From 04a88fc00cce9f0744d7e815cbe0ced4dd009b75 Mon Sep 17 00:00:00 2001 From: Paul Zuchowski <31706010+PaulZ-98@users.noreply.github.com> Date: Wed, 31 Oct 2018 19:58:43 -0400 Subject: [PATCH] ZTS: Fix posix ACL tests that should pass Make sure tests have proper include files. Make sure underlying "chmod" style permissions don't interfere with ACLs. Reviewed-by: John Kennedy Reviewed-by: Brian Behlendorf Signed-off-by: Paul Zuchowski Closes #8069 --- tests/test-runner/bin/zts-report.py | 2 -- .../functional/acl/posix/posix_001_pos.ksh | 35 +++++++++++++++++-- .../functional/acl/posix/posix_002_pos.ksh | 18 ++++++++-- 3 files changed, 48 insertions(+), 7 deletions(-) diff --git a/tests/test-runner/bin/zts-report.py b/tests/test-runner/bin/zts-report.py index 8b58950b8..bc57b5f07 100755 --- a/tests/test-runner/bin/zts-report.py +++ b/tests/test-runner/bin/zts-report.py @@ -151,8 +151,6 @@ summary = { # reasons listed above can be used. # known = { - 'acl/posix/posix_001_pos': ['FAIL', known_reason], - 'acl/posix/posix_002_pos': ['FAIL', known_reason], 'casenorm/sensitive_none_lookup': ['FAIL', '7633'], 'casenorm/sensitive_none_delete': ['FAIL', '7633'], 'casenorm/sensitive_formd_lookup': ['FAIL', '7633'], diff --git a/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh b/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh index b34fd965b..66124fe9c 100755 --- a/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh +++ b/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh @@ -26,6 +26,7 @@ # . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/acl/acl_common.kshlib # # Copyright (c) 2012 by Delphix. All rights reserved. @@ -43,19 +44,47 @@ # verify_runnable "both" + +function cleanup +{ + rmdir $TESTDIR/dir.0 +} + log_assert "Verify acltype=posixacl works on file" +log_onexit cleanup # Test access to FILE log_note "Testing access to FILE" log_must touch $TESTDIR/file.0 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0 -getfacl $TESTDIR/file.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:rw-$" +getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \ + "^group:$ZFS_ACL_STAFF_GROUP:rw-$" if [ "$?" -eq "0" ]; then # Should be able to write to file - log_must user_run $ZFS_ACL_STAFF1 "echo 'echo test > /dev/null' > $TESTDIR/file.0" + log_must user_run $ZFS_ACL_STAFF1 \ + "echo 'echo test > /dev/null' > $TESTDIR/file.0" + # Since $TESTDIR is 777, create a new dir with controlled permissions + # for testing that creating a new file is not allowed. + log_must mkdir $TESTDIR/dir.0 + log_must chmod 700 $TESTDIR/dir.0 + log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0 + # Confirm permissions + ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+" + if [ "$?" -ne "0" ]; then + msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}') + log_note "expected mask drwxrw----+ but found $msk" + log_fail "Expected permissions were not set." + fi + getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \ + "^group:$ZFS_ACL_STAFF_GROUP:rw-$" + if [ "$?" -ne "0" ]; then + acl=$(getfacl $TESTDIR/dir.0 2> /dev/null) + log_note $acl + log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set." + fi # Should NOT be able to create new file - log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/file.1" + log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1" # Root should be able to run file, but not user chmod +x $TESTDIR/file.0 diff --git a/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh b/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh index 218df9760..1aceffd15 100755 --- a/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh +++ b/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh @@ -26,6 +26,7 @@ # . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/acl/acl_common.kshlib # # Copyright (c) 2012 by Delphix. All rights reserved. @@ -47,8 +48,19 @@ log_assert "Verify acltype=posixacl works on directory" # Test access to DIRECTORY log_note "Testing access to DIRECTORY" log_must mkdir $TESTDIR/dir.0 +# Eliminate access by "other" including our test group, +# we want access controlled only by the ACLs. +log_must chmod 700 $TESTDIR/dir.0 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:wx $TESTDIR/dir.0 -getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:-wx$" +# Confirm permissions +ls -l $TESTDIR |grep "dir.0" |grep -q "drwx-wx---+" +if [ "$?" -ne "0" ]; then + msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}') + log_note "expected mask drwx-wx---+ but found $msk" + log_fail "Expected permissions were not set." +fi +getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \ + "^group:$ZFS_ACL_STAFF_GROUP:-wx$" if [ "$?" -eq "0" ]; then # Should be able to create file in directory log_must user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.0" @@ -58,5 +70,7 @@ if [ "$?" -eq "0" ]; then log_pass "POSIX ACL mode works on directories" else - log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rwx' as specified" + acl=$(getfacl $TESTDIR/dir.0 2> /dev/null) + log_note $acl + log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have '-wx' as specified" fi -- 2.40.0