run-tests.sh

   1 #!/bin/bash
   2
   3 # The program name.
   4 BIN=./src/apply-default-acl
   5
   6 # The directory where we'll do all the ACL manipulation.
   7 TESTDIR=test
   8
   9 acl_reset() {
  10     # Remove any ACLs on our test directory and remove its contents.
  11     setfacl --remove-all --recursive "${TESTDIR}"
  12     chmod 755 "${TESTDIR}"
  13     rm -rf "${TESTDIR}"/*
  14 }
  15
  16 compare() {
  17     if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
  18         echo "Success (#${TESTNUM})"
  19         acl_reset
  20     else
  21         echo "Failure (#${TESTNUM})"
  22         echo 'Expected result:'
  23         echo '================'
  24         echo "${EXPECTED}"
  25         echo '================'
  26         echo 'Actual result:'
  27         echo '================'
  28         echo "${ACTUAL}"
  29         echo '================'
  30         exit 1
  31     fi
  32 }
  33
  34 # Start by removing and recreating the 'acl' directory.
  35 rm -rf "${TESTDIR}"
  36 mkdir "${TESTDIR}"
  37
  38
  39 # When using a minimal ACL, the default user, group, and other
  40 # permissions should all be propagated to the mode bits.
  41 TESTNUM=1
  42 TARGET="${TESTDIR}"/foo
  43 setfacl -d -m user::r--  "${TESTDIR}"
  44 setfacl -d -m group::r-- "${TESTDIR}"
  45 setfacl -d -m other::r-- "${TESTDIR}"
  46 touch "${TARGET}"
  47 chmod 777 "${TARGET}"
  48 $BIN "${TARGET}"
  49
  50 EXPECTED=$(cat <<EOF
  51 user::r--
  52 group::r--
  53 other::r--
  54
  55 EOF
  56 )
  57
  58 ACTUAL=`getfacl --omit-header "${TARGET}"`
  59 compare
  60
  61 # Do the same thing as the last test, except with an extended ACL.
  62 TESTNUM=2
  63 setfacl -d -m user::r--     "${TESTDIR}"
  64 setfacl -d -m group::r--    "${TESTDIR}"
  65 setfacl -d -m other::r--    "${TESTDIR}"
  66 setfacl -d -m user:mail:rwx "${TESTDIR}"
  67 touch "${TARGET}"
  68 chmod 777 "${TARGET}"
  69 $BIN "${TARGET}"
  70
  71 EXPECTED=$(cat <<EOF
  72 user::r--
  73 user:mail:rwx
  74 group::r--
  75 mask::rwx
  76 other::r--
  77
  78 EOF
  79 )
  80
  81 ACTUAL=`getfacl --omit-header "${TARGET}"`
  82 compare
  83
  84 # A file shared by a group, should still be group-writable
  85 # afterwards.
  86 TESTNUM=3
  87 touch "${TARGET}"
  88 chmod 644 "${TARGET}"
  89 setfacl -d -m group:mail:rwx "${TESTDIR}"
  90 $BIN "${TARGET}"
  91
  92 EXPECTED=$(cat <<EOF
  93 user::rw-
  94 group::r--
  95 group:mail:rwx  #effective:rw-
  96 mask::rw-
  97 other::r--
  98 EOF
  99 )
 100
 101 ACTUAL=`getfacl --omit-header "${TARGET}"`
 102 compare
 103
 104 # Same test as before except with a directory.
 105 TESTNUM=4
 106 setfacl -d -m group:mail:rwx "${TESTDIR}"
 107 mkdir "${TARGET}"
 108 chmod 755 "${TARGET}"
 109 $BIN "${TARGET}"
 110
 111 EXPECTED=$(cat <<EOF
 112 user::rwx
 113 group::r-x
 114 group:mail:rwx
 115 mask::rwx
 116 other::r-x
 117 default:user::rwx
 118 default:group::r-x
 119 default:group:mail:rwx
 120 default:mask::rwx
 121 default:other::r-x
 122
 123 EOF
 124 )
 125
 126 ACTUAL=`getfacl --omit-header "${TARGET}"`
 127 compare
 128
 129
 130 # With no default, things are left alone.
 131 TESTNUM=5
 132 touch "${TARGET}"
 133 chmod 744 "${TARGET}"
 134 $BIN "${TARGET}"
 135
 136
 137 EXPECTED=$(cat <<EOF
 138 user::rwx
 139 group::r--
 140 other::r--
 141
 142 EOF
 143 )
 144
 145 ACTUAL=`getfacl --omit-header "${TARGET}"`
 146 compare
 147
 148
 149
 150 # Since the default ACL will grant r-x to group/other, they will wind
 151 # up with it.
 152 TESTNUM=6
 153 touch "${TARGET}"
 154 chmod 744 "${TARGET}"
 155 setfacl -d -m user:mail:rwx "${TESTDIR}"
 156 $BIN "${TARGET}"
 157
 158
 159 EXPECTED=$(cat <<EOF
 160 user::rwx
 161 user:mail:rwx
 162 group::r-x
 163 mask::rwx
 164 other::r-x
 165
 166 EOF
 167 )
 168
 169 ACTUAL=`getfacl --omit-header "${TARGET}"`
 170 compare
 171
 172
 173 # Some named entries can be granted execute permissions as the result
 174 # of reapplication.
 175 TESTNUM=7
 176 touch "${TARGET}"
 177 chmod 744 "${TARGET}"
 178 setfacl -m user:news:rw "${TARGET}"
 179 setfacl -d -m user:mail:rwx "${TESTDIR}"
 180 setfacl -d -m user:news:rwx "${TESTDIR}"
 181 $BIN "${TARGET}"
 182
 183
 184 EXPECTED=$(cat <<EOF
 185 user::rwx
 186 user:mail:rwx
 187 user:news:rwx
 188 group::r-x
 189 mask::rwx
 190 other::r-x
 191
 192 EOF
 193 )
 194
 195 ACTUAL=`getfacl --omit-header "${TARGET}"`
 196 compare
 197
 198
 199 # We should not retain any entries that aren't in the default.
 200 TESTNUM=8
 201 touch "${TARGET}"
 202 chmod 644 "${TARGET}"
 203 setfacl -m user:news:rw "${TARGET}"
 204 setfacl -d -m user:mail:rwx "${TESTDIR}"
 205 $BIN "${TARGET}"
 206
 207
 208 EXPECTED=$(cat <<EOF
 209 user::rw-
 210 user:mail:rwx   #effective:rw-
 211 group::r--
 212 mask::rw-
 213 other::r--
 214
 215 EOF
 216 )
 217
 218 ACTUAL=`getfacl --omit-header "${TARGET}"`
 219 compare
 220
 221
 222 # A slightly modified test #1 to make sure it works right.
 223 TESTNUM=9
 224 TARGET="${TESTDIR}"/foo
 225 touch "${TARGET}"
 226 chmod 777 "${TARGET}"
 227 setfacl -d -m user::r--  "${TESTDIR}"
 228 $BIN "${TARGET}"
 229
 230 EXPECTED=$(cat <<EOF
 231 user::r--
 232 group::r-x
 233 other::r-x
 234
 235 EOF
 236 )
 237
 238 ACTUAL=`getfacl --omit-header "${TARGET}"`
 239 compare
 240
 241
 242 # If the default ACL mask denies execute, we should respect that
 243 # regardless of the existing execute permissions.
 244 TESTNUM=10
 245 TARGET="${TESTDIR}"/foo
 246 touch "${TARGET}"
 247 chmod 777 "${TARGET}"
 248 setfacl -m user:mail:rwx "${TESTDIR}"
 249 setfacl -d -m user:mail:rwx  "${TESTDIR}"
 250 setfacl -d -m mask::rw-  "${TESTDIR}"
 251 $BIN "${TARGET}"
 252
 253 EXPECTED=$(cat <<EOF
 254 user::rwx
 255 user:mail:rwx   #effective:rw-
 256 group::r-x      #effective:r--
 257 mask::rw-
 258 other::r-x
 259
 260 EOF
 261 )
 262
 263 ACTUAL=`getfacl --omit-header "${TARGET}"`
 264 compare
 265
 266
 267
 268 # The --recursive mode should work normally if the argument is a
 269 # normal file. See Test #1.
 270 TESTNUM=11
 271 TARGET="${TESTDIR}"/foo
 272 setfacl -d -m user::r--  "${TESTDIR}"
 273 setfacl -d -m group::r-- "${TESTDIR}"
 274 setfacl -d -m other::r-- "${TESTDIR}"
 275 touch "${TARGET}"
 276 chmod 777 "${TARGET}"
 277 $BIN --recursive "${TARGET}"
 278
 279 EXPECTED=$(cat <<EOF
 280 user::r--
 281 group::r--
 282 other::r--
 283
 284 EOF
 285 )
 286
 287 ACTUAL=`getfacl --omit-header "${TARGET}"`
 288 compare
 289
 290
 291 # The --recursive mode should work recursively.
 292 TESTNUM=12
 293 TARGET="${TESTDIR}"/foo
 294 mkdir -p "${TARGET}"
 295 touch "${TARGET}"/baz
 296 mkdir -p "${TARGET}"/bar
 297 touch "${TARGET}"/bar/quux
 298 setfacl -d -m user::rwx  "${TESTDIR}"
 299 setfacl -d -m group::r-- "${TESTDIR}"
 300 setfacl -d -m other::r-- "${TESTDIR}"
 301 chmod -R 777 "${TARGET}"
 302 $BIN --recursive "${TARGET}"
 303
 304 EXPECTED=$(cat <<EOF
 305 user::rwx
 306 group::r--
 307 other::r--
 308
 309 EOF
 310 )
 311
 312 ACTUAL=`getfacl --omit-header "${TARGET}"/bar/quux`
 313 compare
 314
 315
 316 # The --recursive mode should work recursively. This time
 317 # check a directory, and pass the short command-line flag.
 318 TESTNUM=13
 319 TARGET="${TESTDIR}"/foo
 320 mkdir -p "${TARGET}"
 321 touch "${TARGET}"/baz
 322 mkdir -p "${TARGET}"/bar
 323 touch "${TARGET}"/bar/quux
 324 setfacl -d -m user::rwx  "${TESTDIR}"
 325 setfacl -d -m group::r-- "${TESTDIR}"
 326 setfacl -d -m other::r-- "${TESTDIR}"
 327 chmod -R 777 "${TARGET}"
 328 $BIN -r "${TARGET}"
 329
 330 EXPECTED=$(cat <<EOF
 331 user::rwx
 332 group::r--
 333 other::r--
 334 default:user::rwx
 335 default:group::r--
 336 default:other::r--
 337 EOF
 338 )
 339
 340 ACTUAL=`getfacl --omit-header "${TARGET}"/bar`
 341 compare
 342
 343
 344 # Test double application on a directory.
 345 #
 346 TESTNUM=14
 347 TARGET="${TESTDIR}"/baz
 348 mkdir "${TARGET}"
 349 chmod 644 "${TARGET}"
 350 setfacl -d -m user:mail:rwx "${TESTDIR}"
 351
 352 $BIN "${TARGET}"
 353 $BIN "${TARGET}"
 354
 355 EXPECTED=$(cat <<EOF
 356 user::rwx
 357 user:mail:rwx
 358 group::r-x
 359 mask::rwx
 360 other::r-x
 361 default:user::rwx
 362 default:user:mail:rwx
 363 default:group::r-x
 364 default:mask::rwx
 365 default:other::r-x
 366 EOF
 367 )
 368
 369 ACTUAL=`getfacl --omit-header "${TARGET}"`
 370 compare
 371
 372
 373 # Same as test #14, with 755 initial perms.
 374 #
 375 TESTNUM=15
 376 TARGET="${TESTDIR}"/baz
 377 mkdir "${TARGET}"
 378 chmod 755 "${TARGET}"
 379 setfacl -d -m user:mail:rwx "${TESTDIR}"
 380
 381 $BIN "${TARGET}"
 382 $BIN "${TARGET}"
 383
 384 EXPECTED=$(cat <<EOF
 385 user::rwx
 386 user:mail:rwx
 387 group::r-x
 388 mask::rwx
 389 other::r-x
 390 default:user::rwx
 391 default:user:mail:rwx
 392 default:group::r-x
 393 default:mask::rwx
 394 default:other::r-x
 395 EOF
 396 )
 397
 398 ACTUAL=`getfacl --omit-header "${TARGET}"`
 399 compare