]>
gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
7 # Exit with this when a test fails.
10 # We use a few system users in the tests. If these users aren't
11 # present, we exit with a different (non-EXIT_FAILURE).
14 # Define the users that we'll use in the tests below. We store the
15 # names as variables to avoid repeating them everywhere.
17 # WARNING: These must be in alphabetical order; otherwise the getfacl
18 # output will not match.
22 # Check to see if the above users exist. If not, bail.
23 for idx
in $( seq 0 $((${#USERS[@]} - 1)) ); do
24 id
${USERS[idx]} >/dev
/null
2>&1 || exit $EXIT_MISSING_USERS
28 BIN
=src
/apply
-default-acl
30 # The directory where we'll do all the ACL manipulation.
34 # Remove any ACLs on our test directory and remove its contents.
35 setfacl
--remove-all --recursive "${TESTDIR}"
36 chmod 755 "${TESTDIR}"
41 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
42 echo "Success (#${TESTNUM})"
45 echo "Failure (#${TESTNUM})"
46 echo 'Expected result:'
47 echo '================'
49 echo '================'
51 echo '================'
53 echo '================'
58 # Start by removing and recreating the 'acl' directory.
63 # When using a minimal ACL, the default user, group, and other
64 # permissions should all be propagated to the mode bits.
66 TARGET
="${TESTDIR}"/foo
69 setfacl
-d -m user
::r
-- "${TESTDIR}"
70 setfacl
-d -m group
::r
-- "${TESTDIR}"
71 setfacl
-d -m other
::r
-- "${TESTDIR}"
82 ACTUAL
=`getfacl --omit-header "${TARGET}"`
85 # Do the same thing as the last test, except with an extended ACL.
87 setfacl
-d -m user
::r
-- "${TESTDIR}"
88 setfacl
-d -m group
::r
-- "${TESTDIR}"
89 setfacl
-d -m other
::r
-- "${TESTDIR}"
90 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
105 ACTUAL
=`getfacl --omit-header "${TARGET}"`
109 # A file shared by a group, should still be group-writable
113 chmod 644 "${TARGET}"
114 setfacl
-d -m group
:${USERS[0]}:rwx
"${TESTDIR}"
120 group:${USERS[0]}:rwx #effective:rw-
127 ACTUAL
=`getfacl --omit-header "${TARGET}"`
131 # Same test as before except with a directory.
133 setfacl
-d -m group
:${USERS[0]}:rwx
"${TESTDIR}"
135 chmod 755 "${TARGET}"
141 group:${USERS[0]}:rwx
146 default:group:${USERS[0]}:rwx
153 ACTUAL
=`getfacl --omit-header "${TARGET}"`
157 # With no default, things are left alone.
160 chmod 744 "${TARGET}"
172 ACTUAL
=`getfacl --omit-header "${TARGET}"`
177 # Since the default ACL will grant r-x to group/other, they will wind
181 chmod 744 "${TARGET}"
182 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
196 ACTUAL
=`getfacl --omit-header "${TARGET}"`
200 # Some named entries can be granted execute permissions as the result
204 chmod 744 "${TARGET}"
205 setfacl
-m user
:${USERS[1]}:rw
"${TARGET}"
206 # If we don't add 'x' to the mask here, nobody can execute the file.
207 # setfacl will update the mask for us under most circumstances, but
208 # note that we didn't create an entry with an 'x' bit using setfacl --
209 # therefore, setfacl won't unmask 'x' for us.
210 setfacl
-m mask
::rwx
"${TARGET}"
211 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
212 setfacl
-d -m user
:${USERS[1]}:rwx
"${TESTDIR}"
227 ACTUAL
=`getfacl --omit-header "${TARGET}"`
231 # We should not retain any entries that aren't in the default.
234 chmod 644 "${TARGET}"
235 setfacl
-m user
:${USERS[1]}:rw
"${TARGET}"
236 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
242 user:${USERS[0]}:rwx #effective:rw-
250 ACTUAL
=`getfacl --omit-header "${TARGET}"`
254 # A slightly modified test #1 to make sure it works right.
256 TARGET
="${TESTDIR}"/foo
258 chmod 777 "${TARGET}"
259 setfacl
-d -m user
::r
-- "${TESTDIR}"
270 ACTUAL
=`getfacl --omit-header "${TARGET}"`
274 # If the default ACL mask denies execute, we should respect that
275 # regardless of the existing execute permissions.
277 TARGET
="${TESTDIR}"/foo
279 chmod 777 "${TARGET}"
280 setfacl
-m user
:${USERS[0]}:rwx
"${TESTDIR}"
281 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
282 setfacl
-d -m mask
::rw
- "${TESTDIR}"
287 user:${USERS[0]}:rwx #effective:rw-
288 group::r-x #effective:r--
295 ACTUAL
=`getfacl --omit-header "${TARGET}"`
300 # The --recursive mode should work normally if the argument is a
301 # normal file. See Test #1.
303 TARGET
="${TESTDIR}"/foo
304 setfacl
-d -m user
::r
-- "${TESTDIR}"
305 setfacl
-d -m group
::r
-- "${TESTDIR}"
306 setfacl
-d -m other
::r
-- "${TESTDIR}"
308 chmod 777 "${TARGET}"
309 $BIN --recursive "${TARGET}"
319 ACTUAL
=`getfacl --omit-header "${TARGET}"`
323 # The --recursive mode should work recursively.
325 TARGET
="${TESTDIR}"/foo
327 touch "${TARGET}"/baz
328 mkdir -p "${TARGET}"/bar
329 touch "${TARGET}"/bar
/quux
330 setfacl
-d -m user
::rwx
"${TESTDIR}"
331 setfacl
-d -m group
::r
-- "${TESTDIR}"
332 setfacl
-d -m other
::r
-- "${TESTDIR}"
333 chmod -R 777 "${TARGET}"
334 $BIN --recursive "${TARGET}"
344 ACTUAL
=`getfacl --omit-header "${TARGET}"/bar/quux`
348 # The --recursive mode should work recursively. This time
349 # check a directory, and pass the short command-line flag.
351 TARGET
="${TESTDIR}"/foo
353 touch "${TARGET}"/baz
354 mkdir -p "${TARGET}"/bar
355 touch "${TARGET}"/bar
/quux
356 setfacl
-d -m user
::rwx
"${TESTDIR}"
357 setfacl
-d -m group
::r
-- "${TESTDIR}"
358 setfacl
-d -m other
::r
-- "${TESTDIR}"
359 chmod -R 777 "${TARGET}"
373 ACTUAL
=`getfacl --omit-header "${TARGET}"/bar`
377 # Test double application on a directory.
380 TARGET
="${TESTDIR}"/baz
382 chmod 644 "${TARGET}"
383 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
395 default:user:${USERS[0]}:rwx
403 ACTUAL
=`getfacl --omit-header "${TARGET}"`
407 # Same as previous test, with 755 initial perms.
410 TARGET
="${TESTDIR}"/baz
412 chmod 755 "${TARGET}"
413 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
425 default:user:${USERS[0]}:rwx
433 ACTUAL
=`getfacl --omit-header "${TARGET}"`
437 # Same as previous two tests, only with a file.
440 TARGET
="${TESTDIR}"/foo
442 chmod 644 "${TARGET}"
443 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
450 user:${USERS[0]}:rwx #effective:rw-
457 ACTUAL
=`getfacl --omit-header "${TARGET}"`
461 # User-executable files should not wind up exec-masked.
463 TARGET
="${TESTDIR}"/foo
465 chmod 700 "${TARGET}"
466 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
479 ACTUAL
=`getfacl --omit-header "${TARGET}"`
483 # Group-executable files should not wind up exec-masked.
485 TARGET
="${TESTDIR}"/foo
487 chmod 670 "${TARGET}"
488 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
501 ACTUAL
=`getfacl --omit-header "${TARGET}"`
505 # Other-executable files should not wind up exec-masked.
507 TARGET
="${TESTDIR}"/foo
509 chmod 607 "${TARGET}"
510 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
523 ACTUAL
=`getfacl --omit-header "${TARGET}"`
528 # Test #16's setup repeated with the --no-exec-mask flag.
531 TARGET
="${TESTDIR}"/foo
533 chmod 644 "${TARGET}"
534 # The directory allows execute for user, group, and other, so the file
535 # should actually inherit them regardless of its initial mode when the
536 # --no-exec-mask flag is passed.
537 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
539 $BIN --no-exec-mask "${TARGET}"
550 ACTUAL
=`getfacl --omit-header "${TARGET}"`
555 # Test #20 repeated recursively to make sure the flags play nice
558 PARENT_DIR
="${TESTDIR}"/foo
559 TARGET
="${PARENT_DIR}"/bar
560 mkdir "${PARENT_DIR}"
562 chmod 644 "${TARGET}"
563 setfacl
-d -m user
:${USERS[0]}:rwx
"${TESTDIR}"
565 $BIN --recursive --no-exec-mask "${PARENT_DIR}"
576 ACTUAL
=`getfacl --omit-header "${TARGET}"`