+
+
+# Ensure that symlinks in non-terminal path components are not followed.
+((TESTNUM++))
+TARGET="${TESTDIR}/foo/bar/baz"
+LINK2FOO="${TESTDIR}/quux"
+mkdir -p $(dirname "${TARGET}")
+touch "${TARGET}"
+ln -s foo "${LINK2FOO}"
+setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
+EXPECTED=$(getfacl --omit-header "${TARGET}")
+"${BIN}" "${LINK2FOO}/bar/baz"
+ACTUAL=$( getfacl --omit-header "${TARGET}" )
+compare
+
+
+# Test that our exit code succeeds on a single, normal path.
+((TESTNUM++))
+TARGET="${TESTDIR}/foo"
+touch "${TARGET}"
+setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
+"${BIN}" "${TARGET}"
+ACTUAL="$?"
+EXPECTED="0"
+compare
+
+
+# Test that our exit code fails on a symlink.
+((TESTNUM++))
+TARGET="${TESTDIR}/bar"
+touch "${TESTDIR}/foo"
+ln -s foo "${TARGET}"
+setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
+"${BIN}" "${TARGET}"
+ACTUAL="$?"
+EXPECTED="1"
+compare
+
+
+# The previous test should fail, even if we use --recursive.
+((TESTNUM++))
+TARGET="${TESTDIR}/bar"
+touch "${TESTDIR}/foo"
+ln -s foo "${TARGET}"
+setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
+"${BIN}" --recursive "${TARGET}"
+ACTUAL="$?"
+EXPECTED="1"
+compare
+
+
+# Test the return value for nonexistent paths.
+((TESTNUM++))
+TARGET="${TESTDIR}/foo"
+"${BIN}" "${TARGET}" &>/dev/null
+ACTUAL="$?"
+EXPECTED="1"
+compare
+
+
+# Test that one "failure" exit code overrides two "successes"
+# We need a default ACL on ${TESTDIR} because otherwise we do
+# nothing, successfully, on the symlink path.
+((TESTNUM++))
+mkdir "${TESTDIR}/foo"
+ln -s foo "${TESTDIR}/bar"
+mkdir "${TESTDIR}/baz"
+setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
+"${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
+ACTUAL="$?"
+EXPECTED="1"
+compare
+
+
+# The failure should prevail when using --recursive, too.
+((TESTNUM++))
+mkdir "${TESTDIR}/foo"
+ln -s foo "${TESTDIR}/bar"
+mkdir "${TESTDIR}/baz"
+"${BIN}" --recursive "${TESTDIR}"
+ACTUAL="$?"
+EXPECTED="1"
+compare
+
+
+# We should get "Not a directory" if we stick a trailing slash on the
+# end of the path to a file.
+((TESTNUM++))
+TARGET="${TESTDIR}/foo"
+touch "${TARGET}"
+ACTUAL=$( "${BIN}" "${TARGET}/" 2>&1 )
+EXPECTED="${TARGET}/: Not a directory"
+compare
+
+
+# We should be a no-op on files contained in directories that have no
+# default ACL.
+((TESTNUM++))
+TARGET="${TESTDIR}/foo"
+touch "${TARGET}"
+setfacl --modify user:${USERS[0]}:rw "${TARGET}"
+EXPECTED=$( getfacl --omit-header "${TARGET}" )
+"${BIN}" "${TARGET}"
+ACTUAL=$( getfacl --omit-header "${TARGET}" )
+compare
+
+
+# We should be a no-op on directories contained in directories that
+# have no default ACL (same as the previous test, but with a directory).
+((TESTNUM++))
+TARGET="${TESTDIR}/foo"
+mkdir "${TARGET}"
+setfacl --modify user:${USERS[0]}:rw "${TARGET}"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+EXPECTED=$( getfacl --omit-header "${TARGET}" )
+"${BIN}" --recursive "${TARGET}"
+ACTUAL=$( getfacl --omit-header "${TARGET}" )
+compare
+
+
+# Make sure we descend into subdirectories that don't have default ACLs.
+((TESTNUM++))
+TARGET="${TESTDIR}/foo/bar/baz"
+mkdir -p $(dirname "${TARGET}")
+touch "${TARGET}"
+touch "${TARGET}-direct"
+setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
+"${BIN}" "${TARGET}-direct"
+EXPECTED=$( getfacl --omit-header "${TARGET}-direct" )
+"${BIN}" --recursive "${TESTDIR}"
+ACTUAL=$( getfacl --omit-header "${TARGET}" )
+compare
+
+
+# Ensure that we don't get "error" results for symlinks encountered
+# during a recursive traversal.
+((TESTNUM++))
+TARGET="${TESTDIR}"
+mkdir "${TARGET}/foo"
+mkdir "${TARGET}/bar"
+ln -s "../foo" "${TARGET}/bar/baz"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+EXPECTED="1"
+"${BIN}" --recursive "${TARGET}"
+ACTUAL=$?
+compare
+
+
+# Ensure that "." works as an argument.
+((TESTNUM++))
+TARGET="${TESTDIR}"
+mkdir "${TARGET}/foo"
+mkdir "${TARGET}/bar"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+"${BIN}" "${TARGET}/foo"
+EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
+pushd "${TARGET}/bar" > /dev/null
+"${BIN}" "."
+ACTUAL=$( getfacl --omit-header "." )
+popd > /dev/null
+compare
+
+# Ensure that "." works as an argument (recursive).
+((TESTNUM++))
+TARGET="${TESTDIR}"
+mkdir -p "${TARGET}/foo/baz"
+mkdir -p "${TARGET}/bar/baz"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+"${BIN}" --recursive "${TARGET}/foo"
+EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" )
+pushd "${TARGET}/bar" > /dev/null
+"${BIN}" --recursive "."
+ACTUAL=$( getfacl --omit-header "./baz" )
+popd > /dev/null
+compare
+
+# Ensure that "./" works as an argument.
+((TESTNUM++))
+TARGET="${TESTDIR}"
+mkdir "${TARGET}/foo"
+mkdir "${TARGET}/bar"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+"${BIN}" "${TARGET}/foo"
+EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
+pushd "${TARGET}/bar" > /dev/null
+"${BIN}" "./"
+ACTUAL=$( getfacl --omit-header "./" )
+popd > /dev/null
+compare
+
+# Ensure that ".." works as an argument.
+((TESTNUM++))
+TARGET="${TESTDIR}"
+mkdir "${TARGET}/foo"
+mkdir -p "${TARGET}/bar/baz"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+"${BIN}" "${TARGET}/foo"
+EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
+pushd "${TARGET}/bar/baz" > /dev/null
+"${BIN}" ".."
+ACTUAL=$( getfacl --omit-header ".." )
+popd > /dev/null
+compare
+
+# Ensure that ".." works as an argument (recursive).
+((TESTNUM++))
+TARGET="${TESTDIR}"
+mkdir -p "${TARGET}/foo/baz"
+mkdir -p "${TARGET}/bar/baz"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+"${BIN}" --recursive "${TARGET}/foo"
+EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" )
+pushd "${TARGET}/bar/baz" > /dev/null
+"${BIN}" --recursive ".."
+ACTUAL=$( getfacl --omit-header "." )
+popd > /dev/null
+compare
+
+# Ensure that "../" works as an argument.
+((TESTNUM++))
+TARGET="${TESTDIR}"
+mkdir "${TARGET}/foo"
+mkdir -p "${TARGET}/bar/baz"
+setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
+"${BIN}" "${TARGET}/foo"
+EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
+pushd "${TARGET}/bar/baz" > /dev/null
+"${BIN}" "../"
+ACTUAL=$( getfacl --omit-header "../" )
+popd > /dev/null
+compare
+
+
+# Ensure that multiple named-user and named-group entries all get
+# applied individually rather than the last one taking precedence.
+# This is a regression test against a bug that made it into a release
+# and was reported by MichaĆ Bartoszkiewicz.
+((TESTNUM++))
+TARGET="${TESTDIR}"
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rw- "${TESTDIR}"
+setfacl -d -m group:${TESTGROUPS[0]}:rw- "${TESTDIR}"
+setfacl -d -m user:${USERS[1]}:--- "${TESTDIR}"
+setfacl -d -m group:${TESTGROUPS[1]}:--- "${TESTDIR}"
+"${BIN}" "${TARGET}"
+EXPECTED=$(cat <<EOF
+user::rw-
+user:${USERS[0]}:rw-
+user:${USERS[1]}:---
+group::r--
+group:${TESTGROUPS[0]}:rw-
+group:${TESTGROUPS[1]}:---
+mask::rw-
+other::r--
+
+EOF
+)
+ACTUAL=$( getfacl --omit-header "${TARGET}" )
+compare