+
+
+# Test double application on a directory.
+#
+TESTNUM=14
+TARGET="${TESTDIR}"/baz
+mkdir "${TARGET}"
+chmod 644 "${TARGET}"
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+
+$BIN "${TARGET}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:bin:rwx
+group::r-x
+mask::rwx
+other::r-x
+default:user::rwx
+default:user:bin:rwx
+default:group::r-x
+default:mask::rwx
+default:other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Same as previous test, with 755 initial perms.
+#
+TESTNUM=15
+TARGET="${TESTDIR}"/baz
+mkdir "${TARGET}"
+chmod 755 "${TARGET}"
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+
+$BIN "${TARGET}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:bin:rwx
+group::r-x
+mask::rwx
+other::r-x
+default:user::rwx
+default:user:bin:rwx
+default:group::r-x
+default:mask::rwx
+default:other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Same as previous two tests, only with a file.
+#
+TESTNUM=16
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 644 "${TARGET}"
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+
+$BIN "${TARGET}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rw-
+user:bin:rwx #effective:rw-
+group::r--
+mask::rw-
+other::r--
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# User-executable files should not wind up exec-masked.
+TESTNUM=17
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 700 "${TARGET}"
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:bin:rwx
+group::r-x
+mask::rwx
+other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Group-executable files should not wind up exec-masked.
+TESTNUM=18
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 670 "${TARGET}"
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:bin:rwx
+group::r-x
+mask::rwx
+other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Other-executable files should not wind up exec-masked.
+TESTNUM=19
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 607 "${TARGET}"
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:bin:rwx
+group::r-x
+mask::rwx
+other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+
+# Test #16's setup repeated with the --no-exec-mask flag.
+#
+TESTNUM=20
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 644 "${TARGET}"
+# The directory allows execute for user, group, and other, so the file
+# should actually inherit them regardless of its initial mode when the
+# --no-exec-mask flag is passed.
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+
+$BIN --no-exec-mask "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:bin:rwx
+group::r-x
+mask::rwx
+other::r-x
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+
+# Test #20 repeated recursively to make sure the flags play nice
+# together.
+TESTNUM=21
+PARENT_DIR="${TESTDIR}"/foo
+TARGET="${PARENT_DIR}"/bar
+mkdir "${PARENT_DIR}"
+touch "${TARGET}"
+chmod 644 "${TARGET}"
+setfacl -d -m user:bin:rwx "${TESTDIR}"
+
+$BIN --recursive --no-exec-mask "${PARENT_DIR}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:bin:rwx
+group::r-x
+mask::rwx
+other::r-x
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+