]>
gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
9 # Exit with this when a test fails.
12 # We use a few system users in the tests. If these users aren't
13 # present, we exit with a different (non-EXIT_FAILURE).
16 # Define the users that we'll use in the tests below. We store the
17 # names as variables to avoid repeating them everywhere.
19 # WARNING: These must be in alphabetical order; otherwise the getfacl
20 # output will not match.
24 # Check to see if the above users exist. If not, bail.
25 for idx
in $( seq 0 $((${#USERS[@]} - 1)) ); do
26 id
"${USERS[idx]}" >/dev
/null
2>&1
28 if [ $?
-ne $EXIT_SUCCESS ]; then
29 echo "Error: missing test user ${USERS[idx]}." 1>&2
30 exit $EXIT_MISSING_USERS
35 BIN
=src
/apply
-default-acl
37 # The directory where we'll do all the ACL manipulation.
41 # Remove any ACLs on our test directory and remove its contents.
42 setfacl
--remove-all --recursive "${TESTDIR}"
43 chmod 755 "${TESTDIR}"
48 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
49 echo "Success (#${TESTNUM})"
52 echo "Failure (#${TESTNUM})"
53 echo 'Expected result:'
54 echo '================'
56 echo '================'
58 echo '================'
60 echo '================'
65 # Start by removing and recreating the 'acl' directory.
70 # When using a minimal ACL, the default user, group, and other
71 # permissions should all be propagated to the mode bits.
73 TARGET
="${TESTDIR}"/foo
76 setfacl
-d -m user
::r
-- "${TESTDIR}"
77 setfacl
-d -m group
::r
-- "${TESTDIR}"
78 setfacl
-d -m other
::r
-- "${TESTDIR}"
89 ACTUAL
=`getfacl --omit-header "${TARGET}"`
92 # Do the same thing as the last test, except with an extended ACL.
94 setfacl
-d -m user
::r
-- "${TESTDIR}"
95 setfacl
-d -m group
::r
-- "${TESTDIR}"
96 setfacl
-d -m other
::r
-- "${TESTDIR}"
97 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
112 ACTUAL
=`getfacl --omit-header "${TARGET}"`
116 # A file shared by a group, should still be group-writable
120 chmod 644 "${TARGET}"
121 setfacl
-d -m group
:${USERS[0]}:rwx
"${TESTDIR}"
127 group:${USERS[0]}:rwx #effective:rw-
134 ACTUAL
=`getfacl --omit-header "${TARGET}"`
138 # Same test as before except with a directory.
140 setfacl
-d -m group
:${USERS[0]}:rwx
"${TESTDIR}"
142 chmod 755 "${TARGET}"
148 group:${USERS[0]}:rwx
153 default:group:${USERS[0]}:rwx
160 ACTUAL
=`getfacl --omit-header "${TARGET}"`
164 # With no default, things are left alone.
167 chmod 744 "${TARGET}"
179 ACTUAL
=`getfacl --omit-header "${TARGET}"`
184 # Since the default ACL will grant r-x to group/other, they will wind
188 chmod 744 "${TARGET}"
189 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
203 ACTUAL
=`getfacl --omit-header "${TARGET}"`
207 # Some named entries can be granted execute permissions as the result
211 chmod 744 "${TARGET}"
212 setfacl
-m user
:${USERS[1]}:rw
"${TARGET}"
213 # If we don't add 'x' to the mask here, nobody can execute the file.
214 # setfacl will update the mask for us under most circumstances, but
215 # note that we didn't create an entry with an 'x' bit using setfacl --
216 # therefore, setfacl won't unmask 'x' for us.
217 setfacl
-m mask
::rwx
"${TARGET}"
218 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
219 setfacl
-d -m user
:${USERS[1]}:rwx
"${TESTDIR}"
234 ACTUAL
=`getfacl --omit-header "${TARGET}"`
238 # We should not retain any entries that aren't in the default.
241 chmod 644 "${TARGET}"
242 setfacl
-m user
:${USERS[1]}:rw
"${TARGET}"
243 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
249 user:${USERS[0]}:rwx #effective:rw-
257 ACTUAL
=`getfacl --omit-header "${TARGET}"`
261 # A slightly modified test #1 to make sure it works right.
263 TARGET
="${TESTDIR}"/foo
265 chmod 777 "${TARGET}"
266 setfacl
-d -m user
::r
-- "${TESTDIR}"
277 ACTUAL
=`getfacl --omit-header "${TARGET}"`
281 # If the default ACL mask denies execute, we should respect that
282 # regardless of the existing execute permissions.
284 TARGET
="${TESTDIR}"/foo
286 chmod 777 "${TARGET}"
287 setfacl
-m user
:${USERS[0]}:rwx
"${TESTDIR}"
288 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
289 setfacl
-d -m mask
::rw
- "${TESTDIR}"
294 user:${USERS[0]}:rwx #effective:rw-
295 group::r-x #effective:r--
302 ACTUAL
=`getfacl --omit-header "${TARGET}"`
307 # The --recursive mode should work normally if the argument is a
308 # normal file. See Test #1.
310 TARGET
="${TESTDIR}"/foo
311 setfacl
-d -m user
::r
-- "${TESTDIR}"
312 setfacl
-d -m group
::r
-- "${TESTDIR}"
313 setfacl
-d -m other
::r
-- "${TESTDIR}"
315 chmod 777 "${TARGET}"
316 $BIN --recursive "${TARGET}"
326 ACTUAL
=`getfacl --omit-header "${TARGET}"`
330 # The --recursive mode should work recursively.
332 TARGET
="${TESTDIR}"/foo
334 touch "${TARGET}"/baz
335 mkdir -p "${TARGET}"/bar
336 touch "${TARGET}"/bar
/quux
337 setfacl
-d -m user
::rwx
"${TESTDIR}"
338 setfacl
-d -m group
::r
-- "${TESTDIR}"
339 setfacl
-d -m other
::r
-- "${TESTDIR}"
340 chmod -R 777 "${TARGET}"
341 $BIN --recursive "${TARGET}"
351 ACTUAL
=`getfacl --omit-header "${TARGET}"/bar/quux`
355 # The --recursive mode should work recursively. This time
356 # check a directory, and pass the short command-line flag.
358 TARGET
="${TESTDIR}"/foo
360 touch "${TARGET}"/baz
361 mkdir -p "${TARGET}"/bar
362 touch "${TARGET}"/bar
/quux
363 setfacl
-d -m user
::rwx
"${TESTDIR}"
364 setfacl
-d -m group
::r
-- "${TESTDIR}"
365 setfacl
-d -m other
::r
-- "${TESTDIR}"
366 chmod -R 777 "${TARGET}"
380 ACTUAL
=`getfacl --omit-header "${TARGET}"/bar`
384 # Test double application on a directory.
387 TARGET
="${TESTDIR}"/baz
389 chmod 644 "${TARGET}"
390 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
402 default:user:${USERS[0]}:rwx
410 ACTUAL
=`getfacl --omit-header "${TARGET}"`
414 # Same as previous test, with 755 initial perms.
417 TARGET
="${TESTDIR}"/baz
419 chmod 755 "${TARGET}"
420 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
432 default:user:${USERS[0]}:rwx
440 ACTUAL
=`getfacl --omit-header "${TARGET}"`
444 # Same as previous two tests, only with a file.
447 TARGET
="${TESTDIR}"/foo
449 chmod 644 "${TARGET}"
450 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
457 user:${USERS[0]}:rwx #effective:rw-
464 ACTUAL
=`getfacl --omit-header "${TARGET}"`
468 # User-executable files should not wind up exec-masked.
470 TARGET
="${TESTDIR}"/foo
472 chmod 700 "${TARGET}"
473 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
486 ACTUAL
=`getfacl --omit-header "${TARGET}"`
490 # Group-executable files should not wind up exec-masked.
492 TARGET
="${TESTDIR}"/foo
494 chmod 670 "${TARGET}"
495 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
508 ACTUAL
=`getfacl --omit-header "${TARGET}"`
512 # Other-executable files should not wind up exec-masked.
514 TARGET
="${TESTDIR}"/foo
516 chmod 607 "${TARGET}"
517 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
530 ACTUAL
=`getfacl --omit-header "${TARGET}"`
535 # Test #16's setup repeated with the --no-exec-mask flag.
538 TARGET
="${TESTDIR}"/foo
540 chmod 644 "${TARGET}"
541 # The directory allows execute for user, group, and other, so the file
542 # should actually inherit them regardless of its initial mode when the
543 # --no-exec-mask flag is passed.
544 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
546 $BIN --no-exec-mask "${TARGET}"
557 ACTUAL
=`getfacl --omit-header "${TARGET}"`
562 # Test #20 repeated recursively to make sure the flags play nice
565 PARENT_DIR
="${TESTDIR}"/foo
566 TARGET
="${PARENT_DIR}"/bar
567 mkdir "${PARENT_DIR}"
569 chmod 644 "${TARGET}"
570 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
572 $BIN --recursive --no-exec-mask "${PARENT_DIR}"
583 ACTUAL
=`getfacl --omit-header "${TARGET}"`
587 # Make sure a mask with an execute bit doesn't count as being
591 TARGET
="${TESTDIR}"/foo
593 chmod 644 "${TARGET}"
594 setfacl
-m user
::rw
"${TARGET}"
595 setfacl
-m group
::rw
"${TARGET}"
596 # Even though the mask has an 'x' bit, nobody can execute it.
597 setfacl
-m mask
::rwx
"${TARGET}"
598 setfacl
-d -m user
::rwx
"${TESTDIR}"
599 setfacl
-d -m group
::rwx
"${TESTDIR}"
611 ACTUAL
=`getfacl --omit-header "${TARGET}"`
615 # Same as test #2, except we pass multiple files on the command
616 # line and check the result of the first one.
618 setfacl
-d -m user
::r
-- "${TESTDIR}"
619 setfacl
-d -m group
::r
-- "${TESTDIR}"
620 setfacl
-d -m other
::r
-- "${TESTDIR}"
621 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
622 DUMMY
="${TESTDIR}/dummy"
626 chmod 777 "${TARGET}"
627 $BIN "${TARGET}" "${DUMMY}"
639 ACTUAL
=`getfacl --omit-header "${TARGET}"`
644 # Same as the previous test with the argument order switched.
646 setfacl
-d -m user
::r
-- "${TESTDIR}"
647 setfacl
-d -m group
::r
-- "${TESTDIR}"
648 setfacl
-d -m other
::r
-- "${TESTDIR}"
649 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
650 DUMMY
="${TESTDIR}/dummy"
654 chmod 777 "${TARGET}"
655 $BIN "${DUMMY}" "${TARGET}"
667 ACTUAL
=`getfacl --omit-header "${TARGET}"`