1#!/bin/bash
2##############################################################
3#
4#  Copyright (c) International Business Machines  Corp., 2003
5#
6#  This program is free software;  you can redistribute it and/or modify
7#  it under the terms of the GNU General Public License as published by
8#  the Free Software Foundation; either version 2 of the License, or
9#  (at your option) any later version.
10#
11#  This program is distributed in the hope that it will be useful,
12#  but WITHOUT ANY WARRANTY;  without even the implied warranty of
13#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
14#  the GNU General Public License for more details.
15#
16#  You should have received a copy of the GNU General Public License
17#  along with this program;  if not, write to the Free Software
18#  Foundation,
19#
20#  FILE        : tacl_xattr.sh
21#  USAGE       : ./tacl_xattr.sh
22#
23#  DESCRIPTION : A script that will test ACL and Extend Attribute on Linux system.
24#  REQUIREMENTS:
25#                1) Kernel with loop device support
26#                2) A spare (scratch) disk partition of 100MB or larger.
27#                3) Kernel with ACL and Extend Attribute function support
28#
29#  HISTORY     :
30#      10/23/2003 Kai Zhao (ltcd3@cn.ibm.com)
31#      07/06/2004 Jacky Malcles enable ext3 & clean users home dir.
32#
33#  CODE COVERAGE:
34#                 76.3% - fs/posix_acl.c
35#                 80.9% - xattr_acl.c
36#                 73.0% - xattr.c
37#
38##############################################################
39
40CUR_PATH=""
41CONTENT=""
42RES=""
43USER_PERMISSION=""
44GROUP_PERMISSION=""
45OTHER_PERMISSION=""
46ITEM_OWNER=""
47ITEM_GROUP=""
48
49################################################################
50#
51# Make sure that uid=root is running this script.
52# Make sure that loop device is built into the kernel
53# Make sure that ACL(Access Control List) and Extended Attribute are
54#     built into the kernel
55#
56################################################################
57
58if [ $UID != 0 ]
59then
60	echo "FAILED: Must have root access to execute this script"
61	exit 1
62fi
63
64#################################################################
65#
66# Prepare Ext2 file system for ACL and Extended Attribute test
67# Make some directory , file and symlink for the test
68# Add three users for the test
69#
70#################################################################
71
72if [ ! -e tacl ]
73then
74	mkdir -m 777 tacl
75else
76	echo "FAILED: Directory tacl are exist"
77	exit 1
78fi
79
80dd if=/dev/zero of=tacl/blkext2 bs=1k count=10240
81chmod 777 tacl/blkext2
82
83losetup /dev/loop0 tacl/blkext2 >/dev/null 2>&1
84if [ $? != 0 ]
85then
86	echo ""
87	echo "FAILED:  [ losetup ] Must have loop device support by kernel"
88	echo -e "\t to execute this script"
89	exit 1
90fi
91
92mount | grep ext2
93if [ $? != 0 ]
94then
95	mkfs -t ext3 /dev/loop0
96	mkdir  -m 777 tacl/mount-ext2
97	mount -t ext3 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2
98	if [ $? != 0 ]
99	then
100		echo ""
101		echo "FAILED:  [ mount ] Make sure that ACL (Access Control List)"
102		echo -e "\t and Extended Attribute are built into the kernel"
103		echo -e "\t Can not mount ext2 file system with acl and user_xattr options"
104		exit 1
105	fi
106
107else
108	mkfs -t ext2 /dev/loop0
109	mkdir  -m 777 tacl/mount-ext2
110	mount -t ext2 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2
111	if [ $? != 0 ]
112	then
113		echo ""
114		echo "FAILED:  [ mount ] Make sure that ACL (Access Control List)"
115		echo -e "\t and Extended Attribute are built into the kernel"
116		echo -e "\t Can not mount ext2 file system with acl and user_xattr options"
117		exit 1
118	fi
119fi
120
121chmod 777 tacl/mount-ext2
122
123useradd -d `pwd`/tacl/tacluser1 tacluser1
124useradd -d `pwd`/tacl/tacluser2 tacluser2
125useradd -d `pwd`/tacl/tacluser3 tacluser3
126useradd -d `pwd`/tacl/tacluser4 tacluser4
127
128if [ ! -e tacl/mount-ext2/shared ]
129then
130	mkdir -p -m 777 tacl/mount-ext2/shared
131fi
132
133CUR_PATH=`pwd`
134
135su - tacluser1 << TACL_USER1
136
137	mkdir $CUR_PATH/tacl/mount-ext2/shared/team1
138	touch $CUR_PATH/tacl/mount-ext2/shared/team1/file1
139
140	cd $CUR_PATH/tacl/mount-ext2/shared/team1
141	ln -sf file1 symlinkfile1
142	cd $CUR_PATH
143
144	cd $CUR_PATH/tacl/mount-ext2/shared
145	ln -sf team1 symlinkdir1
146	cd $CUR_PATH
147
148TACL_USER1
149
150su - tacluser2 << TACL_USER2
151
152	mkdir $CUR_PATH/tacl/mount-ext2/shared/team2
153	touch $CUR_PATH/tacl/mount-ext2/shared/team2/file1
154
155	cd $CUR_PATH/tacl/mount-ext2/shared/team2
156	ln -sf file1 symlinkfile1
157	cd $CUR_PATH
158
159	cd $CUR_PATH/tacl/mount-ext2/shared
160	ln -sf team2 symlinkdir2
161	cd $CUR_PATH
162
163TACL_USER2
164
165#############################################################################################
166#
167#  The permissions bit limit user's act
168#  lrwxrwxrwx    1 tacluser1 tacluser1        5 Jun 23 13:39 symlinkdir1 -> team1
169#  lrwxrwxrwx    1 tacluser2 tacluser2        5 Jun 23 13:39 symlinkdir2 -> team2
170#  dr-x------    2 tacluser1 tacluser1     1024 Jun 23 13:39 team1
171#  drwxrwxr-x    2 tacluser2 tacluser2     1024 Jun 23 13:39 team2
172#
173#############################################################################################
174
175chmod 500 tacl/mount-ext2/shared/team1
176
177su - tacluser1 << TACL_USER1
178
179	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null
180	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ]
181	then
182		echo ""
183		echo "FAILED:  [ touch ] Create file must be denied by file permission bits"
184		echo -e "\t [ Physical Directory ]"
185	else
186		echo ""
187		echo "SUCCESS: Create file denied by file permission bits [ Physical directory ]"
188	fi
189
190	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null
191	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ]
192	then
193		echo ""
194		echo "FAILED:  [ touch ] Create file must be denied by file permission bits"
195		echo -e "\t [ Symlink Directory ]"
196	else
197		echo ""
198		echo "SUCCESS: Create file denied by file permission bits [ Symlink directory ]"
199	fi
200
201TACL_USER1
202
203#################################################################
204#
205# ACL_USER_OBJ are a superset of the permissions specified
206#   by the file permission bits.
207# The effective user ID of the process matches the user ID of
208#   the file object owner.
209# Owner's act are based ACL_USER_OBJ
210#
211#################################################################
212
213setfacl -m u::rx tacl/mount-ext2/shared/team1
214su - tacluser1 << TACL_USER1
215
216	cd $CUR_PATH/tacl/mount-ext2/shared/team1/ 2> /dev/null
217	if [ $? != 0 ]
218	then
219		echo ""
220		echo "FAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner execute"
221		echo -e "\t permissions, but operation failed [ Physical Directory ]"
222	else
223		echo ""
224		echo "SUCCESS: ACL_USER_OBJ  entry contains the owner execute permissions, "
225		echo -e "\t operation success [ Physical Directory ]"
226	fi
227
228	cd $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/ 2> /dev/null
229	if [ $? != 0 ]
230	then
231		echo ""
232		echo "FAILED: [ touch ] ACL_USER_OBJ  entry already contains the owner execute"
233		echo -e "\t permissions, but operation failed [ Symlink Directory ]"
234	else
235		echo ""
236		echo "SUCCESS: ACL_USER_OBJ  entry contains the owner execute permissions,"
237		echo -e "\t operation success [ Symlink Directory ]"
238	fi
239
240TACL_USER1
241
242setfacl -m u::rwx tacl/mount-ext2/shared/team1
243
244su - tacluser1 << TACL_USER1
245
246	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null
247	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ]
248	then
249		echo ""
250		echo "FAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner write "
251		echo -e "\t permissions, but operation failed [ Physical Directory ]"
252	else
253		echo ""
254		echo "SUCCESS: ACL_USER_OBJ  entry contains the owner write permissions,"
255		echo -e "\t operation success [ Physical Directory ]"
256	fi
257
258	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null
259	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ]
260	then
261		echo ""
262		echo "FAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner write "
263		echo -e "\t permissions, but operation failed [ Symlink Directory ]"
264	else
265		echo ""
266		echo "SUCCESS: ACL_USER_OBJ  entry contains the owner write permissions,"
267		echo -e "\t operation success [ Symlink Directory ]"
268	fi
269
270TACL_USER1
271
272#################################################################
273#
274# The effective user ID of the process matches the qualifier of
275#   any entry of type ACL_USER
276# IF  the  matching  ACL_USER entry and the ACL_MASK
277#   entry contain the requested permissions,#  access is granted,
278#  ELSE access is denied.
279#
280#################################################################
281
282setfacl -m u:tacluser3:rwx tacl/mount-ext2/shared/team1
283
284su - tacluser3 << TACL_USER3
285
286	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 2> /dev/null
287	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 ]
288	then
289		echo ""
290		echo "SUCCESS: ACL_USER entry contains the user permissions, "
291		echo -e "\t operation success [ Physical Directory ]"
292	else
293		echo ""
294		echo "FAILED:  ACL_USER entry contains the user permissions,"
295		echo -e "\t but operation denied [ Physical Directory ]"
296	fi
297
298	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 2> /dev/null
299	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 ]
300	then
301		echo ""
302		echo "SUCCESS: ACL_USER entry contains the user permissions, "
303		echo -e "\t operation success [ Symlink Directory ]"
304	else
305		echo ""
306		echo "FAILED:  ACL_USER entry contains the user permissions,"
307		echo -e "\t but operation denied [ Symlink Directory ]"
308	fi
309
310TACL_USER3
311
312setfacl -m mask:--- tacl/mount-ext2/shared/team1
313
314su - tacluser3 << TACL_USER3
315
316	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 2> /dev/null
317	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 ]
318	then
319		echo ""
320		echo "FAILED:  [ touch ] ACL_USER entry contains the user permissions"
321		echo -e "\t but ACL_MASK are set --- , "
322		echo -e "\t operation must be denied [ Physical Directory ]"
323	else
324		echo ""
325		echo "SUCCESS: ACL_USER entry contains the user permissions,"
326		echo -e "\t but ACL_MASK are set ___ ,"
327		echo -e "\t operation success [ Physical Directory ]"
328	fi
329
330	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 2> /dev/null
331	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 ]
332	then
333		echo ""
334		echo "FAILED:  [ touch ] ACL_USER entry contains the user permissions"
335		echo -e "\t but ACL_MASK are set --- ,"
336		echo -e "\t operation must be denied [ Symlink Directory ]"
337	else
338		echo ""
339		echo "SUCCESS: ACL_USER entry contains the user permissions,"
340		echo -e "\t but ACL_MASK are set ___ ,"
341		echo -e "\t operation success [ Symlink Directory ]"
342	fi
343
344TACL_USER3
345
346###########################################################################################
347#
348# The effective group ID or any of the supplementary group IDs of the process match the
349#  qualifier of the entry of type ACL_GROUP_OBJ, or the qualifier of any entry of type
350#  ACL_GROUP
351#
352# IF the ACL contains an ACL_MASK entry, THEN
353#                 if  the ACL_MASK entry and any of the matching ACL_GROUP_OBJ
354#                 or ACL_GROUP  entries  contain  the  requested  permissions,
355#                 access is granted,
356#
357#                 else access is denied.
358#
359# ELSE  (note  that  there  can be no ACL_GROUP entries without an ACL_MASK entry)
360#                 if the ACL_GROUP_OBJ entry contains  the  requested  permis-
361#                 sions, access is granted,
362#
363#                 else access is denied.
364#
365###########################################################################################
366
367setfacl -m g:tacluser2:rwx tacl/mount-ext2/shared/team1
368
369su - tacluser2 << TACL_USER2
370	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 2> /dev/null
371	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 ]
372	then
373		echo ""
374		echo "SUCCESS: ACL_GROUP entry contains the group permissions,"
375		echo -e "\t option success [ Physical Directory ]"
376	else
377		echo ""
378		echo "FAILED:  [ touch ] ACL_GROUP entry already contains the group permissions,"
379		echo -e "\t but option success [ Physical Directory ]"
380	fi
381
382	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 2> /dev/null
383	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 ]
384	then
385		echo ""
386		echo "SUCCESS: ACL_GROUP entry contains the group permissions,"
387		echo -e "\t option success [ Symlink Directory ]"
388	else
389		echo ""
390		echo "FAILED:  [ touch ] ACL_GROUP entry already contains the group permissions,"
391		echo -e "\t but option success [ Symlink Directory ]"
392	fi
393
394TACL_USER2
395
396setfacl -m mask:--- tacl/mount-ext2/shared/team1
397
398su - tacluser2 << TACL_USER2
399	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 2> /dev/null
400	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 ]
401	then
402		echo ""
403		echo "FAILED:  [ touch ] ACL_GROUP entry contains the group permissions"
404		echo -e "\t and ACL_MASK entry are set ---,"
405		echo -e "\t option must no be success [ Physical Directory ]"
406	else
407		echo ""
408		echo "SUCCESS: ACL_GROUP entry already contains the group permissions"
409		echo -e "\t and ACL_MASK entry are set ---,"
410		echo -e "\t option success [ Physical Directory ]"
411	fi
412
413	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 2> /dev/null
414	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 ]
415	then
416		echo ""
417		echo "FAILED:  [ touch ] ACL_GROUP entry contains the group permissions"
418		echo -e "\t and ACL_MASK entry are set ---, "
419		echo -e "\t option must no be success [ Symlink Directory ]"
420	else
421		echo ""
422		echo "SUCCESS: ACL_GROUP entry already contains the group permissions"
423		echo -e "\t and ACL_MASK entry are set ---,"
424		echo -e "\t option success [ Symlink Directory ]"
425	fi
426
427TACL_USER2
428
429setfacl -m g::rwx tacl/mount-ext2/shared/team1
430usermod -g tacluser1 tacluser2
431
432su - tacluser2 << TACL_USER2
433
434	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 2> /dev/null
435	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 ]
436	then
437		echo ""
438		echo "SUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,"
439		echo -e "\t option success [ Physical Directory ]"
440	else
441		echo ""
442		echo "FAILED:  [ touch ] ACL_GROUP_OBJ entry already contains the group owner,"
443		echo -e "\t but option denied [ Physical Directory ]"
444	fi
445
446	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 2> /dev/null
447	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 ]
448	then
449		echo ""
450		echo "SUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,"
451		echo -e "\t option success [ Symlink Directory ]"
452	else
453		echo ""
454		echo "FAILED:  [ touch ] ACL_GROUP_OBJ entry already contains the group owner,"
455		echo -e "\t but option denied [ Symlink Directory ]"
456	fi
457
458TACL_USER2
459
460setfacl -m mask:--- tacl/mount-ext2/shared/team1
461
462su - tacluser2 << TACL_USER2
463	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 2> /dev/null
464	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 ]
465	then
466		echo ""
467		echo "FAILED:  [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions"
468		echo -e "\t and ACL_MASK entry are set ---,"
469		echo -e "\t option must no be success [ Physical Directory ]"
470	else
471		echo ""
472		echo "SUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions"
473		echo -e "\t and ACL_MASK entry are set ---,"
474		echo -e "\t option success [ Physical Directory ]"
475	fi
476
477	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 2> /dev/null
478	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 ]
479	then
480		echo ""
481		echo "FAILED:  [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions"
482		echo -e "\t and ACL_MASK entry are set ---,"
483		echo -e "\t option must no be success [ Symlink Directory ]"
484	else
485		echo ""
486		echo "SUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions"
487		echo -e "\t and ACL_MASK entry are set ---, "
488		echo -e "\t option success [ Symlink Directory ]"
489	fi
490
491TACL_USER2
492
493usermod -g tacluser2 tacluser2
494
495###################################################################################
496#
497# IF the ACL_OTHER entry contains the requested permissions, access is granted
498#
499###################################################################################
500
501setfacl -m o::rwx tacl/mount-ext2/shared/team1
502
503su - tacluser4 << TACL_USER4
504
505	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 2> /dev/null
506	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 ]
507	then
508		echo ""
509		echo "SUCCESS: ACL_OTHER entry contains the user permissions,"
510		echo -e "\t operation success [ Physical Directory ]"
511	else
512		echo ""
513		echo "FAILED:  ACL_OTHER entry contains the user permissions,"
514		echo -e "\t but operation denied [ Physical Directory ]"
515	fi
516
517	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 2> /dev/null
518	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 ]
519	then
520		echo ""
521		echo "SUCCESS: ACL_OTHER entry contains the user permissions,"
522		echo -e "\t operation success [ Symlink Directory ]"
523	else
524		echo ""
525		echo "FAILED:  ACL_OTHER entry contains the user permissions,"
526		echo -e "\t but operation denied [ Symlink Directory ]"
527	fi
528
529TACL_USER4
530
531setfacl -m mask:--- tacl/mount-ext2/shared/team1
532
533su - tacluser4 << TACL_USER4
534
535	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 2> /dev/null
536	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 ]
537	then
538		echo ""
539		echo "SUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]"
540	else
541		echo ""
542		echo "FAILED:  ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]"
543	fi
544
545	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 2> /dev/null
546	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 ]
547	then
548		echo ""
549		echo "SUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]"
550	else
551		echo ""
552		echo "FAILED:  ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]"
553	fi
554
555TACL_USER4
556
557############################################################################
558#
559# OBJECT CREATION AND DEFAULT ACLs
560# The new object inherits the default ACL of the containing directory as its access ACL.
561#
562############################################################################
563
564rm -f tacl/mount-ext2/shared/team1/newfil*
565
566#
567# Test ACL_USER_OBJ default ACLs
568#
569setfacl -m d:u::r -m d:g::r -m d:o::r tacl/mount-ext2/shared/team1
570
571su - tacluser1 << TACL_USER1
572
573	MASK=`umask`
574	umask 0
575	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1
576	umask $MASK > /dev/null
577
578TACL_USER1
579
580CONTENT=""
581CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile1`
582RES=`echo $CONTENT | grep ".r--r--r--" | awk '{print $1}'`
583
584if [ $RES != "" ]
585then
586	echo ""
587	echo "SUCCESS: With default ACLs set , new file permission set correct."
588else
589	echo ""
590	echo "FAILED:  With default ACLs set , new file permission set not correct"
591fi
592
593
594
595#
596# Test ACL_USER and ACL_GROUP defaults ACLs
597#
598setfacl -m d:u:tacluser3:rw -m d:g:tacluser3:rw tacl/mount-ext2/shared/team1
599su - tacluser3 << TACL_USER3
600
601	MASK=`umask`
602	umask 0
603	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2
604	umask $MASK > /dev/null
605
606TACL_USER3
607
608CONTENT=""
609CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile2`
610RES=`echo $CONTENT | grep ".r--rw-r--" | awk '{print $1}'`
611
612if [ $RES != "" ]
613then
614	echo ""
615	echo "SUCCESS: With default ACLs set , new file permission set correct."
616else
617	echo ""
618	echo "FAILED:  With default ACLs set , new file permission set not correct"
619fi
620
621#
622# Test ACL_GROUP default ACLs
623#
624
625setfacl -m d:u::rwx -m d:g::rwx -m d:o::rwx tacl/mount-ext2/shared/team1
626su - tacluser3 << TACL_USER3
627
628	MASK=`umask`
629	umask 0
630	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3
631	umask $MASK > /dev/null
632
633TACL_USER3
634
635CONTENT=""
636CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile3`
637RES=`echo $CONTENT | grep ".rw-rw-rw-" | awk '{print \$1}'`
638
639if [ $RES != "" ]
640then
641	echo ""
642	echo "SUCCESS: With default ACLs set , new file permission set correct."
643else
644	echo ""
645	echo "FAILED:  With default ACLs set , new file permission set not correct"
646fi
647
648
649#################################################################################
650#
651# Chmod also change ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER permissions
652#
653#################################################################################
654su - tacluser3 << TACL_USER3
655	MASK=`umask`
656	umask 0
657
658	chmod 777 $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3
659	umask $MASK > /dev/null
660TACL_USER3
661
662CONTENT=""
663CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile3`
664
665USER_PERMISSION=`echo $CONTENT | awk '{print \$10}'`
666
667GROUP_PERMISSION=`echo $CONTENT | awk '{print \$12}'`
668OTHER_PERMISSION=`echo $CONTENT | awk '{print \$15}'`
669
670if [ $USER_PERMISSION == "user::rwx" ]
671then
672	if [ $GROUP_PERMISSION == "group::rwx" ]
673	then
674		if [ $OTHER_PERMISSION == "other::rwx" ]
675		then
676			echo ""
677			echo "SUCCESS: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are correct"
678		else
679			echo ""
680			echo "FAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct"
681		fi
682	else
683		echo ""
684		echo "FAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct"
685	fi
686else
687	echo ""
688	echo "FAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct"
689fi
690
691
692#####################################################################################
693#
694# Chown only change object owner and group
695#
696#####################################################################################
697
698chown tacluser2.tacluser2 tacl/mount-ext2/shared/team1/newfile2
699CONTENT=""
700CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile2`
701
702ITEM_OWNER=`echo $CONTENT | awk '{print \$6}'`
703ITEM_GROUP=`echo $CONTENT | awk '{print \$9}'`
704
705if [ $ITEM_OWNER == "tacluser2" ]
706then
707	if [ $ITEM_GROUP == "tacluser2" ]
708	then
709		echo ""
710		echo "SUCCESS: Chown correct"
711	else
712		echo ""
713		echo "FAILED:  Chown are not correct"
714	fi
715else
716	echo "FAILED:  Chown are not correct"
717fi
718
719#####################################################
720#
721# Test ACLs backup and restore
722#
723#####################################################
724
725getfacl -RL tacl/mount-ext2/ > tacl/tmp1
726setfacl -m u::--- -m g::--- -m o::--- tacl/mount-ext2/shared/team1
727setfacl --restore tacl/tmp1
728getfacl -RL tacl/mount-ext2/ > tacl/tmp2
729
730if [ `diff tacl/tmp1 tacl/tmp2` ]
731then
732	echo ""
733	echo "FAILED:  ACLs backup and restore are not correct"
734else
735	echo ""
736	echo "SUCCESS: ACLs backup and restore are correct"
737fi
738
739echo ""
740echo -e "\tEnd ACLs Test"
741
742#####################################################
743#
744# Now begin Extend Attribute test
745#
746#####################################################
747
748echo
749echo "Now begin Extend Attribute Test"
750
751# dir
752echo
753echo "Attach name:value pair to object dir "
754echo ""
755attr -s attrname1 -V attrvalue1 tacl/mount-ext2/shared/team2
756if [ $? != 0 ]
757then
758	echo "FAILED: Attach name:value pair to object dir"
759fi
760
761#file
762echo
763echo "Attach name:value pair to object file "
764echo ""
765attr -s attrname2 -V attrvalue2 tacl/mount-ext2/shared/team2/file1
766if [ $? != 0 ]
767then
768	echo "FAILED: Attach name:value pair to object file"
769fi
770
771#symlink file
772echo
773echo "Attach name:value pair to object symlink file"
774echo ""
775attr -s attrname3 -V attrvalue3 tacl/mount-ext2/shared/team2/symlinkfile1
776if [ $? != 0 ]
777then
778	echo "INFO: Can't attach name:value pair to object symlink file"
779fi
780
781echo ""
782ls -lRt tacl/mount-ext2/shared/team2
783
784echo
785echo "get extended attributes of filesystem objects"
786echo ""
787
788echo "Dump the values"
789getfattr -d tacl/mount-ext2/shared/team2
790if [ $? != 0 ]
791then
792	echo "FAILED: getfattr: Dump the values"
793fi
794
795echo "Recursively dump the values"
796getfattr -dR tacl/mount-ext2/*
797if [ $? != 0 ]
798then
799	echo "FAILED: getfattr: Recursively Dump the values"
800fi
801
802echo "Do not follow symlinks."
803echo "but extended user attributes are disallowed for symbolic links"
804getfattr -h --no-dereference tacl/mount-ext2/shared/team2/symlinkfile1
805if [ $? != 0 ]
806then
807        echo "FAILED: getfattr: Do not follow symlinks."
808fi
809echo
810
811echo "Logical walk, follow symbolic links"
812getfattr -L tacl/mount-ext2/shared/team2/*
813if [ $? != 0 ]
814then
815	echo "FAILED: getfattr: Logical walk"
816fi
817
818echo "Physical walk, skip all symbolic links"
819getfattr -P tacl/mount-ext2/shared/team2/*
820if [ $? != 0 ]
821then
822	echo "FAILED: getfattr: Physical walk"
823fi
824
825echo "attr -g to search the named object"
826attr -g attrname1 tacl/mount-ext2/shared/team2
827if [ $? != 0 ]
828then
829	echo "FAILED: attr: to search the named object"
830fi
831echo
832
833echo "attr -r to remove the named object"
834attr -r attrname2 tacl/mount-ext2/shared/team2/file1
835if [ $? != 0 ]
836then
837	echo "FAILED: attr: to remove the named object"
838fi
839
840
841#################################
842#
843# Backup and Restore
844#
845#################################
846getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea
847setfattr -h --restore=tacl/backup.ea
848
849getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea1
850if [ `diff  tacl/backup.ea1  tacl/backup.ea` ]
851then
852        echo ""
853        echo "FAILED:  EAs backup and restore are not correct"
854else
855        echo ""
856        echo "SUCCESS: EAs backup and restore are correct"
857fi
858
859echo ""
860echo -e "\tEnd EAs Test"
861
862
863
864#####################################################
865#
866# Clean up
867#
868#####################################################
869
870userdel tacluser1
871userdel tacluser2
872userdel tacluser3
873userdel tacluser4
874umount -d tacl/mount-ext2
875rm -rf tacl
876