1#!/bin/bash 2############################################################## 3# 4# Copyright (c) International Business Machines Corp., 2003 5# 6# This program is free software; you can redistribute it and/or modify 7# it under the terms of the GNU General Public License as published by 8# the Free Software Foundation; either version 2 of the License, or 9# (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 14# the GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program; if not, write to the Free Software 18# Foundation, 19# 20# FILE : tacl_xattr.sh 21# USAGE : ./tacl_xattr.sh 22# 23# DESCRIPTION : A script that will test ACL and Extend Attribute on Linux system. 24# REQUIREMENTS: 25# 1) Kernel with loop device support 26# 2) A spare (scratch) disk partition of 100MB or larger. 27# 3) Kernel with ACL and Extend Attribute function support 28# 29# HISTORY : 30# 10/23/2003 Kai Zhao (ltcd3@cn.ibm.com) 31# 07/06/2004 Jacky Malcles enable ext3 & clean users home dir. 32# 33# CODE COVERAGE: 34# 76.3% - fs/posix_acl.c 35# 80.9% - xattr_acl.c 36# 73.0% - xattr.c 37# 38############################################################## 39 40CUR_PATH="" 41CONTENT="" 42RES="" 43USER_PERMISSION="" 44GROUP_PERMISSION="" 45OTHER_PERMISSION="" 46ITEM_OWNER="" 47ITEM_GROUP="" 48 49################################################################ 50# 51# Make sure that uid=root is running this script. 52# Make sure that loop device is built into the kernel 53# Make sure that ACL(Access Control List) and Extended Attribute are 54# built into the kernel 55# 56################################################################ 57 58if [ $UID != 0 ] 59then 60 echo "FAILED: Must have root access to execute this script" 61 exit 1 62fi 63 64################################################################# 65# 66# Prepare Ext2 file system for ACL and Extended Attribute test 67# Make some directory , file and symlink for the test 68# Add three users for the test 69# 70################################################################# 71 72if [ ! -e tacl ] 73then 74 mkdir -m 777 tacl 75else 76 echo "FAILED: Directory tacl are exist" 77 exit 1 78fi 79 80dd if=/dev/zero of=tacl/blkext2 bs=1k count=10240 81chmod 777 tacl/blkext2 82 83losetup /dev/loop0 tacl/blkext2 >/dev/null 2>&1 84if [ $? != 0 ] 85then 86 echo "" 87 echo "FAILED: [ losetup ] Must have loop device support by kernel" 88 echo -e "\t to execute this script" 89 exit 1 90fi 91 92mount | grep ext2 93if [ $? != 0 ] 94then 95 mkfs -t ext3 /dev/loop0 96 mkdir -m 777 tacl/mount-ext2 97 mount -t ext3 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2 98 if [ $? != 0 ] 99 then 100 echo "" 101 echo "FAILED: [ mount ] Make sure that ACL (Access Control List)" 102 echo -e "\t and Extended Attribute are built into the kernel" 103 echo -e "\t Can not mount ext2 file system with acl and user_xattr options" 104 exit 1 105 fi 106 107else 108 mkfs -t ext2 /dev/loop0 109 mkdir -m 777 tacl/mount-ext2 110 mount -t ext2 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2 111 if [ $? != 0 ] 112 then 113 echo "" 114 echo "FAILED: [ mount ] Make sure that ACL (Access Control List)" 115 echo -e "\t and Extended Attribute are built into the kernel" 116 echo -e "\t Can not mount ext2 file system with acl and user_xattr options" 117 exit 1 118 fi 119fi 120 121chmod 777 tacl/mount-ext2 122 123useradd -d `pwd`/tacl/tacluser1 tacluser1 124useradd -d `pwd`/tacl/tacluser2 tacluser2 125useradd -d `pwd`/tacl/tacluser3 tacluser3 126useradd -d `pwd`/tacl/tacluser4 tacluser4 127 128if [ ! -e tacl/mount-ext2/shared ] 129then 130 mkdir -p -m 777 tacl/mount-ext2/shared 131fi 132 133CUR_PATH=`pwd` 134 135su - tacluser1 << TACL_USER1 136 137 mkdir $CUR_PATH/tacl/mount-ext2/shared/team1 138 touch $CUR_PATH/tacl/mount-ext2/shared/team1/file1 139 140 cd $CUR_PATH/tacl/mount-ext2/shared/team1 141 ln -sf file1 symlinkfile1 142 cd $CUR_PATH 143 144 cd $CUR_PATH/tacl/mount-ext2/shared 145 ln -sf team1 symlinkdir1 146 cd $CUR_PATH 147 148TACL_USER1 149 150su - tacluser2 << TACL_USER2 151 152 mkdir $CUR_PATH/tacl/mount-ext2/shared/team2 153 touch $CUR_PATH/tacl/mount-ext2/shared/team2/file1 154 155 cd $CUR_PATH/tacl/mount-ext2/shared/team2 156 ln -sf file1 symlinkfile1 157 cd $CUR_PATH 158 159 cd $CUR_PATH/tacl/mount-ext2/shared 160 ln -sf team2 symlinkdir2 161 cd $CUR_PATH 162 163TACL_USER2 164 165############################################################################################# 166# 167# The permissions bit limit user's act 168# lrwxrwxrwx 1 tacluser1 tacluser1 5 Jun 23 13:39 symlinkdir1 -> team1 169# lrwxrwxrwx 1 tacluser2 tacluser2 5 Jun 23 13:39 symlinkdir2 -> team2 170# dr-x------ 2 tacluser1 tacluser1 1024 Jun 23 13:39 team1 171# drwxrwxr-x 2 tacluser2 tacluser2 1024 Jun 23 13:39 team2 172# 173############################################################################################# 174 175chmod 500 tacl/mount-ext2/shared/team1 176 177su - tacluser1 << TACL_USER1 178 179 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null 180 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ] 181 then 182 echo "" 183 echo "FAILED: [ touch ] Create file must be denied by file permission bits" 184 echo -e "\t [ Physical Directory ]" 185 else 186 echo "" 187 echo "SUCCESS: Create file denied by file permission bits [ Physical directory ]" 188 fi 189 190 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null 191 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ] 192 then 193 echo "" 194 echo "FAILED: [ touch ] Create file must be denied by file permission bits" 195 echo -e "\t [ Symlink Directory ]" 196 else 197 echo "" 198 echo "SUCCESS: Create file denied by file permission bits [ Symlink directory ]" 199 fi 200 201TACL_USER1 202 203################################################################# 204# 205# ACL_USER_OBJ are a superset of the permissions specified 206# by the file permission bits. 207# The effective user ID of the process matches the user ID of 208# the file object owner. 209# Owner's act are based ACL_USER_OBJ 210# 211################################################################# 212 213setfacl -m u::rx tacl/mount-ext2/shared/team1 214su - tacluser1 << TACL_USER1 215 216 cd $CUR_PATH/tacl/mount-ext2/shared/team1/ 2> /dev/null 217 if [ $? != 0 ] 218 then 219 echo "" 220 echo "FAILED: [ touch ] ACL_USER_OBJ entry already contains the owner execute" 221 echo -e "\t permissions, but operation failed [ Physical Directory ]" 222 else 223 echo "" 224 echo "SUCCESS: ACL_USER_OBJ entry contains the owner execute permissions, " 225 echo -e "\t operation success [ Physical Directory ]" 226 fi 227 228 cd $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/ 2> /dev/null 229 if [ $? != 0 ] 230 then 231 echo "" 232 echo "FAILED: [ touch ] ACL_USER_OBJ entry already contains the owner execute" 233 echo -e "\t permissions, but operation failed [ Symlink Directory ]" 234 else 235 echo "" 236 echo "SUCCESS: ACL_USER_OBJ entry contains the owner execute permissions," 237 echo -e "\t operation success [ Symlink Directory ]" 238 fi 239 240TACL_USER1 241 242setfacl -m u::rwx tacl/mount-ext2/shared/team1 243 244su - tacluser1 << TACL_USER1 245 246 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null 247 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ] 248 then 249 echo "" 250 echo "FAILED: [ touch ] ACL_USER_OBJ entry already contains the owner write " 251 echo -e "\t permissions, but operation failed [ Physical Directory ]" 252 else 253 echo "" 254 echo "SUCCESS: ACL_USER_OBJ entry contains the owner write permissions," 255 echo -e "\t operation success [ Physical Directory ]" 256 fi 257 258 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null 259 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ] 260 then 261 echo "" 262 echo "FAILED: [ touch ] ACL_USER_OBJ entry already contains the owner write " 263 echo -e "\t permissions, but operation failed [ Symlink Directory ]" 264 else 265 echo "" 266 echo "SUCCESS: ACL_USER_OBJ entry contains the owner write permissions," 267 echo -e "\t operation success [ Symlink Directory ]" 268 fi 269 270TACL_USER1 271 272################################################################# 273# 274# The effective user ID of the process matches the qualifier of 275# any entry of type ACL_USER 276# IF the matching ACL_USER entry and the ACL_MASK 277# entry contain the requested permissions,# access is granted, 278# ELSE access is denied. 279# 280################################################################# 281 282setfacl -m u:tacluser3:rwx tacl/mount-ext2/shared/team1 283 284su - tacluser3 << TACL_USER3 285 286 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 2> /dev/null 287 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 ] 288 then 289 echo "" 290 echo "SUCCESS: ACL_USER entry contains the user permissions, " 291 echo -e "\t operation success [ Physical Directory ]" 292 else 293 echo "" 294 echo "FAILED: ACL_USER entry contains the user permissions," 295 echo -e "\t but operation denied [ Physical Directory ]" 296 fi 297 298 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 2> /dev/null 299 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 ] 300 then 301 echo "" 302 echo "SUCCESS: ACL_USER entry contains the user permissions, " 303 echo -e "\t operation success [ Symlink Directory ]" 304 else 305 echo "" 306 echo "FAILED: ACL_USER entry contains the user permissions," 307 echo -e "\t but operation denied [ Symlink Directory ]" 308 fi 309 310TACL_USER3 311 312setfacl -m mask:--- tacl/mount-ext2/shared/team1 313 314su - tacluser3 << TACL_USER3 315 316 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 2> /dev/null 317 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 ] 318 then 319 echo "" 320 echo "FAILED: [ touch ] ACL_USER entry contains the user permissions" 321 echo -e "\t but ACL_MASK are set --- , " 322 echo -e "\t operation must be denied [ Physical Directory ]" 323 else 324 echo "" 325 echo "SUCCESS: ACL_USER entry contains the user permissions," 326 echo -e "\t but ACL_MASK are set ___ ," 327 echo -e "\t operation success [ Physical Directory ]" 328 fi 329 330 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 2> /dev/null 331 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 ] 332 then 333 echo "" 334 echo "FAILED: [ touch ] ACL_USER entry contains the user permissions" 335 echo -e "\t but ACL_MASK are set --- ," 336 echo -e "\t operation must be denied [ Symlink Directory ]" 337 else 338 echo "" 339 echo "SUCCESS: ACL_USER entry contains the user permissions," 340 echo -e "\t but ACL_MASK are set ___ ," 341 echo -e "\t operation success [ Symlink Directory ]" 342 fi 343 344TACL_USER3 345 346########################################################################################### 347# 348# The effective group ID or any of the supplementary group IDs of the process match the 349# qualifier of the entry of type ACL_GROUP_OBJ, or the qualifier of any entry of type 350# ACL_GROUP 351# 352# IF the ACL contains an ACL_MASK entry, THEN 353# if the ACL_MASK entry and any of the matching ACL_GROUP_OBJ 354# or ACL_GROUP entries contain the requested permissions, 355# access is granted, 356# 357# else access is denied. 358# 359# ELSE (note that there can be no ACL_GROUP entries without an ACL_MASK entry) 360# if the ACL_GROUP_OBJ entry contains the requested permis- 361# sions, access is granted, 362# 363# else access is denied. 364# 365########################################################################################### 366 367setfacl -m g:tacluser2:rwx tacl/mount-ext2/shared/team1 368 369su - tacluser2 << TACL_USER2 370 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 2> /dev/null 371 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 ] 372 then 373 echo "" 374 echo "SUCCESS: ACL_GROUP entry contains the group permissions," 375 echo -e "\t option success [ Physical Directory ]" 376 else 377 echo "" 378 echo "FAILED: [ touch ] ACL_GROUP entry already contains the group permissions," 379 echo -e "\t but option success [ Physical Directory ]" 380 fi 381 382 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 2> /dev/null 383 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 ] 384 then 385 echo "" 386 echo "SUCCESS: ACL_GROUP entry contains the group permissions," 387 echo -e "\t option success [ Symlink Directory ]" 388 else 389 echo "" 390 echo "FAILED: [ touch ] ACL_GROUP entry already contains the group permissions," 391 echo -e "\t but option success [ Symlink Directory ]" 392 fi 393 394TACL_USER2 395 396setfacl -m mask:--- tacl/mount-ext2/shared/team1 397 398su - tacluser2 << TACL_USER2 399 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 2> /dev/null 400 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 ] 401 then 402 echo "" 403 echo "FAILED: [ touch ] ACL_GROUP entry contains the group permissions" 404 echo -e "\t and ACL_MASK entry are set ---," 405 echo -e "\t option must no be success [ Physical Directory ]" 406 else 407 echo "" 408 echo "SUCCESS: ACL_GROUP entry already contains the group permissions" 409 echo -e "\t and ACL_MASK entry are set ---," 410 echo -e "\t option success [ Physical Directory ]" 411 fi 412 413 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 2> /dev/null 414 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 ] 415 then 416 echo "" 417 echo "FAILED: [ touch ] ACL_GROUP entry contains the group permissions" 418 echo -e "\t and ACL_MASK entry are set ---, " 419 echo -e "\t option must no be success [ Symlink Directory ]" 420 else 421 echo "" 422 echo "SUCCESS: ACL_GROUP entry already contains the group permissions" 423 echo -e "\t and ACL_MASK entry are set ---," 424 echo -e "\t option success [ Symlink Directory ]" 425 fi 426 427TACL_USER2 428 429setfacl -m g::rwx tacl/mount-ext2/shared/team1 430usermod -g tacluser1 tacluser2 431 432su - tacluser2 << TACL_USER2 433 434 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 2> /dev/null 435 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 ] 436 then 437 echo "" 438 echo "SUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions," 439 echo -e "\t option success [ Physical Directory ]" 440 else 441 echo "" 442 echo "FAILED: [ touch ] ACL_GROUP_OBJ entry already contains the group owner," 443 echo -e "\t but option denied [ Physical Directory ]" 444 fi 445 446 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 2> /dev/null 447 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 ] 448 then 449 echo "" 450 echo "SUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions," 451 echo -e "\t option success [ Symlink Directory ]" 452 else 453 echo "" 454 echo "FAILED: [ touch ] ACL_GROUP_OBJ entry already contains the group owner," 455 echo -e "\t but option denied [ Symlink Directory ]" 456 fi 457 458TACL_USER2 459 460setfacl -m mask:--- tacl/mount-ext2/shared/team1 461 462su - tacluser2 << TACL_USER2 463 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 2> /dev/null 464 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 ] 465 then 466 echo "" 467 echo "FAILED: [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions" 468 echo -e "\t and ACL_MASK entry are set ---," 469 echo -e "\t option must no be success [ Physical Directory ]" 470 else 471 echo "" 472 echo "SUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions" 473 echo -e "\t and ACL_MASK entry are set ---," 474 echo -e "\t option success [ Physical Directory ]" 475 fi 476 477 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 2> /dev/null 478 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 ] 479 then 480 echo "" 481 echo "FAILED: [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions" 482 echo -e "\t and ACL_MASK entry are set ---," 483 echo -e "\t option must no be success [ Symlink Directory ]" 484 else 485 echo "" 486 echo "SUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions" 487 echo -e "\t and ACL_MASK entry are set ---, " 488 echo -e "\t option success [ Symlink Directory ]" 489 fi 490 491TACL_USER2 492 493usermod -g tacluser2 tacluser2 494 495################################################################################### 496# 497# IF the ACL_OTHER entry contains the requested permissions, access is granted 498# 499################################################################################### 500 501setfacl -m o::rwx tacl/mount-ext2/shared/team1 502 503su - tacluser4 << TACL_USER4 504 505 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 2> /dev/null 506 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 ] 507 then 508 echo "" 509 echo "SUCCESS: ACL_OTHER entry contains the user permissions," 510 echo -e "\t operation success [ Physical Directory ]" 511 else 512 echo "" 513 echo "FAILED: ACL_OTHER entry contains the user permissions," 514 echo -e "\t but operation denied [ Physical Directory ]" 515 fi 516 517 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 2> /dev/null 518 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 ] 519 then 520 echo "" 521 echo "SUCCESS: ACL_OTHER entry contains the user permissions," 522 echo -e "\t operation success [ Symlink Directory ]" 523 else 524 echo "" 525 echo "FAILED: ACL_OTHER entry contains the user permissions," 526 echo -e "\t but operation denied [ Symlink Directory ]" 527 fi 528 529TACL_USER4 530 531setfacl -m mask:--- tacl/mount-ext2/shared/team1 532 533su - tacluser4 << TACL_USER4 534 535 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 2> /dev/null 536 if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 ] 537 then 538 echo "" 539 echo "SUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]" 540 else 541 echo "" 542 echo "FAILED: ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]" 543 fi 544 545 touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 2> /dev/null 546 if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 ] 547 then 548 echo "" 549 echo "SUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]" 550 else 551 echo "" 552 echo "FAILED: ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]" 553 fi 554 555TACL_USER4 556 557############################################################################ 558# 559# OBJECT CREATION AND DEFAULT ACLs 560# The new object inherits the default ACL of the containing directory as its access ACL. 561# 562############################################################################ 563 564rm -f tacl/mount-ext2/shared/team1/newfil* 565 566# 567# Test ACL_USER_OBJ default ACLs 568# 569setfacl -m d:u::r -m d:g::r -m d:o::r tacl/mount-ext2/shared/team1 570 571su - tacluser1 << TACL_USER1 572 573 MASK=`umask` 574 umask 0 575 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 576 umask $MASK > /dev/null 577 578TACL_USER1 579 580CONTENT="" 581CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile1` 582RES=`echo $CONTENT | grep ".r--r--r--" | awk '{print $1}'` 583 584if [ $RES != "" ] 585then 586 echo "" 587 echo "SUCCESS: With default ACLs set , new file permission set correct." 588else 589 echo "" 590 echo "FAILED: With default ACLs set , new file permission set not correct" 591fi 592 593 594 595# 596# Test ACL_USER and ACL_GROUP defaults ACLs 597# 598setfacl -m d:u:tacluser3:rw -m d:g:tacluser3:rw tacl/mount-ext2/shared/team1 599su - tacluser3 << TACL_USER3 600 601 MASK=`umask` 602 umask 0 603 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 604 umask $MASK > /dev/null 605 606TACL_USER3 607 608CONTENT="" 609CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile2` 610RES=`echo $CONTENT | grep ".r--rw-r--" | awk '{print $1}'` 611 612if [ $RES != "" ] 613then 614 echo "" 615 echo "SUCCESS: With default ACLs set , new file permission set correct." 616else 617 echo "" 618 echo "FAILED: With default ACLs set , new file permission set not correct" 619fi 620 621# 622# Test ACL_GROUP default ACLs 623# 624 625setfacl -m d:u::rwx -m d:g::rwx -m d:o::rwx tacl/mount-ext2/shared/team1 626su - tacluser3 << TACL_USER3 627 628 MASK=`umask` 629 umask 0 630 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 631 umask $MASK > /dev/null 632 633TACL_USER3 634 635CONTENT="" 636CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile3` 637RES=`echo $CONTENT | grep ".rw-rw-rw-" | awk '{print \$1}'` 638 639if [ $RES != "" ] 640then 641 echo "" 642 echo "SUCCESS: With default ACLs set , new file permission set correct." 643else 644 echo "" 645 echo "FAILED: With default ACLs set , new file permission set not correct" 646fi 647 648 649################################################################################# 650# 651# Chmod also change ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER permissions 652# 653################################################################################# 654su - tacluser3 << TACL_USER3 655 MASK=`umask` 656 umask 0 657 658 chmod 777 $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 659 umask $MASK > /dev/null 660TACL_USER3 661 662CONTENT="" 663CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile3` 664 665USER_PERMISSION=`echo $CONTENT | awk '{print \$10}'` 666 667GROUP_PERMISSION=`echo $CONTENT | awk '{print \$12}'` 668OTHER_PERMISSION=`echo $CONTENT | awk '{print \$15}'` 669 670if [ $USER_PERMISSION == "user::rwx" ] 671then 672 if [ $GROUP_PERMISSION == "group::rwx" ] 673 then 674 if [ $OTHER_PERMISSION == "other::rwx" ] 675 then 676 echo "" 677 echo "SUCCESS: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are correct" 678 else 679 echo "" 680 echo "FAILED: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct" 681 fi 682 else 683 echo "" 684 echo "FAILED: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct" 685 fi 686else 687 echo "" 688 echo "FAILED: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct" 689fi 690 691 692##################################################################################### 693# 694# Chown only change object owner and group 695# 696##################################################################################### 697 698chown tacluser2.tacluser2 tacl/mount-ext2/shared/team1/newfile2 699CONTENT="" 700CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile2` 701 702ITEM_OWNER=`echo $CONTENT | awk '{print \$6}'` 703ITEM_GROUP=`echo $CONTENT | awk '{print \$9}'` 704 705if [ $ITEM_OWNER == "tacluser2" ] 706then 707 if [ $ITEM_GROUP == "tacluser2" ] 708 then 709 echo "" 710 echo "SUCCESS: Chown correct" 711 else 712 echo "" 713 echo "FAILED: Chown are not correct" 714 fi 715else 716 echo "FAILED: Chown are not correct" 717fi 718 719##################################################### 720# 721# Test ACLs backup and restore 722# 723##################################################### 724 725getfacl -RL tacl/mount-ext2/ > tacl/tmp1 726setfacl -m u::--- -m g::--- -m o::--- tacl/mount-ext2/shared/team1 727setfacl --restore tacl/tmp1 728getfacl -RL tacl/mount-ext2/ > tacl/tmp2 729 730if [ `diff tacl/tmp1 tacl/tmp2` ] 731then 732 echo "" 733 echo "FAILED: ACLs backup and restore are not correct" 734else 735 echo "" 736 echo "SUCCESS: ACLs backup and restore are correct" 737fi 738 739echo "" 740echo -e "\tEnd ACLs Test" 741 742##################################################### 743# 744# Now begin Extend Attribute test 745# 746##################################################### 747 748echo 749echo "Now begin Extend Attribute Test" 750 751# dir 752echo 753echo "Attach name:value pair to object dir " 754echo "" 755attr -s attrname1 -V attrvalue1 tacl/mount-ext2/shared/team2 756if [ $? != 0 ] 757then 758 echo "FAILED: Attach name:value pair to object dir" 759fi 760 761#file 762echo 763echo "Attach name:value pair to object file " 764echo "" 765attr -s attrname2 -V attrvalue2 tacl/mount-ext2/shared/team2/file1 766if [ $? != 0 ] 767then 768 echo "FAILED: Attach name:value pair to object file" 769fi 770 771#symlink file 772echo 773echo "Attach name:value pair to object symlink file" 774echo "" 775attr -s attrname3 -V attrvalue3 tacl/mount-ext2/shared/team2/symlinkfile1 776if [ $? != 0 ] 777then 778 echo "INFO: Can't attach name:value pair to object symlink file" 779fi 780 781echo "" 782ls -lRt tacl/mount-ext2/shared/team2 783 784echo 785echo "get extended attributes of filesystem objects" 786echo "" 787 788echo "Dump the values" 789getfattr -d tacl/mount-ext2/shared/team2 790if [ $? != 0 ] 791then 792 echo "FAILED: getfattr: Dump the values" 793fi 794 795echo "Recursively dump the values" 796getfattr -dR tacl/mount-ext2/* 797if [ $? != 0 ] 798then 799 echo "FAILED: getfattr: Recursively Dump the values" 800fi 801 802echo "Do not follow symlinks." 803echo "but extended user attributes are disallowed for symbolic links" 804getfattr -h --no-dereference tacl/mount-ext2/shared/team2/symlinkfile1 805if [ $? != 0 ] 806then 807 echo "FAILED: getfattr: Do not follow symlinks." 808fi 809echo 810 811echo "Logical walk, follow symbolic links" 812getfattr -L tacl/mount-ext2/shared/team2/* 813if [ $? != 0 ] 814then 815 echo "FAILED: getfattr: Logical walk" 816fi 817 818echo "Physical walk, skip all symbolic links" 819getfattr -P tacl/mount-ext2/shared/team2/* 820if [ $? != 0 ] 821then 822 echo "FAILED: getfattr: Physical walk" 823fi 824 825echo "attr -g to search the named object" 826attr -g attrname1 tacl/mount-ext2/shared/team2 827if [ $? != 0 ] 828then 829 echo "FAILED: attr: to search the named object" 830fi 831echo 832 833echo "attr -r to remove the named object" 834attr -r attrname2 tacl/mount-ext2/shared/team2/file1 835if [ $? != 0 ] 836then 837 echo "FAILED: attr: to remove the named object" 838fi 839 840 841################################# 842# 843# Backup and Restore 844# 845################################# 846getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea 847setfattr -h --restore=tacl/backup.ea 848 849getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea1 850if [ `diff tacl/backup.ea1 tacl/backup.ea` ] 851then 852 echo "" 853 echo "FAILED: EAs backup and restore are not correct" 854else 855 echo "" 856 echo "SUCCESS: EAs backup and restore are correct" 857fi 858 859echo "" 860echo -e "\tEnd EAs Test" 861 862 863 864##################################################### 865# 866# Clean up 867# 868##################################################### 869 870userdel tacluser1 871userdel tacluser2 872userdel tacluser3 873userdel tacluser4 874umount -d tacl/mount-ext2 875rm -rf tacl 876