From 34f815597215a6f30b58cba14844f90ffea0d5c5 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Mon, 10 Dec 2018 22:12:23 -0500 Subject: [PATCH] run-tests.sh: add regression test for bug with multiple named entities. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Michał Bartoszkiewicz just reported a very bad bug in the latest release. When multiple named-user and named-group entries exist, the later entries clobber earlier ones in the list. So if there are two default ACL entries on a parent directory for group:bar and group:foo, then apply-default-acl will create two entries on a child but both wind up with the permissions of the group:foo entry. The full test case he provided is as follows: $ getfacl -n . # file: . # owner: 1000 # group: 1000 user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:group:1:--- default:group:2:rw- default:mask::rwx default:other::r-x $ touch foo $ getfacl -n foo # file: foo # owner: 1000 # group: 1000 user::rw- group::r-x #effective:r-- group:1:--- group:2:rw- mask::rw- other::r-- $ apply-default-acl foo $ getfacl -n foo # file: foo # owner: 1000 # group: 1000 user::rw- group::r-- group:1:rw- group:2:rw- mask::rw- other::r-- This commit adds a new regression test that creates multiple default named-user and named-group entries at once (with different permissions!) and checks that they get applied correctly. --- run-tests.sh | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/run-tests.sh b/run-tests.sh index cb04d47..d6e72bf 100755 --- a/run-tests.sh +++ b/run-tests.sh @@ -13,13 +13,16 @@ EXIT_FAILURE=1 # present, we exit with a different (non-EXIT_FAILURE). EXIT_MISSING_USERS=2 -# Define the users that we'll use in the tests below. We store the -# names as variables to avoid repeating them everywhere. +# Define the users and groups that we'll use in the tests below. We +# store the names as variables to avoid repeating them everywhere. +# Since GROUPS is already part of everyone's environment, we need +# a different name. # # WARNING: These must be in alphabetical order; otherwise the getfacl # output will not match. # USERS=( bin daemon ) +TESTGROUPS=( bin daemon ) # Check to see if the above users exist. If not, bail. for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do @@ -951,3 +954,32 @@ pushd "${TARGET}/bar/baz" > /dev/null ACTUAL=$( getfacl --omit-header "../" ) popd > /dev/null compare + + +# Ensure that multiple named-user and named-group entries all get +# applied individually rather than the last one taking precedence. +# This is a regression test against a bug that made it into a release +# and was reported by Michał Bartoszkiewicz. +((TESTNUM++)) +TARGET="${TESTDIR}" +TARGET="${TESTDIR}"/foo +touch "${TARGET}" +setfacl -d -m user:${USERS[0]}:rw- "${TESTDIR}" +setfacl -d -m group:${TESTGROUPS[0]}:rw- "${TESTDIR}" +setfacl -d -m user:${USERS[1]}:--- "${TESTDIR}" +setfacl -d -m group:${TESTGROUPS[1]}:--- "${TESTDIR}" +"${BIN}" "${TARGET}" +EXPECTED=$(cat <