X-Git-Url: http://gitweb.michael.orlitzky.com/?p=apply-default-acl.git;a=blobdiff_plain;f=run-tests.sh;h=d6e72bf6f46639cda021f0a65c6a887ad7b9a681;hp=e077c7a46e141585487f9c13b4442f99c25c27d8;hb=44e1b8dbbc5f4c41a142467acc7da6a277a09d40;hpb=65361c54cb58e897697655c68991eed9f05ee8ff diff --git a/run-tests.sh b/run-tests.sh index e077c7a..d6e72bf 100755 --- a/run-tests.sh +++ b/run-tests.sh @@ -13,13 +13,16 @@ EXIT_FAILURE=1 # present, we exit with a different (non-EXIT_FAILURE). EXIT_MISSING_USERS=2 -# Define the users that we'll use in the tests below. We store the -# names as variables to avoid repeating them everywhere. +# Define the users and groups that we'll use in the tests below. We +# store the names as variables to avoid repeating them everywhere. +# Since GROUPS is already part of everyone's environment, we need +# a different name. # # WARNING: These must be in alphabetical order; otherwise the getfacl # output will not match. # USERS=( bin daemon ) +TESTGROUPS=( bin daemon ) # Check to see if the above users exist. If not, bail. for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do @@ -37,6 +40,9 @@ BIN=$(realpath src/apply-default-acl) # The directory where we'll do all the ACL manipulation. TESTDIR=test +# Will auto-increment. +TESTNUM=0 + acl_reset() { # Remove any ACLs on our test directory and remove its contents. setfacl --remove-all --recursive "${TESTDIR}" @@ -69,7 +75,7 @@ mkdir "${TESTDIR}" # When using a minimal ACL, the default user, group, and other # permissions should all be propagated to the mode bits. -TESTNUM=1 +((TESTNUM++)) TARGET="${TESTDIR}"/foo touch "${TARGET}" chmod 777 "${TARGET}" @@ -90,7 +96,7 @@ ACTUAL=$(getfacl --omit-header "${TARGET}") compare # Do the same thing as the last test, except with an extended ACL. -TESTNUM=2 +((TESTNUM++)) setfacl -d -m user::r-- "${TESTDIR}" setfacl -d -m group::r-- "${TESTDIR}" setfacl -d -m other::r-- "${TESTDIR}" @@ -115,7 +121,7 @@ compare # A file shared by a group, should still be group-writable # afterwards. -TESTNUM=3 +((TESTNUM++)) touch "${TARGET}" chmod 644 "${TARGET}" setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}" @@ -136,7 +142,7 @@ compare # Same test as before except with a directory. -TESTNUM=4 +((TESTNUM++)) setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}" mkdir "${TARGET}" chmod 755 "${TARGET}" @@ -162,7 +168,7 @@ compare # With no default, things are left alone. -TESTNUM=5 +((TESTNUM++)) touch "${TARGET}" chmod 744 "${TARGET}" $BIN "${TARGET}" @@ -183,7 +189,7 @@ compare # Since the default ACL will grant r-x to group/other, they will wind # up with it. -TESTNUM=6 +((TESTNUM++)) touch "${TARGET}" chmod 744 "${TARGET}" setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}" @@ -206,7 +212,7 @@ compare # Some named entries can be granted execute permissions as the result # of reapplication. -TESTNUM=7 +((TESTNUM++)) touch "${TARGET}" chmod 744 "${TARGET}" setfacl -m user:${USERS[1]}:rw "${TARGET}" @@ -235,7 +241,7 @@ compare # We should not retain any entries that aren't in the default. -TESTNUM=8 +((TESTNUM++)) touch "${TARGET}" chmod 644 "${TARGET}" setfacl -m user:${USERS[1]}:rw "${TARGET}" @@ -256,8 +262,8 @@ ACTUAL=$(getfacl --omit-header "${TARGET}") compare -# A slightly modified test #1 to make sure it works right. -TESTNUM=9 +# A slightly modified version of the first test, to make sure it works. +((TESTNUM++)) TARGET="${TESTDIR}"/foo touch "${TARGET}" chmod 777 "${TARGET}" @@ -278,7 +284,7 @@ compare # If the default ACL mask denies execute, we should respect that # regardless of the existing execute permissions. -TESTNUM=10 +((TESTNUM++)) TARGET="${TESTDIR}"/foo touch "${TARGET}" chmod 777 "${TARGET}" @@ -303,8 +309,8 @@ compare # The --recursive mode should work normally if the argument is a -# normal file. See Test #1. -TESTNUM=11 +# normal file. See the first test. +((TESTNUM++)) TARGET="${TESTDIR}"/foo setfacl -d -m user::r-- "${TESTDIR}" setfacl -d -m group::r-- "${TESTDIR}" @@ -326,7 +332,7 @@ compare # The --recursive mode should work recursively. -TESTNUM=12 +((TESTNUM++)) TARGET="${TESTDIR}"/foo mkdir -p "${TARGET}" touch "${TARGET}"/baz @@ -352,7 +358,7 @@ compare # The --recursive mode should work recursively. This time # check a directory, and pass the short command-line flag. -TESTNUM=13 +((TESTNUM++)) TARGET="${TESTDIR}"/foo mkdir -p "${TARGET}" touch "${TARGET}"/baz @@ -381,7 +387,7 @@ compare # Test double application on a directory. # -TESTNUM=14 +((TESTNUM++)) TARGET="${TESTDIR}"/baz mkdir "${TARGET}" chmod 644 "${TARGET}" @@ -411,7 +417,7 @@ compare # Same as previous test, with 755 initial perms. # -TESTNUM=15 +((TESTNUM++)) TARGET="${TESTDIR}"/baz mkdir "${TARGET}" chmod 755 "${TARGET}" @@ -441,7 +447,7 @@ compare # Same as previous two tests, only with a file. # -TESTNUM=16 +((TESTNUM++)) TARGET="${TESTDIR}"/foo touch "${TARGET}" chmod 644 "${TARGET}" @@ -464,7 +470,7 @@ compare # User-executable files should not wind up exec-masked. -TESTNUM=17 +((TESTNUM++)) TARGET="${TESTDIR}"/foo touch "${TARGET}" chmod 700 "${TARGET}" @@ -486,7 +492,7 @@ compare # Group-executable files should not wind up exec-masked. -TESTNUM=18 +((TESTNUM++)) TARGET="${TESTDIR}"/foo touch "${TARGET}" chmod 670 "${TARGET}" @@ -508,7 +514,7 @@ compare # Other-executable files should not wind up exec-masked. -TESTNUM=19 +((TESTNUM++)) TARGET="${TESTDIR}"/foo touch "${TARGET}" chmod 607 "${TARGET}" @@ -530,62 +536,11 @@ compare -# Test #16's setup repeated with the --no-exec-mask flag. -# -TESTNUM=20 -TARGET="${TESTDIR}"/foo -touch "${TARGET}" -chmod 644 "${TARGET}" -# The directory allows execute for user, group, and other, so the file -# should actually inherit them regardless of its initial mode when the -# --no-exec-mask flag is passed. -setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}" - -$BIN --no-exec-mask "${TARGET}" - -EXPECTED=$(cat <&1 ) EXPECTED="test/nonexistent: No such file or directory" compare + # Same as the previous test, but with --recursive. -TESTNUM=26 +((TESTNUM++)) ACTUAL=$( "${BIN}" --recursive test/nonexistent 2>&1 ) EXPECTED="test/nonexistent: No such file or directory" compare + # If we call apply-default-acl on more than one file, it should report any # that don't exist (but proceed to operate on the others). -TESTNUM=27 +((TESTNUM++)) DUMMY1="${TESTDIR}/dummy1" DUMMY2="${TESTDIR}/dummy2" touch "${DUMMY1}" "${DUMMY2}" @@ -691,7 +648,7 @@ compare # Ensure that symlinks are not followed. -TESTNUM=28 +((TESTNUM++)) TARGET="${TESTDIR}/foo" LINK2TARGET="${TESTDIR}/foo-sym" touch "${TARGET}" @@ -709,29 +666,22 @@ EOF compare -# Ensure that symlinks are not followed in subdirectories -# (recursively). -TESTNUM=29 +# Ensure that symlinks are not followed in subdirectories (recursively). +((TESTNUM++)) TARGET="${TESTDIR}/bar" touch "${TARGET}" mkdir "${TESTDIR}/foo" LINK2TARGET="${TESTDIR}/foo/bar-sym" ln -s "../bar" "${LINK2TARGET}" setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}/foo" +EXPECTED=$(getfacl --omit-header "${TARGET}") "${BIN}" --recursive "${TESTDIR}/foo" ACTUAL=$( getfacl --omit-header "${TARGET}" ) -EXPECTED=$(cat </dev/null ACTUAL="$?" @@ -843,7 +786,7 @@ compare # Test that one "failure" exit code overrides two "successes" # We need a default ACL on ${TESTDIR} because otherwise we do # nothing, successfully, on the symlink path. -TESTNUM=37 +((TESTNUM++)) mkdir "${TESTDIR}/foo" ln -s foo "${TESTDIR}/bar" mkdir "${TESTDIR}/baz" @@ -854,21 +797,20 @@ EXPECTED="1" compare -# And test the buggy behavior again; the previous test should return -# success (ignoring the failure) when --recursive is used. -TESTNUM=38 +# The failure should prevail when using --recursive, too. +((TESTNUM++)) mkdir "${TESTDIR}/foo" ln -s foo "${TESTDIR}/bar" mkdir "${TESTDIR}/baz" "${BIN}" --recursive "${TESTDIR}" ACTUAL="$?" -EXPECTED="0" +EXPECTED="1" compare # We should get "Not a directory" if we stick a trailing slash on the # end of the path to a file. -TESTNUM=39 +((TESTNUM++)) TARGET="${TESTDIR}/foo" touch "${TARGET}" ACTUAL=$( "${BIN}" "${TARGET}/" 2>&1 ) @@ -878,7 +820,7 @@ compare # We should be a no-op on files contained in directories that have no # default ACL. -TESTNUM=40 +((TESTNUM++)) TARGET="${TESTDIR}/foo" touch "${TARGET}" setfacl --modify user:${USERS[0]}:rw "${TARGET}" @@ -890,7 +832,7 @@ compare # We should be a no-op on directories contained in directories that # have no default ACL (same as the previous test, but with a directory). -TESTNUM=41 +((TESTNUM++)) TARGET="${TESTDIR}/foo" mkdir "${TARGET}" setfacl --modify user:${USERS[0]}:rw "${TARGET}" @@ -899,3 +841,145 @@ EXPECTED=$( getfacl --omit-header "${TARGET}" ) "${BIN}" --recursive "${TARGET}" ACTUAL=$( getfacl --omit-header "${TARGET}" ) compare + + +# Make sure we descend into subdirectories that don't have default ACLs. +((TESTNUM++)) +TARGET="${TESTDIR}/foo/bar/baz" +mkdir -p $(dirname "${TARGET}") +touch "${TARGET}" +touch "${TARGET}-direct" +setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}") +"${BIN}" "${TARGET}-direct" +EXPECTED=$( getfacl --omit-header "${TARGET}-direct" ) +"${BIN}" --recursive "${TESTDIR}" +ACTUAL=$( getfacl --omit-header "${TARGET}" ) +compare + + +# Ensure that we don't get "error" results for symlinks encountered +# during a recursive traversal. +((TESTNUM++)) +TARGET="${TESTDIR}" +mkdir "${TARGET}/foo" +mkdir "${TARGET}/bar" +ln -s "../foo" "${TARGET}/bar/baz" +setfacl --default --modify user:${USERS[0]}:rw "${TARGET}" +EXPECTED="1" +"${BIN}" --recursive "${TARGET}" +ACTUAL=$? +compare + + +# Ensure that "." works as an argument. +((TESTNUM++)) +TARGET="${TESTDIR}" +mkdir "${TARGET}/foo" +mkdir "${TARGET}/bar" +setfacl --default --modify user:${USERS[0]}:rw "${TARGET}" +"${BIN}" "${TARGET}/foo" +EXPECTED=$( getfacl --omit-header "${TARGET}/foo" ) +pushd "${TARGET}/bar" > /dev/null +"${BIN}" "." +ACTUAL=$( getfacl --omit-header "." ) +popd > /dev/null +compare + +# Ensure that "." works as an argument (recursive). +((TESTNUM++)) +TARGET="${TESTDIR}" +mkdir -p "${TARGET}/foo/baz" +mkdir -p "${TARGET}/bar/baz" +setfacl --default --modify user:${USERS[0]}:rw "${TARGET}" +"${BIN}" --recursive "${TARGET}/foo" +EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" ) +pushd "${TARGET}/bar" > /dev/null +"${BIN}" --recursive "." +ACTUAL=$( getfacl --omit-header "./baz" ) +popd > /dev/null +compare + +# Ensure that "./" works as an argument. +((TESTNUM++)) +TARGET="${TESTDIR}" +mkdir "${TARGET}/foo" +mkdir "${TARGET}/bar" +setfacl --default --modify user:${USERS[0]}:rw "${TARGET}" +"${BIN}" "${TARGET}/foo" +EXPECTED=$( getfacl --omit-header "${TARGET}/foo" ) +pushd "${TARGET}/bar" > /dev/null +"${BIN}" "./" +ACTUAL=$( getfacl --omit-header "./" ) +popd > /dev/null +compare + +# Ensure that ".." works as an argument. +((TESTNUM++)) +TARGET="${TESTDIR}" +mkdir "${TARGET}/foo" +mkdir -p "${TARGET}/bar/baz" +setfacl --default --modify user:${USERS[0]}:rw "${TARGET}" +"${BIN}" "${TARGET}/foo" +EXPECTED=$( getfacl --omit-header "${TARGET}/foo" ) +pushd "${TARGET}/bar/baz" > /dev/null +"${BIN}" ".." +ACTUAL=$( getfacl --omit-header ".." ) +popd > /dev/null +compare + +# Ensure that ".." works as an argument (recursive). +((TESTNUM++)) +TARGET="${TESTDIR}" +mkdir -p "${TARGET}/foo/baz" +mkdir -p "${TARGET}/bar/baz" +setfacl --default --modify user:${USERS[0]}:rw "${TARGET}" +"${BIN}" --recursive "${TARGET}/foo" +EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" ) +pushd "${TARGET}/bar/baz" > /dev/null +"${BIN}" --recursive ".." +ACTUAL=$( getfacl --omit-header "." ) +popd > /dev/null +compare + +# Ensure that "../" works as an argument. +((TESTNUM++)) +TARGET="${TESTDIR}" +mkdir "${TARGET}/foo" +mkdir -p "${TARGET}/bar/baz" +setfacl --default --modify user:${USERS[0]}:rw "${TARGET}" +"${BIN}" "${TARGET}/foo" +EXPECTED=$( getfacl --omit-header "${TARGET}/foo" ) +pushd "${TARGET}/bar/baz" > /dev/null +"${BIN}" "../" +ACTUAL=$( getfacl --omit-header "../" ) +popd > /dev/null +compare + + +# Ensure that multiple named-user and named-group entries all get +# applied individually rather than the last one taking precedence. +# This is a regression test against a bug that made it into a release +# and was reported by Michał Bartoszkiewicz. +((TESTNUM++)) +TARGET="${TESTDIR}" +TARGET="${TESTDIR}"/foo +touch "${TARGET}" +setfacl -d -m user:${USERS[0]}:rw- "${TESTDIR}" +setfacl -d -m group:${TESTGROUPS[0]}:rw- "${TESTDIR}" +setfacl -d -m user:${USERS[1]}:--- "${TESTDIR}" +setfacl -d -m group:${TESTGROUPS[1]}:--- "${TESTDIR}" +"${BIN}" "${TARGET}" +EXPECTED=$(cat <