Add a few more tricky tests.

[apply-default-acl.git] / run-tests.sh

#!/bin/bash

# The directory where we'll do all the ACL manipulation.
TESTDIR=test

acl_reset() {
    # Remove any ACLs on our test directory and remove its contents.
    setfacl --remove-all --recursive "$TESTDIR"
    rm -rf "${TESTDIR}"/*
}

compare() {
    if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
        echo "Success (#${TESTNUM})"
        acl_reset
    else
        echo "Failure (#${TESTNUM})"
        echo "Expected result:"
        echo "${EXPECTED}"
        echo "Actual result:"
        echo "${ACTUAL}"
        exit 1
    fi
}

# Start by removing and recreating the 'acl' directory.
rm -rf "${TESTDIR}"
mkdir "${TESTDIR}"


# When using a minimal ACL, the default user, group, and other
# permissions should all be propagated to the mode bits.
TESTNUM=1
TARGET="${TESTDIR}"/foo
setfacl -d -m user::r--  "${TESTDIR}"
setfacl -d -m group::r-- "${TESTDIR}"
setfacl -d -m other::r-- "${TESTDIR}"
touch "${TARGET}"
chmod 777 "${TARGET}"
./aclq "${TARGET}"

EXPECTED=$(cat <<EOF
user::r--
group::r--
other::r--

EOF
)

ACTUAL=`getfacl --omit-header "${TARGET}"`
compare

# Do the same thing as the last test, except with an extended ACL.
TESTNUM=2
setfacl -d -m user::r--     "${TESTDIR}"
setfacl -d -m group::r--    "${TESTDIR}"
setfacl -d -m other::r--    "${TESTDIR}"
setfacl -d -m user:mail:rwx "${TESTDIR}"
touch "${TARGET}"
chmod 777 "${TARGET}"
./aclq "${TARGET}"

EXPECTED=$(cat <<EOF
user::r--
user:mail:rwx
group::r--
mask::rwx
other::r--

EOF
)

ACTUAL=`getfacl --omit-header "${TARGET}"`
compare

# A file shared by a group, should still be group-writable
# afterwards.
TESTNUM=3
touch "${TARGET}"
chmod 644 "${TARGET}"
setfacl -d -m group:mail:rwx "${TESTDIR}"
./aclq "${TARGET}"

EXPECTED=$(cat <<EOF
user::rw-
group::r--
group:mail:rwx  #effective:rw-
mask::rw-
other::r--
EOF
)

ACTUAL=`getfacl --omit-header "${TARGET}"`
compare

# Same test as before except with a directory.
TESTNUM=4
setfacl -d -m group:mail:rwx "${TESTDIR}"
mkdir "${TARGET}"
chmod 755 "${TARGET}"
./aclq "${TARGET}"

EXPECTED=$(cat <<EOF
user::rwx
group::r-x
group:mail:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:mail:rwx
default:mask::rwx
default:other::r-x

EOF
)

ACTUAL=`getfacl --omit-header "${TARGET}"`
compare


# With no default, things are left alone.
TESTNUM=5
touch "${TARGET}"
chmod 744 "${TARGET}"
./aclq "${TARGET}"


EXPECTED=$(cat <<EOF
user::rwx
group::r--
other::r--

EOF
)

ACTUAL=`getfacl --omit-header "${TARGET}"`
compare



# Make sure execute permission is removed for group/other after the
# reapplication.
TESTNUM=6
touch "${TARGET}"
chmod 744 "${TARGET}"
setfacl -d -m user:mail:rwx "${TESTDIR}"
./aclq "${TARGET}"


EXPECTED=$(cat <<EOF
user::rwx
user:mail:rwx
group::r--
mask::rwx
other::r--

EOF
)

ACTUAL=`getfacl --omit-header "${TARGET}"`
compare


# In fact, no existing named entries without execute permissions
# should be granted execute permissions as the result of
# reapplication.
TESTNUM=7
touch "${TARGET}"
chmod 744 "${TARGET}"
setfacl -m user:news:rw "${TARGET}"
setfacl -d -m user:mail:rwx "${TESTDIR}"
setfacl -d -m user:news:rwx "${TESTDIR}"
./aclq "${TARGET}"


EXPECTED=$(cat <<EOF
user::rwx
user:mail:rwx
user:news:rw-
group::r--
mask::rwx
other::r--

EOF
)

ACTUAL=`getfacl --omit-header "${TARGET}"`
compare