370 other::r--
371 default:user::rwx
372 default:group::r--
373 default:other::r--
374
375 EOF
376 )
377
378 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar)
379 compare
380
381
382 # Test double application on a directory.
383 #
384 TESTNUM=14
385 TARGET="${TESTDIR}"/baz
386 mkdir "${TARGET}"
387 chmod 644 "${TARGET}"
388 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
389
390 $BIN "${TARGET}"
391 $BIN "${TARGET}"
392
393 EXPECTED=$(cat <<EOF
394 user::rwx
395 user:${USERS[0]}:rwx
396 group::r-x
397 mask::rwx
398 other::r-x
399 default:user::rwx
400 default:user:${USERS[0]}:rwx
401 default:group::r-x
402 default:mask::rwx
403 default:other::r-x
404
405 EOF
406 )
407
408 ACTUAL=$(getfacl --omit-header "${TARGET}")
409 compare
410
411
412 # Same as previous test, with 755 initial perms.
413 #
414 TESTNUM=15
415 TARGET="${TESTDIR}"/baz
416 mkdir "${TARGET}"
417 chmod 755 "${TARGET}"
418 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
419
420 $BIN "${TARGET}"
421 $BIN "${TARGET}"
422
423 EXPECTED=$(cat <<EOF
424 user::rwx
425 user:${USERS[0]}:rwx
426 group::r-x
427 mask::rwx
428 other::r-x
429 default:user::rwx
430 default:user:${USERS[0]}:rwx
431 default:group::r-x
432 default:mask::rwx
433 default:other::r-x
434
435 EOF
436 )
437
438 ACTUAL=$(getfacl --omit-header "${TARGET}")
439 compare
440
441
442 # Same as previous two tests, only with a file.
443 #
444 TESTNUM=16
445 TARGET="${TESTDIR}"/foo
446 touch "${TARGET}"
447 chmod 644 "${TARGET}"
448 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
449
450 $BIN "${TARGET}"
451 $BIN "${TARGET}"
452
453 EXPECTED=$(cat <<EOF
454 user::rw-
455 user:${USERS[0]}:rwx #effective:rw-
456 group::r--
457 mask::rw-
458 other::r--
459 EOF
460 )
461
462 ACTUAL=$(getfacl --omit-header "${TARGET}")
463 compare
464
465
466 # User-executable files should not wind up exec-masked.
467 TESTNUM=17
468 TARGET="${TESTDIR}"/foo
469 touch "${TARGET}"
470 chmod 700 "${TARGET}"
471 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
472 $BIN "${TARGET}"
473
474 EXPECTED=$(cat <<EOF
475 user::rwx
476 user:${USERS[0]}:rwx
477 group::r-x
478 mask::rwx
479 other::r-x
480
481 EOF
482 )
483
484 ACTUAL=$(getfacl --omit-header "${TARGET}")
485 compare
486
487
488 # Group-executable files should not wind up exec-masked.
489 TESTNUM=18
490 TARGET="${TESTDIR}"/foo
491 touch "${TARGET}"
492 chmod 670 "${TARGET}"
493 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
494 $BIN "${TARGET}"
495
496 EXPECTED=$(cat <<EOF
497 user::rwx
498 user:${USERS[0]}:rwx
499 group::r-x
500 mask::rwx
501 other::r-x
502
503 EOF
504 )
505
506 ACTUAL=$(getfacl --omit-header "${TARGET}")
507 compare
508
509
510 # Other-executable files should not wind up exec-masked.
511 TESTNUM=19
512 TARGET="${TESTDIR}"/foo
513 touch "${TARGET}"
514 chmod 607 "${TARGET}"
515 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
516 $BIN "${TARGET}"
517
518 EXPECTED=$(cat <<EOF
519 user::rwx
520 user:${USERS[0]}:rwx
521 group::r-x
522 mask::rwx
523 other::r-x
524
525 EOF
526 )
527
528 ACTUAL=$(getfacl --omit-header "${TARGET}")
529 compare
530
531
532
533 # Test #16's setup repeated with the --no-exec-mask flag.
534 #
535 TESTNUM=20
536 TARGET="${TESTDIR}"/foo
537 touch "${TARGET}"
538 chmod 644 "${TARGET}"
539 # The directory allows execute for user, group, and other, so the file
540 # should actually inherit them regardless of its initial mode when the
541 # --no-exec-mask flag is passed.
542 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
543
544 $BIN --no-exec-mask "${TARGET}"
545
546 EXPECTED=$(cat <<EOF
547 user::rwx
548 user:${USERS[0]}:rwx
549 group::r-x
550 mask::rwx
551 other::r-x
552 EOF
553 )
554
555 ACTUAL=$(getfacl --omit-header "${TARGET}")
556 compare
557
558
559
560 # Test #20 repeated recursively to make sure the flags play nice
561 # together.
562 TESTNUM=21
563 PARENT_DIR="${TESTDIR}"/foo
564 TARGET="${PARENT_DIR}"/bar
565 mkdir "${PARENT_DIR}"
566 touch "${TARGET}"
567 chmod 644 "${TARGET}"
568 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
569
570 $BIN --recursive --no-exec-mask "${PARENT_DIR}"
571
572 EXPECTED=$(cat <<EOF
573 user::rwx
574 user:${USERS[0]}:rwx
575 group::r-x
576 mask::rwx
577 other::r-x
578 EOF
579 )
580
581 ACTUAL=$(getfacl --omit-header "${TARGET}")
582 compare
583
584
585 # Make sure a mask with an execute bit doesn't count as being
586 # executable.
587 #
588 TESTNUM=22
589 TARGET="${TESTDIR}"/foo
590 touch "${TARGET}"
591 chmod 644 "${TARGET}"
592 setfacl -m user::rw "${TARGET}"
593 setfacl -m group::rw "${TARGET}"
594 # Even though the mask has an 'x' bit, nobody can execute it.
595 setfacl -m mask::rwx "${TARGET}"
596 setfacl -d -m user::rwx "${TESTDIR}"
597 setfacl -d -m group::rwx "${TESTDIR}"
598 $BIN "${TARGET}"
599
600
601 EXPECTED=$(cat <<EOF
602 user::rw-
603 group::rw-
604 other::r--
605
606 EOF
607 )
608
609 ACTUAL=$(getfacl --omit-header "${TARGET}")
610 compare
611
612
613 # Same as test #2, except we pass multiple files on the command
614 # line and check the result of the first one.
615 TESTNUM=23
616 setfacl -d -m user::r-- "${TESTDIR}"
617 setfacl -d -m group::r-- "${TESTDIR}"
618 setfacl -d -m other::r-- "${TESTDIR}"
619 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
620 DUMMY="${TESTDIR}/dummy"
621 touch "${DUMMY}"
622 chmod 777 "${DUMMY}"
623 touch "${TARGET}"
624 chmod 777 "${TARGET}"
625 $BIN "${TARGET}" "${DUMMY}"
626
627 EXPECTED=$(cat <<EOF
628 user::r--
629 user:${USERS[0]}:rwx
630 group::r--
631 mask::rwx
632 other::r--
633
634 EOF
635 )
636
637 ACTUAL=$(getfacl --omit-header "${TARGET}")
638 compare
639
640
641
642 # Same as the previous test with the argument order switched.
643 TESTNUM=24
644 setfacl -d -m user::r-- "${TESTDIR}"
645 setfacl -d -m group::r-- "${TESTDIR}"
646 setfacl -d -m other::r-- "${TESTDIR}"
647 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
648 DUMMY="${TESTDIR}/dummy"
649 touch "${DUMMY}"
650 chmod 777 "${DUMMY}"
651 touch "${TARGET}"
652 chmod 777 "${TARGET}"
653 $BIN "${DUMMY}" "${TARGET}"
654
655 EXPECTED=$(cat <<EOF
656 user::r--
657 user:${USERS[0]}:rwx
658 group::r--
659 mask::rwx
660 other::r--
661
662 EOF
663 )
664
665 ACTUAL=$(getfacl --omit-header "${TARGET}")
666 compare
667
668
669 # If we call apply-default-acl on a single file that does not exist,
670 # we get the expected error.
671 TESTNUM=25
672 ACTUAL=$( "${BIN}" test/nonexistent 2>&1 )
673 EXPECTED="test/nonexistent: No such file or directory"
674 compare
675
676 # Same as the previous test, but with --recursive.
677 TESTNUM=26
678 ACTUAL=$( "${BIN}" --recursive test/nonexistent 2>&1 )
679 EXPECTED="test/nonexistent: No such file or directory"
680 compare
681
682 # If we call apply-default-acl on more than one file, it should report any
683 # that don't exist (but proceed to operate on the others).
684 TESTNUM=27
685 DUMMY1="${TESTDIR}/dummy1"
686 DUMMY2="${TESTDIR}/dummy2"
687 touch "${DUMMY1}" "${DUMMY2}"
688 ACTUAL=$( "${BIN}" "${DUMMY1}" test/nonexistent "${DUMMY2}" 2>&1 )
689 EXPECTED="test/nonexistent: No such file or directory"
690 compare
691
692
693 # Ensure that symlinks are not followed.
694 TESTNUM=28
695 TARGET="${TESTDIR}/foo"
696 LINK2TARGET="${TESTDIR}/foo-sym"
697 touch "${TARGET}"
698 ln -s "${TARGET#${TESTDIR}/}" "${LINK2TARGET}"
699 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
700 "${BIN}" "${LINK2TARGET}"
701 ACTUAL=$( getfacl --omit-header "${TARGET}" )
702 EXPECTED=$(cat <<EOF
703 user::rw-
704 group::r--
705 other::r--
706
707 EOF
708 )
709 compare
710
711
712 # Ensure that symlinks are not followed in subdirectories
713 # (recursively).
714 TESTNUM=29
715 TARGET="${TESTDIR}/bar"
716 touch "${TARGET}"
717 mkdir "${TESTDIR}/foo"
718 LINK2TARGET="${TESTDIR}/foo/bar-sym"
719 ln -s "../bar" "${LINK2TARGET}"
720 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}/foo"
721 EXPECTED=$(getfacl --omit-header "${TARGET}")
722 "${BIN}" --recursive "${TESTDIR}/foo"
723 ACTUAL=$( getfacl --omit-header "${TARGET}" )
724 compare
725
726
727 # Ensure that hard links are ignored.
728 TESTNUM=30
729 TARGET="${TESTDIR}/foo"
730 LINK2TARGET="${TESTDIR}/bar"
731 touch "${TARGET}"
732 ln "${TARGET}" "${LINK2TARGET}"
733 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
734 "${BIN}" "${LINK2TARGET}"
735 ACTUAL=$( getfacl --omit-header "${TARGET}" )
736 EXPECTED=$(cat <<EOF
737 user::rw-
738 group::r--
739 other::r--
740
741 EOF
742 )
743 compare
744
745
746 # We should be able to run the tool with a relative path from within a
747 # directory that contains a symlink, so long as the relative path
748 # doesn't contain one.
749 TESTNUM=31
750 TARGET="${TESTDIR}/foo/bar"
751 LINK2TARGET="${TESTDIR}/baz"
752 mkdir -p $(dirname "${TARGET}")
753 touch "${TARGET}"
754 ln -s foo "${TESTDIR}/baz"
755 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
756 pushd "${TESTDIR}/baz" > /dev/null
757 "${BIN}" bar
758 popd > /dev/null
759 ACTUAL=$( getfacl --omit-header "${TARGET}" )
760 EXPECTED=$(cat <<EOF
761 user::rw-
762 user:${USERS[0]}:rw-
763 group::r--
764 mask::rw-
765 other::r--
766
767 EOF
768 )
769 compare
770
771
772 # Ensure that symlinks in non-terminal path components are not followed.
773 TESTNUM=32
774 TARGET="${TESTDIR}/foo/bar/baz"
775 LINK2FOO="${TESTDIR}/quux"
776 mkdir -p $(dirname "${TARGET}")
777 touch "${TARGET}"
778 ln -s foo "${LINK2FOO}"
779 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
780 EXPECTED=$(getfacl --omit-header "${TARGET}")
781 "${BIN}" "${LINK2FOO}/bar/baz"
782 ACTUAL=$( getfacl --omit-header "${TARGET}" )
783 compare
784
785
786 # Test that our exit code succeeds on a single, normal path.
787 TESTNUM=33
788 TARGET="${TESTDIR}/foo"
789 touch "${TARGET}"
790 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
791 "${BIN}" "${TARGET}"
792 ACTUAL="$?"
793 EXPECTED="0"
794 compare
795
796
797 # Test that our exit code fails on a symlink.
798 TESTNUM=34
799 TARGET="${TESTDIR}/bar"
800 touch "${TESTDIR}/foo"
801 ln -s foo "${TARGET}"
802 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
803 "${BIN}" "${TARGET}"
804 ACTUAL="$?"
805 EXPECTED="1"
806 compare
807
808
809 # The previous test should fail, even if we use --recursive.
810 TESTNUM=35
811 TARGET="${TESTDIR}/bar"
812 touch "${TESTDIR}/foo"
813 ln -s foo "${TARGET}"
814 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
815 "${BIN}" --recursive "${TARGET}"
816 ACTUAL="$?"
817 EXPECTED="1"
818 compare
819
820
821 # Test the return value for nonexistent paths.
822 TESTNUM=36
823 TARGET="${TESTDIR}/foo"
824 "${BIN}" "${TARGET}" &>/dev/null
825 ACTUAL="$?"
826 EXPECTED="1"
827 compare
828
829
830 # Test that one "failure" exit code overrides two "successes"
831 # We need a default ACL on ${TESTDIR} because otherwise we do
832 # nothing, successfully, on the symlink path.
833 TESTNUM=37
834 mkdir "${TESTDIR}/foo"
835 ln -s foo "${TESTDIR}/bar"
836 mkdir "${TESTDIR}/baz"
837 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
838 "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
839 ACTUAL="$?"
840 EXPECTED="1"
841 compare
842
843
844 # The failure should prevail when using --recursive, too.
845 TESTNUM=38
846 mkdir "${TESTDIR}/foo"
847 ln -s foo "${TESTDIR}/bar"
848 mkdir "${TESTDIR}/baz"
849 "${BIN}" --recursive "${TESTDIR}"
850 ACTUAL="$?"
851 EXPECTED="1"
852 compare
853
854
855 # We should get "Not a directory" if we stick a trailing slash on the
856 # end of the path to a file.
857 TESTNUM=39
858 TARGET="${TESTDIR}/foo"
859 touch "${TARGET}"
860 ACTUAL=$( "${BIN}" "${TARGET}/" 2>&1 )
861 EXPECTED="${TARGET}/: Not a directory"
862 compare
863
864
865 # We should be a no-op on files contained in directories that have no
866 # default ACL.
867 TESTNUM=40
868 TARGET="${TESTDIR}/foo"
869 touch "${TARGET}"
870 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
871 EXPECTED=$( getfacl --omit-header "${TARGET}" )
872 "${BIN}" "${TARGET}"
873 ACTUAL=$( getfacl --omit-header "${TARGET}" )
874 compare
875
876
877 # We should be a no-op on directories contained in directories that
878 # have no default ACL (same as the previous test, but with a directory).
879 TESTNUM=41
880 TARGET="${TESTDIR}/foo"
881 mkdir "${TARGET}"
882 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
883 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
884 EXPECTED=$( getfacl --omit-header "${TARGET}" )
885 "${BIN}" --recursive "${TARGET}"
886 ACTUAL=$( getfacl --omit-header "${TARGET}" )
887 compare
888
889
890 # Make sure we descend into subdirectories that don't have default ACLs.
891 TESTNUM=42
892 TARGET="${TESTDIR}/foo/bar/baz"
893 mkdir -p $(dirname "${TARGET}")
894 touch "${TARGET}"
895 touch "${TARGET}-direct"
896 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
897 "${BIN}" "${TARGET}-direct"
898 EXPECTED=$( getfacl --omit-header "${TARGET}-direct" )
899 "${BIN}" --recursive "${TESTDIR}"
900 ACTUAL=$( getfacl --omit-header "${TARGET}" )
901 compare
902
903
904 # Ensure that we don't get "error" results for symlinks encountered
905 # during a recursive traversal.
906 TESTNUM=43
907 TARGET="${TESTDIR}"
908 mkdir "${TARGET}/foo"
909 mkdir "${TARGET}/bar"
910 ln -s "../foo" "${TARGET}/bar/baz"
911 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
912 EXPECTED="1"
913 "${BIN}" --recursive "${TARGET}"
914 ACTUAL=$?
915 compare
Applies default POSIX ACLs to files and directories.