#!/bin/bash
+#
+# Exit codes
+#
+
+EXIT_SUCCESS=0
+
+# Exit with this when a test fails.
+EXIT_FAILURE=1
+
+# We use a few system users in the tests. If these users aren't
+# present, we exit with a different (non-EXIT_FAILURE).
+EXIT_MISSING_USERS=2
+
+# Define the users that we'll use in the tests below. We store the
+# names as variables to avoid repeating them everywhere.
+#
+# WARNING: These must be in alphabetical order; otherwise the getfacl
+# output will not match.
+#
+USERS=( bin daemon )
+
+# Check to see if the above users exist. If not, bail.
+for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
+ id "${USERS[idx]}" >/dev/null 2>&1
+
+ if [ $? -ne $EXIT_SUCCESS ]; then
+ echo "Error: missing test user ${USERS[idx]}." 1>&2
+ exit $EXIT_MISSING_USERS
+ fi
+done
+
# The program name.
-BIN=./src/apply-default-acl
+BIN=src/apply-default-acl
# The directory where we'll do all the ACL manipulation.
TESTDIR=test
echo '================'
echo "${ACTUAL}"
echo '================'
- exit 1
+ exit $EXIT_FAILURE
fi
}
setfacl -d -m user::r-- "${TESTDIR}"
setfacl -d -m group::r-- "${TESTDIR}"
setfacl -d -m other::r-- "${TESTDIR}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
touch "${TARGET}"
chmod 777 "${TARGET}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::r--
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r--
mask::rwx
other::r--
TESTNUM=3
touch "${TARGET}"
chmod 644 "${TARGET}"
-setfacl -d -m group:mail:rwx "${TESTDIR}"
+setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rw-
group::r--
-group:mail:rwx #effective:rw-
+group:${USERS[0]}:rwx #effective:rw-
mask::rw-
other::r--
# Same test as before except with a directory.
TESTNUM=4
-setfacl -d -m group:mail:rwx "${TESTDIR}"
+setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
mkdir "${TARGET}"
chmod 755 "${TARGET}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
group::r-x
-group:mail:rwx
+group:${USERS[0]}:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
-default:group:mail:rwx
+default:group:${USERS[0]}:rwx
default:mask::rwx
default:other::r-x
TESTNUM=6
touch "${TARGET}"
chmod 744 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
TESTNUM=7
touch "${TARGET}"
chmod 744 "${TARGET}"
-setfacl -m user:news:rw "${TARGET}"
+setfacl -m user:${USERS[1]}:rw "${TARGET}"
# If we don't add 'x' to the mask here, nobody can execute the file.
# setfacl will update the mask for us under most circumstances, but
# note that we didn't create an entry with an 'x' bit using setfacl --
# therefore, setfacl won't unmask 'x' for us.
setfacl -m mask::rwx "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
-setfacl -d -m user:news:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[1]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
-user:news:rwx
+user:${USERS[0]}:rwx
+user:${USERS[1]}:rwx
group::r-x
mask::rwx
other::r-x
TESTNUM=8
touch "${TARGET}"
chmod 644 "${TARGET}"
-setfacl -m user:news:rw "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -m user:${USERS[1]}:rw "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rw-
-user:mail:rwx #effective:rw-
+user:${USERS[0]}:rwx #effective:rw-
group::r--
mask::rw-
other::r--
TARGET="${TESTDIR}"/foo
touch "${TARGET}"
chmod 777 "${TARGET}"
-setfacl -m user:mail:rwx "${TESTDIR}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -m user:${USERS[0]}:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
setfacl -d -m mask::rw- "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx #effective:rw-
+user:${USERS[0]}:rwx #effective:rw-
group::r-x #effective:r--
mask::rw-
other::r-x
TARGET="${TESTDIR}"/baz
mkdir "${TARGET}"
chmod 644 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
-default:user:mail:rwx
+default:user:${USERS[0]}:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
TARGET="${TESTDIR}"/baz
mkdir "${TARGET}"
chmod 755 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
-default:user:mail:rwx
+default:user:${USERS[0]}:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
TARGET="${TESTDIR}"/foo
touch "${TARGET}"
chmod 644 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rw-
-user:mail:rwx #effective:rw-
+user:${USERS[0]}:rwx #effective:rw-
group::r--
mask::rw-
other::r--
TARGET="${TESTDIR}"/foo
touch "${TARGET}"
chmod 700 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
TARGET="${TESTDIR}"/foo
touch "${TARGET}"
chmod 670 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
TARGET="${TESTDIR}"/foo
touch "${TARGET}"
chmod 607 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
# The directory allows execute for user, group, and other, so the file
# should actually inherit them regardless of its initial mode when the
# --no-exec-mask flag is passed.
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN --no-exec-mask "${TARGET}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
mkdir "${PARENT_DIR}"
touch "${TARGET}"
chmod 644 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
$BIN --recursive --no-exec-mask "${PARENT_DIR}"
EXPECTED=$(cat <<EOF
user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
group::r-x
mask::rwx
other::r-x
ACTUAL=`getfacl --omit-header "${TARGET}"`
compare
+
+# Make sure a mask with an execute bit doesn't count as being
+# executable.
+#
+TESTNUM=22
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 644 "${TARGET}"
+setfacl -m user::rw "${TARGET}"
+setfacl -m group::rw "${TARGET}"
+# Even though the mask has an 'x' bit, nobody can execute it.
+setfacl -m mask::rwx "${TARGET}"
+setfacl -d -m user::rwx "${TESTDIR}"
+setfacl -d -m group::rwx "${TESTDIR}"
+$BIN "${TARGET}"
+
+
+EXPECTED=$(cat <<EOF
+user::rw-
+group::rw-
+other::r--
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Same as test #2, except we pass multiple files on the command
+# line and check the result of the first one.
+TESTNUM=23
+setfacl -d -m user::r-- "${TESTDIR}"
+setfacl -d -m group::r-- "${TESTDIR}"
+setfacl -d -m other::r-- "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
+DUMMY="${TESTDIR}/dummy"
+touch "${DUMMY}"
+chmod 777 "${DUMMY}"
+touch "${TARGET}"
+chmod 777 "${TARGET}"
+$BIN "${TARGET}" "${DUMMY}"
+
+EXPECTED=$(cat <<EOF
+user::r--
+user:${USERS[0]}:rwx
+group::r--
+mask::rwx
+other::r--
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+
+# Same as the previous test with the argument order switched.
+TESTNUM=24
+setfacl -d -m user::r-- "${TESTDIR}"
+setfacl -d -m group::r-- "${TESTDIR}"
+setfacl -d -m other::r-- "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
+DUMMY="${TESTDIR}/dummy"
+touch "${DUMMY}"
+chmod 777 "${DUMMY}"
+touch "${TARGET}"
+chmod 777 "${TARGET}"
+$BIN "${DUMMY}" "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::r--
+user:${USERS[0]}:rwx
+group::r--
+mask::rwx
+other::r--
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
projects / apply-default-acl.git / blobdiff