run-tests.sh

   1 #!/bin/bash
   2
   3 # The program name.
   4 BIN=./src/reapply_default_acl
   5
   6 # The directory where we'll do all the ACL manipulation.
   7 TESTDIR=test
   8
   9 acl_reset() {
  10     # Remove any ACLs on our test directory and remove its contents.
  11     setfacl --remove-all --recursive "$TESTDIR"
  12     rm -rf "${TESTDIR}"/*
  13 }
  14
  15 compare() {
  16     if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
  17         echo "Success (#${TESTNUM})"
  18         acl_reset
  19     else
  20         echo "Failure (#${TESTNUM})"
  21         echo "Expected result:"
  22         echo "${EXPECTED}"
  23         echo "Actual result:"
  24         echo "${ACTUAL}"
  25         exit 1
  26     fi
  27 }
  28
  29 # Start by removing and recreating the 'acl' directory.
  30 rm -rf "${TESTDIR}"
  31 mkdir "${TESTDIR}"
  32
  33
  34 # When using a minimal ACL, the default user, group, and other
  35 # permissions should all be propagated to the mode bits.
  36 TESTNUM=1
  37 TARGET="${TESTDIR}"/foo
  38 setfacl -d -m user::r--  "${TESTDIR}"
  39 setfacl -d -m group::r-- "${TESTDIR}"
  40 setfacl -d -m other::r-- "${TESTDIR}"
  41 touch "${TARGET}"
  42 chmod 777 "${TARGET}"
  43 $BIN "${TARGET}"
  44
  45 EXPECTED=$(cat <<EOF
  46 user::r--
  47 group::r--
  48 other::r--
  49
  50 EOF
  51 )
  52
  53 ACTUAL=`getfacl --omit-header "${TARGET}"`
  54 compare
  55
  56 # Do the same thing as the last test, except with an extended ACL.
  57 TESTNUM=2
  58 setfacl -d -m user::r--     "${TESTDIR}"
  59 setfacl -d -m group::r--    "${TESTDIR}"
  60 setfacl -d -m other::r--    "${TESTDIR}"
  61 setfacl -d -m user:mail:rwx "${TESTDIR}"
  62 touch "${TARGET}"
  63 chmod 777 "${TARGET}"
  64 $BIN "${TARGET}"
  65
  66 EXPECTED=$(cat <<EOF
  67 user::r--
  68 user:mail:rwx
  69 group::r--
  70 mask::rwx
  71 other::r--
  72
  73 EOF
  74 )
  75
  76 ACTUAL=`getfacl --omit-header "${TARGET}"`
  77 compare
  78
  79 # A file shared by a group, should still be group-writable
  80 # afterwards.
  81 TESTNUM=3
  82 touch "${TARGET}"
  83 chmod 644 "${TARGET}"
  84 setfacl -d -m group:mail:rwx "${TESTDIR}"
  85 $BIN "${TARGET}"
  86
  87 EXPECTED=$(cat <<EOF
  88 user::rw-
  89 group::r--
  90 group:mail:rwx  #effective:rw-
  91 mask::rw-
  92 other::r--
  93 EOF
  94 )
  95
  96 ACTUAL=`getfacl --omit-header "${TARGET}"`
  97 compare
  98
  99 # Same test as before except with a directory.
 100 TESTNUM=4
 101 setfacl -d -m group:mail:rwx "${TESTDIR}"
 102 mkdir "${TARGET}"
 103 chmod 755 "${TARGET}"
 104 $BIN "${TARGET}"
 105
 106 EXPECTED=$(cat <<EOF
 107 user::rwx
 108 group::r-x
 109 group:mail:rwx
 110 mask::rwx
 111 other::r-x
 112 default:user::rwx
 113 default:group::r-x
 114 default:group:mail:rwx
 115 default:mask::rwx
 116 default:other::r-x
 117
 118 EOF
 119 )
 120
 121 ACTUAL=`getfacl --omit-header "${TARGET}"`
 122 compare
 123
 124
 125 # With no default, things are left alone.
 126 TESTNUM=5
 127 touch "${TARGET}"
 128 chmod 744 "${TARGET}"
 129 $BIN "${TARGET}"
 130
 131
 132 EXPECTED=$(cat <<EOF
 133 user::rwx
 134 group::r--
 135 other::r--
 136
 137 EOF
 138 )
 139
 140 ACTUAL=`getfacl --omit-header "${TARGET}"`
 141 compare
 142
 143
 144
 145 # Since the default ACL will grant r-x to group/other, they will wind
 146 # up with it.
 147 TESTNUM=6
 148 touch "${TARGET}"
 149 chmod 744 "${TARGET}"
 150 setfacl -d -m user:mail:rwx "${TESTDIR}"
 151 $BIN "${TARGET}"
 152
 153
 154 EXPECTED=$(cat <<EOF
 155 user::rwx
 156 user:mail:rwx
 157 group::r-x
 158 mask::rwx
 159 other::r-x
 160
 161 EOF
 162 )
 163
 164 ACTUAL=`getfacl --omit-header "${TARGET}"`
 165 compare
 166
 167
 168 # Some named entries can be granted execute permissions as the result
 169 # of reapplication.
 170 TESTNUM=7
 171 touch "${TARGET}"
 172 chmod 744 "${TARGET}"
 173 setfacl -m user:news:rw "${TARGET}"
 174 setfacl -d -m user:mail:rwx "${TESTDIR}"
 175 setfacl -d -m user:news:rwx "${TESTDIR}"
 176 $BIN "${TARGET}"
 177
 178
 179 EXPECTED=$(cat <<EOF
 180 user::rwx
 181 user:mail:rwx
 182 user:news:rwx
 183 group::r-x
 184 mask::rwx
 185 other::r-x
 186
 187 EOF
 188 )
 189
 190 ACTUAL=`getfacl --omit-header "${TARGET}"`
 191 compare
 192
 193
 194 # We should not retain any entries that aren't in the default.
 195 TESTNUM=8
 196 touch "${TARGET}"
 197 chmod 644 "${TARGET}"
 198 setfacl -m user:news:rw "${TARGET}"
 199 setfacl -d -m user:mail:rwx "${TESTDIR}"
 200 $BIN "${TARGET}"
 201
 202
 203 EXPECTED=$(cat <<EOF
 204 user::rw-
 205 user:mail:rwx   #effective:rw-
 206 group::r--
 207 mask::rw-
 208 other::r--
 209
 210 EOF
 211 )
 212
 213 ACTUAL=`getfacl --omit-header "${TARGET}"`
 214 compare
 215
 216
 217 # A slightly modified test #1 to make sure it works right.
 218 TESTNUM=9
 219 TARGET="${TESTDIR}"/foo
 220 touch "${TARGET}"
 221 chmod 777 "${TARGET}"
 222 setfacl -d -m user::r--  "${TESTDIR}"
 223 $BIN "${TARGET}"
 224
 225 EXPECTED=$(cat <<EOF
 226 user::r--
 227 group::r-x
 228 other::r-x
 229
 230 EOF
 231 )
 232
 233 ACTUAL=`getfacl --omit-header "${TARGET}"`
 234 compare
 235
 236
 237 # If the default ACL mask denies execute, we should respect that
 238 # regardless of the existing execute permissions.
 239 TESTNUM=10
 240 TARGET="${TESTDIR}"/foo
 241 touch "${TARGET}"
 242 chmod 777 "${TARGET}"
 243 setfacl -m user:mail:rwx "${TESTDIR}"
 244 setfacl -d -m user:mail:rwx  "${TESTDIR}"
 245 setfacl -d -m mask::rw-  "${TESTDIR}"
 246 $BIN "${TARGET}"
 247
 248 EXPECTED=$(cat <<EOF
 249 user::rwx
 250 user:mail:rwx   #effective:rw-
 251 group::r-x      #effective:r--
 252 mask::rw-
 253 other::r-x
 254
 255 EOF
 256 )
 257
 258 ACTUAL=`getfacl --omit-header "${TARGET}"`
 259 compare
 260
 261
 262
 263 # The --recursive mode should work normally if the argument is a
 264 # normal file. See Test #1.
 265 TESTNUM=11
 266 TARGET="${TESTDIR}"/foo
 267 setfacl -d -m user::r--  "${TESTDIR}"
 268 setfacl -d -m group::r-- "${TESTDIR}"
 269 setfacl -d -m other::r-- "${TESTDIR}"
 270 touch "${TARGET}"
 271 chmod 777 "${TARGET}"
 272 $BIN --recursive "${TARGET}"
 273
 274 EXPECTED=$(cat <<EOF
 275 user::r--
 276 group::r--
 277 other::r--
 278
 279 EOF
 280 )
 281
 282 ACTUAL=`getfacl --omit-header "${TARGET}"`
 283 compare
 284
 285
 286 # The --recursive mode should work recursively.
 287 TESTNUM=12
 288 TARGET="${TESTDIR}"/foo
 289 mkdir -p "${TARGET}"
 290 touch "${TARGET}"/baz
 291 mkdir -p "${TARGET}"/bar
 292 touch "${TARGET}"/bar/quux
 293 setfacl -d -m user::rwx  "${TESTDIR}"
 294 setfacl -d -m group::r-- "${TESTDIR}"
 295 setfacl -d -m other::r-- "${TESTDIR}"
 296 chmod -R 777 "${TARGET}"
 297 $BIN --recursive "${TARGET}"
 298
 299 EXPECTED=$(cat <<EOF
 300 user::rwx
 301 group::r--
 302 other::r--
 303
 304 EOF
 305 )
 306
 307 ACTUAL=`getfacl --omit-header "${TARGET}"/bar/quux`
 308 compare
 309
 310
 311 # The --recursive mode should work recursively. This time
 312 # check a directory, and pass the short command-line flag.
 313 TESTNUM=13
 314 TARGET="${TESTDIR}"/foo
 315 mkdir -p "${TARGET}"
 316 touch "${TARGET}"/baz
 317 mkdir -p "${TARGET}"/bar
 318 touch "${TARGET}"/bar/quux
 319 setfacl -d -m user::rwx  "${TESTDIR}"
 320 setfacl -d -m group::r-- "${TESTDIR}"
 321 setfacl -d -m other::r-- "${TESTDIR}"
 322 chmod -R 777 "${TARGET}"
 323 $BIN -r "${TARGET}"
 324
 325 EXPECTED=$(cat <<EOF
 326 user::rwx
 327 group::r--
 328 other::r--
 329 default:user::rwx
 330 default:group::r--
 331 default:other::r--
 332 EOF
 333 )
 334
 335 ACTUAL=`getfacl --omit-header "${TARGET}"/bar`
 336 compare