]> gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
projects / apply-default-acl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
configure.ac: bump the version number to 0.4.3.
[apply-default-acl.git] / run-tests.sh
1 #!/bin/bash
2
3 #
4 # Exit codes
5 #
6
7 EXIT_SUCCESS=0
8
9 # Exit with this when a test fails.
10 EXIT_FAILURE=1
11
12 # We use a few system users in the tests. If these users aren't
13 # present, we exit with a different (non-EXIT_FAILURE).
14 EXIT_MISSING_USERS=2
15
16 # Define the users and groups that we'll use in the tests below. We
17 # store the names as variables to avoid repeating them everywhere.
18 # Since GROUPS is already part of everyone's environment, we need
19 # a different name.
20 #
21 # WARNING: These must be in alphabetical order; otherwise the getfacl
22 # output will not match.
23 #
24 USERS=( bin daemon )
25 TESTGROUPS=( bin daemon )
26
27 # Check to see if the above users exist. If not, bail.
28 for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
29 id "${USERS[idx]}" >/dev/null 2>&1
30
31 if [ $? -ne $EXIT_SUCCESS ]; then
32 echo "Error: missing test user ${USERS[idx]}." 1>&2
33 exit $EXIT_MISSING_USERS
34 fi
35 done
36
37 # The program name.
38 BIN=$(realpath src/apply-default-acl)
39
40 # The directory where we'll do all the ACL manipulation.
41 TESTDIR=test
42
43 # Will auto-increment.
44 TESTNUM=0
45
46 acl_reset() {
47 # Remove any ACLs on our test directory and remove its contents.
48 setfacl --remove-all --recursive "${TESTDIR}"
49 chmod 755 "${TESTDIR}"
50 rm -rf "${TESTDIR}"/*
51 }
52
53 compare() {
54 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
55 echo "Success (#${TESTNUM})"
56 acl_reset
57 else
58 echo "Failure (#${TESTNUM})"
59 echo 'Expected result:'
60 echo '================'
61 echo "${EXPECTED}"
62 echo '================'
63 echo 'Actual result:'
64 echo '================'
65 echo "${ACTUAL}"
66 echo '================'
67 exit $EXIT_FAILURE
68 fi
69 }
70
71 # Start by removing and recreating the 'acl' directory.
72 rm -rf "${TESTDIR}"
73 mkdir "${TESTDIR}"
74
75
76 # When using a minimal ACL, the default user, group, and other
77 # permissions should all be propagated to the mode bits.
78 ((TESTNUM++))
79 TARGET="${TESTDIR}"/foo
80 touch "${TARGET}"
81 chmod 777 "${TARGET}"
82 setfacl -d -m user::r-- "${TESTDIR}"
83 setfacl -d -m group::r-- "${TESTDIR}"
84 setfacl -d -m other::r-- "${TESTDIR}"
85 $BIN "${TARGET}"
86
87 EXPECTED=$(cat <<EOF
88 user::r--
89 group::r--
90 other::r--
91
92 EOF
93 )
94
95 ACTUAL=$(getfacl --omit-header "${TARGET}")
96 compare
97
98 # Do the same thing as the last test, except with an extended ACL.
99 ((TESTNUM++))
100 setfacl -d -m user::r-- "${TESTDIR}"
101 setfacl -d -m group::r-- "${TESTDIR}"
102 setfacl -d -m other::r-- "${TESTDIR}"
103 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
104 touch "${TARGET}"
105 chmod 777 "${TARGET}"
106 $BIN "${TARGET}"
107
108 EXPECTED=$(cat <<EOF
109 user::r--
110 user:${USERS[0]}:rwx
111 group::r--
112 mask::rwx
113 other::r--
114
115 EOF
116 )
117
118 ACTUAL=$(getfacl --omit-header "${TARGET}")
119 compare
120
121
122 # A file shared by a group, should still be group-writable
123 # afterwards.
124 ((TESTNUM++))
125 touch "${TARGET}"
126 chmod 644 "${TARGET}"
127 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
128 $BIN "${TARGET}"
129
130 EXPECTED=$(cat <<EOF
131 user::rw-
132 group::r--
133 group:${USERS[0]}:rwx #effective:rw-
134 mask::rw-
135 other::r--
136
137 EOF
138 )
139
140 ACTUAL=$(getfacl --omit-header "${TARGET}")
141 compare
142
143
144 # Same test as before except with a directory.
145 ((TESTNUM++))
146 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
147 mkdir "${TARGET}"
148 chmod 755 "${TARGET}"
149 $BIN "${TARGET}"
150
151 EXPECTED=$(cat <<EOF
152 user::rwx
153 group::r-x
154 group:${USERS[0]}:rwx
155 mask::rwx
156 other::r-x
157 default:user::rwx
158 default:group::r-x
159 default:group:${USERS[0]}:rwx
160 default:mask::rwx
161 default:other::r-x
162
163 EOF
164 )
165
166 ACTUAL=$(getfacl --omit-header "${TARGET}")
167 compare
168
169
170 # With no default, things are left alone.
171 ((TESTNUM++))
172 touch "${TARGET}"
173 chmod 744 "${TARGET}"
174 $BIN "${TARGET}"
175
176
177 EXPECTED=$(cat <<EOF
178 user::rwx
179 group::r--
180 other::r--
181
182 EOF
183 )
184
185 ACTUAL=$(getfacl --omit-header "${TARGET}")
186 compare
187
188
189
190 # Since the default ACL will grant r-x to group/other, they will wind
191 # up with it.
192 ((TESTNUM++))
193 touch "${TARGET}"
194 chmod 744 "${TARGET}"
195 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
196 $BIN "${TARGET}"
197
198
199 EXPECTED=$(cat <<EOF
200 user::rwx
201 user:${USERS[0]}:rwx
202 group::r-x
203 mask::rwx
204 other::r-x
205
206 EOF
207 )
208
209 ACTUAL=$(getfacl --omit-header "${TARGET}")
210 compare
211
212
213 # Some named entries can be granted execute permissions as the result
214 # of reapplication.
215 ((TESTNUM++))
216 touch "${TARGET}"
217 chmod 744 "${TARGET}"
218 setfacl -m user:${USERS[1]}:rw "${TARGET}"
219 # If we don't add 'x' to the mask here, nobody can execute the file.
220 # setfacl will update the mask for us under most circumstances, but
221 # note that we didn't create an entry with an 'x' bit using setfacl --
222 # therefore, setfacl won't unmask 'x' for us.
223 setfacl -m mask::rwx "${TARGET}"
224 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
225 setfacl -d -m user:${USERS[1]}:rwx "${TESTDIR}"
226 $BIN "${TARGET}"
227
228 EXPECTED=$(cat <<EOF
229 user::rwx
230 user:${USERS[0]}:rwx
231 user:${USERS[1]}:rwx
232 group::r-x
233 mask::rwx
234 other::r-x
235
236 EOF
237 )
238
239 ACTUAL=$(getfacl --omit-header "${TARGET}")
240 compare
241
242
243 # We should not retain any entries that aren't in the default.
244 ((TESTNUM++))
245 touch "${TARGET}"
246 chmod 644 "${TARGET}"
247 setfacl -m user:${USERS[1]}:rw "${TARGET}"
248 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
249 $BIN "${TARGET}"
250
251 EXPECTED=$(cat <<EOF
252 user::rw-
253 user:${USERS[0]}:rwx #effective:rw-
254 group::r--
255 mask::rw-
256 other::r--
257
258 EOF
259 )
260
261 ACTUAL=$(getfacl --omit-header "${TARGET}")
262 compare
263
264
265 # A slightly modified version of the first test, to make sure it works.
266 ((TESTNUM++))
267 TARGET="${TESTDIR}"/foo
268 touch "${TARGET}"
269 chmod 777 "${TARGET}"
270 setfacl -d -m user::r-- "${TESTDIR}"
271 $BIN "${TARGET}"
272
273 EXPECTED=$(cat <<EOF
274 user::r--
275 group::r-x
276 other::r-x
277
278 EOF
279 )
280
281 ACTUAL=$(getfacl --omit-header "${TARGET}")
282 compare
283
284
285 # If the default ACL mask denies execute, we should respect that
286 # regardless of the existing execute permissions.
287 ((TESTNUM++))
288 TARGET="${TESTDIR}"/foo
289 touch "${TARGET}"
290 chmod 777 "${TARGET}"
291 setfacl -m user:${USERS[0]}:rwx "${TESTDIR}"
292 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
293 setfacl -d -m mask::rw- "${TESTDIR}"
294 $BIN "${TARGET}"
295
296 EXPECTED=$(cat <<EOF
297 user::rwx
298 user:${USERS[0]}:rwx #effective:rw-
299 group::r-x #effective:r--
300 mask::rw-
301 other::r-x
302
303 EOF
304 )
305
306 ACTUAL=$(getfacl --omit-header "${TARGET}")
307 compare
308
309
310
311 # The --recursive mode should work normally if the argument is a
312 # normal file. See the first test.
313 ((TESTNUM++))
314 TARGET="${TESTDIR}"/foo
315 setfacl -d -m user::r-- "${TESTDIR}"
316 setfacl -d -m group::r-- "${TESTDIR}"
317 setfacl -d -m other::r-- "${TESTDIR}"
318 touch "${TARGET}"
319 chmod 777 "${TARGET}"
320 $BIN --recursive "${TARGET}"
321
322 EXPECTED=$(cat <<EOF
323 user::r--
324 group::r--
325 other::r--
326
327 EOF
328 )
329
330 ACTUAL=$(getfacl --omit-header "${TARGET}")
331 compare
332
333
334 # The --recursive mode should work recursively.
335 ((TESTNUM++))
336 TARGET="${TESTDIR}"/foo
337 mkdir -p "${TARGET}"
338 touch "${TARGET}"/baz
339 mkdir -p "${TARGET}"/bar
340 touch "${TARGET}"/bar/quux
341 setfacl -d -m user::rwx "${TESTDIR}"
342 setfacl -d -m group::r-- "${TESTDIR}"
343 setfacl -d -m other::r-- "${TESTDIR}"
344 chmod -R 777 "${TARGET}"
345 $BIN --recursive "${TARGET}"
346
347 EXPECTED=$(cat <<EOF
348 user::rwx
349 group::r--
350 other::r--
351
352 EOF
353 )
354
355 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar/quux)
356 compare
357
358
359 # The --recursive mode should work recursively. This time
360 # check a directory, and pass the short command-line flag.
361 ((TESTNUM++))
362 TARGET="${TESTDIR}"/foo
363 mkdir -p "${TARGET}"
364 touch "${TARGET}"/baz
365 mkdir -p "${TARGET}"/bar
366 touch "${TARGET}"/bar/quux
367 setfacl -d -m user::rwx "${TESTDIR}"
368 setfacl -d -m group::r-- "${TESTDIR}"
369 setfacl -d -m other::r-- "${TESTDIR}"
370 chmod -R 777 "${TARGET}"
371 $BIN -r "${TARGET}"
372
373 EXPECTED=$(cat <<EOF
374 user::rwx
375 group::r--
376 other::r--
377 default:user::rwx
378 default:group::r--
379 default:other::r--
380
381 EOF
382 )
383
384 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar)
385 compare
386
387
388 # Test double application on a directory.
389 #
390 ((TESTNUM++))
391 TARGET="${TESTDIR}"/baz
392 mkdir "${TARGET}"
393 chmod 644 "${TARGET}"
394 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
395
396 $BIN "${TARGET}"
397 $BIN "${TARGET}"
398
399 EXPECTED=$(cat <<EOF
400 user::rwx
401 user:${USERS[0]}:rwx
402 group::r-x
403 mask::rwx
404 other::r-x
405 default:user::rwx
406 default:user:${USERS[0]}:rwx
407 default:group::r-x
408 default:mask::rwx
409 default:other::r-x
410
411 EOF
412 )
413
414 ACTUAL=$(getfacl --omit-header "${TARGET}")
415 compare
416
417
418 # Same as previous test, with 755 initial perms.
419 #
420 ((TESTNUM++))
421 TARGET="${TESTDIR}"/baz
422 mkdir "${TARGET}"
423 chmod 755 "${TARGET}"
424 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
425
426 $BIN "${TARGET}"
427 $BIN "${TARGET}"
428
429 EXPECTED=$(cat <<EOF
430 user::rwx
431 user:${USERS[0]}:rwx
432 group::r-x
433 mask::rwx
434 other::r-x
435 default:user::rwx
436 default:user:${USERS[0]}:rwx
437 default:group::r-x
438 default:mask::rwx
439 default:other::r-x
440
441 EOF
442 )
443
444 ACTUAL=$(getfacl --omit-header "${TARGET}")
445 compare
446
447
448 # Same as previous two tests, only with a file.
449 #
450 ((TESTNUM++))
451 TARGET="${TESTDIR}"/foo
452 touch "${TARGET}"
453 chmod 644 "${TARGET}"
454 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
455
456 $BIN "${TARGET}"
457 $BIN "${TARGET}"
458
459 EXPECTED=$(cat <<EOF
460 user::rw-
461 user:${USERS[0]}:rwx #effective:rw-
462 group::r--
463 mask::rw-
464 other::r--
465 EOF
466 )
467
468 ACTUAL=$(getfacl --omit-header "${TARGET}")
469 compare
470
471
472 # User-executable files should not wind up exec-masked.
473 ((TESTNUM++))
474 TARGET="${TESTDIR}"/foo
475 touch "${TARGET}"
476 chmod 700 "${TARGET}"
477 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
478 $BIN "${TARGET}"
479
480 EXPECTED=$(cat <<EOF
481 user::rwx
482 user:${USERS[0]}:rwx
483 group::r-x
484 mask::rwx
485 other::r-x
486
487 EOF
488 )
489
490 ACTUAL=$(getfacl --omit-header "${TARGET}")
491 compare
492
493
494 # Group-executable files should not wind up exec-masked.
495 ((TESTNUM++))
496 TARGET="${TESTDIR}"/foo
497 touch "${TARGET}"
498 chmod 670 "${TARGET}"
499 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
500 $BIN "${TARGET}"
501
502 EXPECTED=$(cat <<EOF
503 user::rwx
504 user:${USERS[0]}:rwx
505 group::r-x
506 mask::rwx
507 other::r-x
508
509 EOF
510 )
511
512 ACTUAL=$(getfacl --omit-header "${TARGET}")
513 compare
514
515
516 # Other-executable files should not wind up exec-masked.
517 ((TESTNUM++))
518 TARGET="${TESTDIR}"/foo
519 touch "${TARGET}"
520 chmod 607 "${TARGET}"
521 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
522 $BIN "${TARGET}"
523
524 EXPECTED=$(cat <<EOF
525 user::rwx
526 user:${USERS[0]}:rwx
527 group::r-x
528 mask::rwx
529 other::r-x
530
531 EOF
532 )
533
534 ACTUAL=$(getfacl --omit-header "${TARGET}")
535 compare
536
537
538
539
540 # Make sure a mask with an execute bit doesn't count as being
541 # executable.
542 #
543 ((TESTNUM++))
544 TARGET="${TESTDIR}"/foo
545 touch "${TARGET}"
546 chmod 644 "${TARGET}"
547 setfacl -m user::rw "${TARGET}"
548 setfacl -m group::rw "${TARGET}"
549 # Even though the mask has an 'x' bit, nobody can execute it.
550 setfacl -m mask::rwx "${TARGET}"
551 setfacl -d -m user::rwx "${TESTDIR}"
552 setfacl -d -m group::rwx "${TESTDIR}"
553 $BIN "${TARGET}"
554
555
556 EXPECTED=$(cat <<EOF
557 user::rw-
558 group::rw-
559 other::r--
560
561 EOF
562 )
563
564 ACTUAL=$(getfacl --omit-header "${TARGET}")
565 compare
566
567
568 # Same as the second test, except we pass multiple files on the
569 # command line and check the result of the first one.
570 ((TESTNUM++))
571 setfacl -d -m user::r-- "${TESTDIR}"
572 setfacl -d -m group::r-- "${TESTDIR}"
573 setfacl -d -m other::r-- "${TESTDIR}"
574 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
575 DUMMY="${TESTDIR}/dummy"
576 touch "${DUMMY}"
577 chmod 777 "${DUMMY}"
578 touch "${TARGET}"
579 chmod 777 "${TARGET}"
580 $BIN "${TARGET}" "${DUMMY}"
581
582 EXPECTED=$(cat <<EOF
583 user::r--
584 user:${USERS[0]}:rwx
585 group::r--
586 mask::rwx
587 other::r--
588
589 EOF
590 )
591
592 ACTUAL=$(getfacl --omit-header "${TARGET}")
593 compare
594
595
596
597 # Same as the previous test with the argument order switched.
598 ((TESTNUM++))
599 setfacl -d -m user::r-- "${TESTDIR}"
600 setfacl -d -m group::r-- "${TESTDIR}"
601 setfacl -d -m other::r-- "${TESTDIR}"
602 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
603 DUMMY="${TESTDIR}/dummy"
604 touch "${DUMMY}"
605 chmod 777 "${DUMMY}"
606 touch "${TARGET}"
607 chmod 777 "${TARGET}"
608 $BIN "${DUMMY}" "${TARGET}"
609
610 EXPECTED=$(cat <<EOF
611 user::r--
612 user:${USERS[0]}:rwx
613 group::r--
614 mask::rwx
615 other::r--
616
617 EOF
618 )
619
620 ACTUAL=$(getfacl --omit-header "${TARGET}")
621 compare
622
623
624 # If we call apply-default-acl on a single file that does not exist,
625 # we get the expected error.
626 ((TESTNUM++))
627 ACTUAL=$( "${BIN}" test/nonexistent 2>&1 )
628 EXPECTED="test/nonexistent: No such file or directory"
629 compare
630
631
632 # Same as the previous test, but with --recursive.
633 ((TESTNUM++))
634 ACTUAL=$( "${BIN}" --recursive test/nonexistent 2>&1 )
635 EXPECTED="test/nonexistent: No such file or directory"
636 compare
637
638
639 # If we call apply-default-acl on more than one file, it should report any
640 # that don't exist (but proceed to operate on the others).
641 ((TESTNUM++))
642 DUMMY1="${TESTDIR}/dummy1"
643 DUMMY2="${TESTDIR}/dummy2"
644 touch "${DUMMY1}" "${DUMMY2}"
645 ACTUAL=$( "${BIN}" "${DUMMY1}" test/nonexistent "${DUMMY2}" 2>&1 )
646 EXPECTED="test/nonexistent: No such file or directory"
647 compare
648
649
650 # Ensure that symlinks are not followed.
651 ((TESTNUM++))
652 TARGET="${TESTDIR}/foo"
653 LINK2TARGET="${TESTDIR}/foo-sym"
654 touch "${TARGET}"
655 ln -s "${TARGET#${TESTDIR}/}" "${LINK2TARGET}"
656 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
657 "${BIN}" "${LINK2TARGET}"
658 ACTUAL=$( getfacl --omit-header "${TARGET}" )
659 EXPECTED=$(cat <<EOF
660 user::rw-
661 group::r--
662 other::r--
663
664 EOF
665 )
666 compare
667
668
669 # Ensure that symlinks are not followed in subdirectories (recursively).
670 ((TESTNUM++))
671 TARGET="${TESTDIR}/bar"
672 touch "${TARGET}"
673 mkdir "${TESTDIR}/foo"
674 LINK2TARGET="${TESTDIR}/foo/bar-sym"
675 ln -s "../bar" "${LINK2TARGET}"
676 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}/foo"
677 EXPECTED=$(getfacl --omit-header "${TARGET}")
678 "${BIN}" --recursive "${TESTDIR}/foo"
679 ACTUAL=$( getfacl --omit-header "${TARGET}" )
680 compare
681
682
683 # Ensure that hard links are ignored.
684 ((TESTNUM++))
685 TARGET="${TESTDIR}/foo"
686 LINK2TARGET="${TESTDIR}/bar"
687 touch "${TARGET}"
688 ln "${TARGET}" "${LINK2TARGET}"
689 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
690 "${BIN}" "${LINK2TARGET}"
691 ACTUAL=$( getfacl --omit-header "${TARGET}" )
692 EXPECTED=$(cat <<EOF
693 user::rw-
694 group::r--
695 other::r--
696
697 EOF
698 )
699 compare
700
701
702 # We should be able to run the tool with a relative path from within a
703 # directory that contains a symlink, so long as the relative path
704 # doesn't contain one.
705 ((TESTNUM++))
706 TARGET="${TESTDIR}/foo/bar"
707 LINK2TARGET="${TESTDIR}/baz"
708 mkdir -p $(dirname "${TARGET}")
709 touch "${TARGET}"
710 ln -s foo "${TESTDIR}/baz"
711 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
712 pushd "${TESTDIR}/baz" > /dev/null
713 "${BIN}" bar
714 popd > /dev/null
715 ACTUAL=$( getfacl --omit-header "${TARGET}" )
716 EXPECTED=$(cat <<EOF
717 user::rw-
718 user:${USERS[0]}:rw-
719 group::r--
720 mask::rw-
721 other::r--
722
723 EOF
724 )
725 compare
726
727
728 # Ensure that symlinks in non-terminal path components are not followed.
729 ((TESTNUM++))
730 TARGET="${TESTDIR}/foo/bar/baz"
731 LINK2FOO="${TESTDIR}/quux"
732 mkdir -p $(dirname "${TARGET}")
733 touch "${TARGET}"
734 ln -s foo "${LINK2FOO}"
735 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
736 EXPECTED=$(getfacl --omit-header "${TARGET}")
737 "${BIN}" "${LINK2FOO}/bar/baz"
738 ACTUAL=$( getfacl --omit-header "${TARGET}" )
739 compare
740
741
742 # Test that our exit code succeeds on a single, normal path.
743 ((TESTNUM++))
744 TARGET="${TESTDIR}/foo"
745 touch "${TARGET}"
746 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
747 "${BIN}" "${TARGET}"
748 ACTUAL="$?"
749 EXPECTED="0"
750 compare
751
752
753 # Test that our exit code fails on a symlink.
754 ((TESTNUM++))
755 TARGET="${TESTDIR}/bar"
756 touch "${TESTDIR}/foo"
757 ln -s foo "${TARGET}"
758 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
759 "${BIN}" "${TARGET}"
760 ACTUAL="$?"
761 EXPECTED="1"
762 compare
763
764
765 # The previous test should fail, even if we use --recursive.
766 ((TESTNUM++))
767 TARGET="${TESTDIR}/bar"
768 touch "${TESTDIR}/foo"
769 ln -s foo "${TARGET}"
770 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
771 "${BIN}" --recursive "${TARGET}"
772 ACTUAL="$?"
773 EXPECTED="1"
774 compare
775
776
777 # Test the return value for nonexistent paths.
778 ((TESTNUM++))
779 TARGET="${TESTDIR}/foo"
780 "${BIN}" "${TARGET}" &>/dev/null
781 ACTUAL="$?"
782 EXPECTED="1"
783 compare
784
785
786 # Test that one "failure" exit code overrides two "successes"
787 # We need a default ACL on ${TESTDIR} because otherwise we do
788 # nothing, successfully, on the symlink path.
789 ((TESTNUM++))
790 mkdir "${TESTDIR}/foo"
791 ln -s foo "${TESTDIR}/bar"
792 mkdir "${TESTDIR}/baz"
793 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
794 "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
795 ACTUAL="$?"
796 EXPECTED="1"
797 compare
798
799
800 # The failure should prevail when using --recursive, too.
801 ((TESTNUM++))
802 mkdir "${TESTDIR}/foo"
803 ln -s foo "${TESTDIR}/bar"
804 mkdir "${TESTDIR}/baz"
805 "${BIN}" --recursive "${TESTDIR}"
806 ACTUAL="$?"
807 EXPECTED="1"
808 compare
809
810
811 # We should get "Not a directory" if we stick a trailing slash on the
812 # end of the path to a file.
813 ((TESTNUM++))
814 TARGET="${TESTDIR}/foo"
815 touch "${TARGET}"
816 ACTUAL=$( "${BIN}" "${TARGET}/" 2>&1 )
817 EXPECTED="${TARGET}/: Not a directory"
818 compare
819
820
821 # We should be a no-op on files contained in directories that have no
822 # default ACL.
823 ((TESTNUM++))
824 TARGET="${TESTDIR}/foo"
825 touch "${TARGET}"
826 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
827 EXPECTED=$( getfacl --omit-header "${TARGET}" )
828 "${BIN}" "${TARGET}"
829 ACTUAL=$( getfacl --omit-header "${TARGET}" )
830 compare
831
832
833 # We should be a no-op on directories contained in directories that
834 # have no default ACL (same as the previous test, but with a directory).
835 ((TESTNUM++))
836 TARGET="${TESTDIR}/foo"
837 mkdir "${TARGET}"
838 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
839 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
840 EXPECTED=$( getfacl --omit-header "${TARGET}" )
841 "${BIN}" --recursive "${TARGET}"
842 ACTUAL=$( getfacl --omit-header "${TARGET}" )
843 compare
844
845
846 # Make sure we descend into subdirectories that don't have default ACLs.
847 ((TESTNUM++))
848 TARGET="${TESTDIR}/foo/bar/baz"
849 mkdir -p $(dirname "${TARGET}")
850 touch "${TARGET}"
851 touch "${TARGET}-direct"
852 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
853 "${BIN}" "${TARGET}-direct"
854 EXPECTED=$( getfacl --omit-header "${TARGET}-direct" )
855 "${BIN}" --recursive "${TESTDIR}"
856 ACTUAL=$( getfacl --omit-header "${TARGET}" )
857 compare
858
859
860 # Ensure that we don't get "error" results for symlinks encountered
861 # during a recursive traversal.
862 ((TESTNUM++))
863 TARGET="${TESTDIR}"
864 mkdir "${TARGET}/foo"
865 mkdir "${TARGET}/bar"
866 ln -s "../foo" "${TARGET}/bar/baz"
867 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
868 EXPECTED="1"
869 "${BIN}" --recursive "${TARGET}"
870 ACTUAL=$?
871 compare
872
873
874 # Ensure that "." works as an argument.
875 ((TESTNUM++))
876 TARGET="${TESTDIR}"
877 mkdir "${TARGET}/foo"
878 mkdir "${TARGET}/bar"
879 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
880 "${BIN}" "${TARGET}/foo"
881 EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
882 pushd "${TARGET}/bar" > /dev/null
883 "${BIN}" "."
884 ACTUAL=$( getfacl --omit-header "." )
885 popd > /dev/null
886 compare
887
888 # Ensure that "." works as an argument (recursive).
889 ((TESTNUM++))
890 TARGET="${TESTDIR}"
891 mkdir -p "${TARGET}/foo/baz"
892 mkdir -p "${TARGET}/bar/baz"
893 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
894 "${BIN}" --recursive "${TARGET}/foo"
895 EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" )
896 pushd "${TARGET}/bar" > /dev/null
897 "${BIN}" --recursive "."
898 ACTUAL=$( getfacl --omit-header "./baz" )
899 popd > /dev/null
900 compare
901
902 # Ensure that "./" works as an argument.
903 ((TESTNUM++))
904 TARGET="${TESTDIR}"
905 mkdir "${TARGET}/foo"
906 mkdir "${TARGET}/bar"
907 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
908 "${BIN}" "${TARGET}/foo"
909 EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
910 pushd "${TARGET}/bar" > /dev/null
911 "${BIN}" "./"
912 ACTUAL=$( getfacl --omit-header "./" )
913 popd > /dev/null
914 compare
915
916 # Ensure that ".." works as an argument.
917 ((TESTNUM++))
918 TARGET="${TESTDIR}"
919 mkdir "${TARGET}/foo"
920 mkdir -p "${TARGET}/bar/baz"
921 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
922 "${BIN}" "${TARGET}/foo"
923 EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
924 pushd "${TARGET}/bar/baz" > /dev/null
925 "${BIN}" ".."
926 ACTUAL=$( getfacl --omit-header ".." )
927 popd > /dev/null
928 compare
929
930 # Ensure that ".." works as an argument (recursive).
931 ((TESTNUM++))
932 TARGET="${TESTDIR}"
933 mkdir -p "${TARGET}/foo/baz"
934 mkdir -p "${TARGET}/bar/baz"
935 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
936 "${BIN}" --recursive "${TARGET}/foo"
937 EXPECTED=$( getfacl --omit-header "${TARGET}/foo/baz" )
938 pushd "${TARGET}/bar/baz" > /dev/null
939 "${BIN}" --recursive ".."
940 ACTUAL=$( getfacl --omit-header "." )
941 popd > /dev/null
942 compare
943
944 # Ensure that "../" works as an argument.
945 ((TESTNUM++))
946 TARGET="${TESTDIR}"
947 mkdir "${TARGET}/foo"
948 mkdir -p "${TARGET}/bar/baz"
949 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
950 "${BIN}" "${TARGET}/foo"
951 EXPECTED=$( getfacl --omit-header "${TARGET}/foo" )
952 pushd "${TARGET}/bar/baz" > /dev/null
953 "${BIN}" "../"
954 ACTUAL=$( getfacl --omit-header "../" )
955 popd > /dev/null
956 compare
957
958
959 # Ensure that multiple named-user and named-group entries all get
960 # applied individually rather than the last one taking precedence.
961 # This is a regression test against a bug that made it into a release
962 # and was reported by MichaƂ Bartoszkiewicz.
963 ((TESTNUM++))
964 TARGET="${TESTDIR}"
965 TARGET="${TESTDIR}"/foo
966 touch "${TARGET}"
967 setfacl -d -m user:${USERS[0]}:rw- "${TESTDIR}"
968 setfacl -d -m group:${TESTGROUPS[0]}:rw- "${TESTDIR}"
969 setfacl -d -m user:${USERS[1]}:--- "${TESTDIR}"
970 setfacl -d -m group:${TESTGROUPS[1]}:--- "${TESTDIR}"
971 "${BIN}" "${TARGET}"
972 EXPECTED=$(cat <<EOF
973 user::rw-
974 user:${USERS[0]}:rw-
975 user:${USERS[1]}:---
976 group::r--
977 group:${TESTGROUPS[0]}:rw-
978 group:${TESTGROUPS[1]}:---
979 mask::rw-
980 other::r--
981
982 EOF
983 )
984 ACTUAL=$( getfacl --omit-header "${TARGET}" )
985 compare
Applies default POSIX ACLs to files and directories.