#!/bin/bash
+# The program name.
+BIN=./src/apply-default-acl
+
# The directory where we'll do all the ACL manipulation.
TESTDIR=test
acl_reset() {
# Remove any ACLs on our test directory and remove its contents.
- setfacl --remove-all --recursive "$TESTDIR"
+ setfacl --remove-all --recursive "${TESTDIR}"
+ chmod 755 "${TESTDIR}"
rm -rf "${TESTDIR}"/*
}
acl_reset
else
echo "Failure (#${TESTNUM})"
- echo "Expected result:"
+ echo 'Expected result:'
+ echo '================'
echo "${EXPECTED}"
- echo "Actual result:"
+ echo '================'
+ echo 'Actual result:'
+ echo '================'
echo "${ACTUAL}"
+ echo '================'
exit 1
fi
}
setfacl -d -m other::r-- "${TESTDIR}"
touch "${TARGET}"
chmod 777 "${TARGET}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::r--
setfacl -d -m user:mail:rwx "${TESTDIR}"
touch "${TARGET}"
chmod 777 "${TARGET}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::r--
touch "${TARGET}"
chmod 644 "${TARGET}"
setfacl -d -m group:mail:rwx "${TESTDIR}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rw-
setfacl -d -m group:mail:rwx "${TESTDIR}"
mkdir "${TARGET}"
chmod 755 "${TARGET}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
TESTNUM=5
touch "${TARGET}"
chmod 744 "${TARGET}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
touch "${TARGET}"
chmod 744 "${TARGET}"
setfacl -d -m user:mail:rwx "${TESTDIR}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
setfacl -m user:news:rw "${TARGET}"
setfacl -d -m user:mail:rwx "${TESTDIR}"
setfacl -d -m user:news:rwx "${TESTDIR}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
chmod 644 "${TARGET}"
setfacl -m user:news:rw "${TARGET}"
setfacl -d -m user:mail:rwx "${TESTDIR}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
touch "${TARGET}"
chmod 777 "${TARGET}"
setfacl -d -m user::r-- "${TESTDIR}"
-./aclq "${TARGET}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::r--
+group::r-x
+other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# If the default ACL mask denies execute, we should respect that
+# regardless of the existing execute permissions.
+TESTNUM=10
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 777 "${TARGET}"
+setfacl -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m mask::rw- "${TESTDIR}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:mail:rwx #effective:rw-
+group::r-x #effective:r--
+mask::rw-
+other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+
+# The --recursive mode should work normally if the argument is a
+# normal file. See Test #1.
+TESTNUM=11
+TARGET="${TESTDIR}"/foo
+setfacl -d -m user::r-- "${TESTDIR}"
+setfacl -d -m group::r-- "${TESTDIR}"
+setfacl -d -m other::r-- "${TESTDIR}"
+touch "${TARGET}"
+chmod 777 "${TARGET}"
+$BIN --recursive "${TARGET}"
EXPECTED=$(cat <<EOF
user::r--
+group::r--
+other::r--
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# The --recursive mode should work recursively.
+TESTNUM=12
+TARGET="${TESTDIR}"/foo
+mkdir -p "${TARGET}"
+touch "${TARGET}"/baz
+mkdir -p "${TARGET}"/bar
+touch "${TARGET}"/bar/quux
+setfacl -d -m user::rwx "${TESTDIR}"
+setfacl -d -m group::r-- "${TESTDIR}"
+setfacl -d -m other::r-- "${TESTDIR}"
+chmod -R 777 "${TARGET}"
+$BIN --recursive "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+group::r--
+other::r--
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"/bar/quux`
+compare
+
+
+# The --recursive mode should work recursively. This time
+# check a directory, and pass the short command-line flag.
+TESTNUM=13
+TARGET="${TESTDIR}"/foo
+mkdir -p "${TARGET}"
+touch "${TARGET}"/baz
+mkdir -p "${TARGET}"/bar
+touch "${TARGET}"/bar/quux
+setfacl -d -m user::rwx "${TESTDIR}"
+setfacl -d -m group::r-- "${TESTDIR}"
+setfacl -d -m other::r-- "${TESTDIR}"
+chmod -R 777 "${TARGET}"
+$BIN -r "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+group::r--
+other::r--
+default:user::rwx
+default:group::r--
+default:other::r--
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"/bar`
+compare
+
+
+# Test double application on a directory.
+#
+TESTNUM=14
+TARGET="${TESTDIR}"/baz
+mkdir "${TARGET}"
+chmod 644 "${TARGET}"
+setfacl -d -m user:mail:rwx "${TESTDIR}"
+
+$BIN "${TARGET}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:mail:rwx
group::r-x
+mask::rwx
other::r-x
+default:user::rwx
+default:user:mail:rwx
+default:group::r-x
+default:mask::rwx
+default:other::r-x
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Same as test #14, with 755 initial perms.
+#
+TESTNUM=15
+TARGET="${TESTDIR}"/baz
+mkdir "${TARGET}"
+chmod 755 "${TARGET}"
+setfacl -d -m user:mail:rwx "${TESTDIR}"
+
+$BIN "${TARGET}"
+$BIN "${TARGET}"
+EXPECTED=$(cat <<EOF
+user::rwx
+user:mail:rwx
+group::r-x
+mask::rwx
+other::r-x
+default:user::rwx
+default:user:mail:rwx
+default:group::r-x
+default:mask::rwx
+default:other::r-x
EOF
)
projects / apply-default-acl.git / blobdiff