• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2##############################################################
3#
4#  Copyright (c) International Business Machines  Corp., 2003
5#
6#  This program is free software;  you can redistribute it and/or modify
7#  it under the terms of the GNU General Public License as published by
8#  the Free Software Foundation; either version 2 of the License, or
9#  (at your option) any later version.
10#
11#  This program is distributed in the hope that it will be useful,
12#  but WITHOUT ANY WARRANTY;  without even the implied warranty of
13#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
14#  the GNU General Public License for more details.
15#
16#  You should have received a copy of the GNU General Public License
17#  along with this program;  if not, write to the Free Software
18#  Foundation,
19#
20#  FILE        : tacl_xattr.sh
21#  USAGE       : ./tacl_xattr.sh
22#
23#  DESCRIPTION : A script that will test ACL and Extend Attribute on Linux system.
24#  REQUIREMENTS:
25#                1) Kernel with loop device support
26#                2) A spare (scratch) disk partition of 100MB or larger.
27#                3) Kernel with ACL and Extend Attribute function support
28#
29#  HISTORY     :
30#      10/23/2003 Kai Zhao (ltcd3@cn.ibm.com)
31#      07/06/2004 Jacky Malcles enable ext3 & clean users home dir.
32#
33#  CODE COVERAGE:
34#                 76.3% - fs/posix_acl.c
35#                 80.9% - xattr_acl.c
36#                 73.0% - xattr.c
37#
38##############################################################
39
40CUR_PATH=""
41CONTENT=""
42RES=""
43USER_PERMISSION=""
44GROUP_PERMISSION=""
45OTHER_PERMISSION=""
46ITEM_OWNER=""
47ITEM_GROUP=""
48
49################################################################
50#
51# Make sure that uid=root is running this script.
52# Make sure that loop device is built into the kernel
53# Make sure that ACL(Access Control List) and Extended Attribute are
54#     built into the kernel
55#
56################################################################
57
58if [ $UID != 0 ]
59then
60	echo "FAILED: Must have root access to execute this script"
61	exit 1
62fi
63
64#################################################################
65#
66# Prepare Ext2 file system for ACL and Extended Attribute test
67# Make some directory , file and symlink for the test
68# Add three users for the test
69#
70#################################################################
71
72if [ ! -e tacl ]
73then
74	mkdir -m 777 tacl
75else
76	echo "FAILED: Directory tacl are exist"
77	exit 1
78fi
79
80dd if=/dev/zero of=tacl/blkext2 bs=1k count=10240
81chmod 777 tacl/blkext2
82
83losetup /dev/loop0 tacl/blkext2 >/dev/null 2>&1
84if [ $? != 0 ]
85then
86	printf "\nFAILED:  [ losetup ] Must have loop device support by kernel\n"
87	printf "\t to execute this script\n"
88	exit 1
89fi
90
91mount | grep ext2
92if [ $? != 0 ]
93then
94	mkfs -t ext3 /dev/loop0
95	mkdir  -m 777 tacl/mount-ext2
96	mount -t ext3 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2
97	if [ $? != 0 ]
98	then
99		printf "\nFAILED:  [ mount ] Make sure that ACL (Access Control List)\n"
100		printf "\t and Extended Attribute are built into the kernel\n"
101		printf "\t Can not mount ext2 file system with acl and user_xattr options\n"
102		exit 1
103	fi
104
105else
106	mkfs -t ext2 /dev/loop0
107	mkdir  -m 777 tacl/mount-ext2
108	mount -t ext2 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2
109	if [ $? != 0 ]
110	then
111		printf "\nFAILED:  [ mount ] Make sure that ACL (Access Control List)\n"
112		printf "\t and Extended Attribute are built into the kernel\n"
113		printf "\t Can not mount ext2 file system with acl and user_xattr options\n"
114		exit 1
115	fi
116fi
117
118chmod 777 tacl/mount-ext2
119
120useradd -d `pwd`/tacl/tacluser1 tacluser1
121useradd -d `pwd`/tacl/tacluser2 tacluser2
122useradd -d `pwd`/tacl/tacluser3 tacluser3
123useradd -d `pwd`/tacl/tacluser4 tacluser4
124
125if [ ! -e tacl/mount-ext2/shared ]
126then
127	mkdir -p -m 777 tacl/mount-ext2/shared
128fi
129
130CUR_PATH=`pwd`
131
132su - tacluser1 << TACL_USER1
133
134	mkdir $CUR_PATH/tacl/mount-ext2/shared/team1
135	touch $CUR_PATH/tacl/mount-ext2/shared/team1/file1
136
137	cd $CUR_PATH/tacl/mount-ext2/shared/team1
138	ln -sf file1 symlinkfile1
139	cd $CUR_PATH
140
141	cd $CUR_PATH/tacl/mount-ext2/shared
142	ln -sf team1 symlinkdir1
143	cd $CUR_PATH
144
145TACL_USER1
146
147su - tacluser2 << TACL_USER2
148
149	mkdir $CUR_PATH/tacl/mount-ext2/shared/team2
150	touch $CUR_PATH/tacl/mount-ext2/shared/team2/file1
151
152	cd $CUR_PATH/tacl/mount-ext2/shared/team2
153	ln -sf file1 symlinkfile1
154	cd $CUR_PATH
155
156	cd $CUR_PATH/tacl/mount-ext2/shared
157	ln -sf team2 symlinkdir2
158	cd $CUR_PATH
159
160TACL_USER2
161
162#############################################################################################
163#
164#  The permissions bit limit user's act
165#  lrwxrwxrwx    1 tacluser1 tacluser1        5 Jun 23 13:39 symlinkdir1 -> team1
166#  lrwxrwxrwx    1 tacluser2 tacluser2        5 Jun 23 13:39 symlinkdir2 -> team2
167#  dr-x------    2 tacluser1 tacluser1     1024 Jun 23 13:39 team1
168#  drwxrwxr-x    2 tacluser2 tacluser2     1024 Jun 23 13:39 team2
169#
170#############################################################################################
171
172chmod 500 tacl/mount-ext2/shared/team1
173
174su - tacluser1 << TACL_USER1
175
176	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null
177	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ]
178	then
179		printf "\nFAILED:  [ touch ] Create file must be denied by file permission bits\n"
180		printf "\t [ Physical Directory ]\n"
181	else
182		printf "\nSUCCESS: Create file denied by file permission bits [ Physical directory ]\n"
183	fi
184
185	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null
186	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ]
187	then
188		printf "\nFAILED:  [ touch ] Create file must be denied by file permission bits\n"
189		printf "\t [ Symlink Directory ]\n"
190	else
191		printf "\nSUCCESS: Create file denied by file permission bits [ Symlink directory ]\n"
192	fi
193
194TACL_USER1
195
196#################################################################
197#
198# ACL_USER_OBJ are a superset of the permissions specified
199#   by the file permission bits.
200# The effective user ID of the process matches the user ID of
201#   the file object owner.
202# Owner's act are based ACL_USER_OBJ
203#
204#################################################################
205
206setfacl -m u::rx tacl/mount-ext2/shared/team1
207su - tacluser1 << TACL_USER1
208
209	cd $CUR_PATH/tacl/mount-ext2/shared/team1/ 2> /dev/null
210	if [ $? != 0 ]
211	then
212		printf "\nFAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner execute\n"
213		printf "\t permissions, but operation failed [ Physical Directory ]\n"
214	else
215		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner execute permissions,\n"
216		printf "\t operation success [ Physical Directory ]\n"
217	fi
218
219	cd $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/ 2> /dev/null
220	if [ $? != 0 ]
221	then
222		printf "\nFAILED: [ touch ] ACL_USER_OBJ  entry already contains the owner execute\n"
223		printf "\t permissions, but operation failed [ Symlink Directory ]\n"
224	else
225		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner execute permissions,\n"
226		printf "\t operation success [ Symlink Directory ]\n"
227	fi
228
229TACL_USER1
230
231setfacl -m u::rwx tacl/mount-ext2/shared/team1
232
233su - tacluser1 << TACL_USER1
234
235	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null
236	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ]
237	then
238		printf "\nFAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner write \n"
239		printf "\t permissions, but operation failed [ Physical Directory ]\n"
240	else
241		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner write permissions,\n"
242		printf "\t operation success [ Physical Directory ]\n"
243	fi
244
245	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null
246	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ]
247	then
248		printf "\nFAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner write \n"
249		printf "\t permissions, but operation failed [ Symlink Directory ]\n"
250	else
251		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner write permissions,\n"
252		printf "\t operation success [ Symlink Directory ]\n"
253	fi
254
255TACL_USER1
256
257#################################################################
258#
259# The effective user ID of the process matches the qualifier of
260#   any entry of type ACL_USER
261# IF  the  matching  ACL_USER entry and the ACL_MASK
262#   entry contain the requested permissions,#  access is granted,
263#  ELSE access is denied.
264#
265#################################################################
266
267setfacl -m u:tacluser3:rwx tacl/mount-ext2/shared/team1
268
269su - tacluser3 << TACL_USER3
270
271	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 2> /dev/null
272	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 ]
273	then
274		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
275		printf "\t operation success [ Physical Directory ]\n"
276	else
277		printf "\nFAILED:  ACL_USER entry contains the user permissions,\n"
278		printf "\t but operation denied [ Physical Directory ]\n"
279	fi
280
281	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 2> /dev/null
282	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 ]
283	then
284		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
285		printf "\t operation success [ Symlink Directory ]\n"
286	else
287		printf "\nFAILED:  ACL_USER entry contains the user permissions,\n"
288		printf "\t but operation denied [ Symlink Directory ]\n"
289	fi
290
291TACL_USER3
292
293setfacl -m mask:--- tacl/mount-ext2/shared/team1
294
295su - tacluser3 << TACL_USER3
296
297	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 2> /dev/null
298	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 ]
299	then
300		printf "\nFAILED:  [ touch ] ACL_USER entry contains the user permissions\n"
301		printf "\t but ACL_MASK are set --- ,\n"
302		printf "\t operation must be denied [ Physical Directory ]\n"
303	else
304		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
305		printf "\t but ACL_MASK are set ___ ,\n"
306		printf "\t operation success [ Physical Directory ]\n"
307	fi
308
309	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 2> /dev/null
310	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 ]
311	then
312		printf "\nFAILED:  [ touch ] ACL_USER entry contains the user permissions\n"
313		printf "\t but ACL_MASK are set --- ,\n"
314		printf "\t operation must be denied [ Symlink Directory ]\n"
315	else
316		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
317		printf "\t but ACL_MASK are set ___ ,\n"
318		printf "\t operation success [ Symlink Directory ]\n"
319	fi
320
321TACL_USER3
322
323###########################################################################################
324#
325# The effective group ID or any of the supplementary group IDs of the process match the
326#  qualifier of the entry of type ACL_GROUP_OBJ, or the qualifier of any entry of type
327#  ACL_GROUP
328#
329# IF the ACL contains an ACL_MASK entry, THEN
330#                 if  the ACL_MASK entry and any of the matching ACL_GROUP_OBJ
331#                 or ACL_GROUP  entries  contain  the  requested  permissions,
332#                 access is granted,
333#
334#                 else access is denied.
335#
336# ELSE  (note  that  there  can be no ACL_GROUP entries without an ACL_MASK entry)
337#                 if the ACL_GROUP_OBJ entry contains  the  requested  permis-
338#                 sions, access is granted,
339#
340#                 else access is denied.
341#
342###########################################################################################
343
344setfacl -m g:tacluser2:rwx tacl/mount-ext2/shared/team1
345
346su - tacluser2 << TACL_USER2
347	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 2> /dev/null
348	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 ]
349	then
350		printf "\nSUCCESS: ACL_GROUP entry contains the group permissions,\n"
351		printf "\t option success [ Physical Directory ]\n"
352	else
353		printf "\nFAILED:  [ touch ] ACL_GROUP entry already contains the group permissions,\n"
354		printf "\t but option success [ Physical Directory ]\n"
355	fi
356
357	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 2> /dev/null
358	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 ]
359	then
360		printf "\nSUCCESS: ACL_GROUP entry contains the group permissions,\n"
361		printf "\t option success [ Symlink Directory ]\n"
362	else
363		printf "\nFAILED:  [ touch ] ACL_GROUP entry already contains the group permissions,\n"
364		printf "\t but option success [ Symlink Directory ]\n"
365	fi
366
367TACL_USER2
368
369setfacl -m mask:--- tacl/mount-ext2/shared/team1
370
371su - tacluser2 << TACL_USER2
372	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 2> /dev/null
373	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 ]
374	then
375		printf "\nFAILED:  [ touch ] ACL_GROUP entry contains the group permissions\n"
376		printf "\t and ACL_MASK entry are set ---,\n"
377		printf "\t option must no be success [ Physical Directory ]\n"
378	else
379		printf "\nSUCCESS: ACL_GROUP entry already contains the group permissions\n"
380		printf "\t and ACL_MASK entry are set ---,\n"
381		printf "\t option success [ Physical Directory ]\n"
382	fi
383
384	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 2> /dev/null
385	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 ]
386	then
387		printf "\nFAILED:  [ touch ] ACL_GROUP entry contains the group permissions\n"
388		printf "\t and ACL_MASK entry are set ---,\n"
389		printf "\t option must no be success [ Symlink Directory ]\n"
390	else
391		printf "\nSUCCESS: ACL_GROUP entry already contains the group permissions\n"
392		printf "\t and ACL_MASK entry are set ---,\n"
393		printf "\t option success [ Symlink Directory ]\n"
394	fi
395
396TACL_USER2
397
398setfacl -m g::rwx tacl/mount-ext2/shared/team1
399usermod -g tacluser1 tacluser2
400
401su - tacluser2 << TACL_USER2
402
403	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 2> /dev/null
404	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 ]
405	then
406		printf "\nSUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,\n"
407		printf "\t option success [ Physical Directory ]\n"
408	else
409		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry already contains the group owner,\n"
410		printf "\t but option denied [ Physical Directory ]\n"
411	fi
412
413	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 2> /dev/null
414	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 ]
415	then
416		printf "\nSUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,\n"
417		printf "\t option success [ Symlink Directory ]\n"
418	else
419		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry already contains the group owner,\n"
420		printf "\t but option denied [ Symlink Directory ]\n"
421	fi
422
423TACL_USER2
424
425setfacl -m mask:--- tacl/mount-ext2/shared/team1
426
427su - tacluser2 << TACL_USER2
428	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 2> /dev/null
429	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 ]
430	then
431		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions\n"
432		printf "\t and ACL_MASK entry are set ---,\n"
433		printf "\t option must no be success [ Physical Directory ]\n"
434	else
435		printf "\nSUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions\n"
436		printf "\t and ACL_MASK entry are set ---,\n"
437		printf "\t option success [ Physical Directory ]\n"
438	fi
439
440	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 2> /dev/null
441	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 ]
442	then
443		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions\n"
444		printf "\t and ACL_MASK entry are set ---,\n"
445		printf "\t option must no be success [ Symlink Directory ]\n"
446	else
447		printf "\nSUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions\n"
448		printf "\t and ACL_MASK entry are set ---,\n"
449		printf "\t option success [ Symlink Directory ]\n"
450	fi
451
452TACL_USER2
453
454usermod -g tacluser2 tacluser2
455
456###################################################################################
457#
458# IF the ACL_OTHER entry contains the requested permissions, access is granted
459#
460###################################################################################
461
462setfacl -m o::rwx tacl/mount-ext2/shared/team1
463
464su - tacluser4 << TACL_USER4
465
466	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 2> /dev/null
467	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 ]
468	then
469		printf "\nSUCCESS: ACL_OTHER entry contains the user permissions,\n"
470		printf "\t operation success [ Physical Directory ]\n"
471	else
472		printf "\nFAILED:  ACL_OTHER entry contains the user permissions,\n"
473		printf "\t but operation denied [ Physical Directory ]\n"
474	fi
475
476	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 2> /dev/null
477	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 ]
478	then
479		printf "\nSUCCESS: ACL_OTHER entry contains the user permissions,\n"
480		printf "\t operation success [ Symlink Directory ]\n"
481	else
482		printf "\nFAILED:  ACL_OTHER entry contains the user permissions,\n"
483		printf "\t but operation denied [ Symlink Directory ]\n"
484	fi
485
486TACL_USER4
487
488setfacl -m mask:--- tacl/mount-ext2/shared/team1
489
490su - tacluser4 << TACL_USER4
491
492	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 2> /dev/null
493	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 ]
494	then
495		printf "\nSUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]\n"
496	else
497		printf "\nFAILED:  ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]\n"
498	fi
499
500	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 2> /dev/null
501	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 ]
502	then
503		printf "\nSUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]\n"
504	else
505		printf "\nFAILED:  ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]\n"
506	fi
507
508TACL_USER4
509
510############################################################################
511#
512# OBJECT CREATION AND DEFAULT ACLs
513# The new object inherits the default ACL of the containing directory as its access ACL.
514#
515############################################################################
516
517rm -f tacl/mount-ext2/shared/team1/newfil*
518
519#
520# Test ACL_USER_OBJ default ACLs
521#
522setfacl -m d:u::r -m d:g::r -m d:o::r tacl/mount-ext2/shared/team1
523
524su - tacluser1 << TACL_USER1
525
526	MASK=`umask`
527	umask 0
528	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1
529	umask $MASK > /dev/null
530
531TACL_USER1
532
533CONTENT=""
534CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile1`
535RES=`echo $CONTENT | grep ".r--r--r--" | awk '{print $1}'`
536
537if [ $RES != "" ]
538then
539	printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n"
540else
541	printf "\nFAILED:  With default ACLs set, new file permission set not correct\n"
542fi
543
544
545
546#
547# Test ACL_USER and ACL_GROUP defaults ACLs
548#
549setfacl -m d:u:tacluser3:rw -m d:g:tacluser3:rw tacl/mount-ext2/shared/team1
550su - tacluser3 << TACL_USER3
551
552	MASK=`umask`
553	umask 0
554	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2
555	umask $MASK > /dev/null
556
557TACL_USER3
558
559CONTENT=""
560CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile2`
561RES=`echo $CONTENT | grep ".r--rw-r--" | awk '{print $1}'`
562
563if [ $RES != "" ]
564then
565	printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n"
566else
567	printf "\nFAILED:  With default ACLs set, new file permission set not correct\n"
568fi
569
570#
571# Test ACL_GROUP default ACLs
572#
573
574setfacl -m d:u::rwx -m d:g::rwx -m d:o::rwx tacl/mount-ext2/shared/team1
575su - tacluser3 << TACL_USER3
576
577	MASK=`umask`
578	umask 0
579	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3
580	umask $MASK > /dev/null
581
582TACL_USER3
583
584CONTENT=""
585CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile3`
586RES=`echo $CONTENT | grep ".rw-rw-rw-" | awk '{print \$1}'`
587
588if [ $RES != "" ]
589then
590	printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n"
591else
592	printf "\nFAILED:  With default ACLs set, new file permission set not correct\n"
593fi
594
595
596#################################################################################
597#
598# Chmod also change ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER permissions
599#
600#################################################################################
601su - tacluser3 << TACL_USER3
602	MASK=`umask`
603	umask 0
604
605	chmod 777 $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3
606	umask $MASK > /dev/null
607TACL_USER3
608
609CONTENT=""
610CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile3`
611
612USER_PERMISSION=`echo $CONTENT | awk '{print \$10}'`
613
614GROUP_PERMISSION=`echo $CONTENT | awk '{print \$12}'`
615OTHER_PERMISSION=`echo $CONTENT | awk '{print \$15}'`
616
617if [ $USER_PERMISSION = "user::rwx" ]
618then
619	if [ $GROUP_PERMISSION = "group::rwx" ]
620	then
621		if [ $OTHER_PERMISSION = "other::rwx" ]
622		then
623			printf "\nSUCCESS: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are correct\n"
624		else
625			printf "\nFAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n"
626		fi
627	else
628		printf "\nFAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n"
629	fi
630else
631	printf "\nFAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n"
632fi
633
634
635#####################################################################################
636#
637# Chown only change object owner and group
638#
639#####################################################################################
640
641chown tacluser2.tacluser2 tacl/mount-ext2/shared/team1/newfile2
642CONTENT=""
643CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile2`
644
645ITEM_OWNER=`echo $CONTENT | awk '{print \$6}'`
646ITEM_GROUP=`echo $CONTENT | awk '{print \$9}'`
647
648if [ $ITEM_OWNER = "tacluser2" ]
649then
650	if [ $ITEM_GROUP = "tacluser2" ]
651	then
652		printf "\nSUCCESS: Chown correct\n"
653	else
654		printf "\nFAILED:  Chown are not correct\n"
655	fi
656else
657	echo "FAILED:  Chown are not correct"
658fi
659
660#####################################################
661#
662# Test ACLs backup and restore
663#
664#####################################################
665
666getfacl -RL tacl/mount-ext2/ > tacl/tmp1
667setfacl -m u::--- -m g::--- -m o::--- tacl/mount-ext2/shared/team1
668setfacl --restore tacl/tmp1
669getfacl -RL tacl/mount-ext2/ > tacl/tmp2
670
671if [ `diff tacl/tmp1 tacl/tmp2` ]
672then
673	printf "\nFAILED:  ACLs backup and restore are not correct\n"
674else
675	printf "\nSUCCESS: ACLs backup and restore are correct\n"
676fi
677
678printf "\n\tEnd ACLs Test\n"
679
680#####################################################
681#
682# Now begin Extend Attribute test
683#
684#####################################################
685
686printf "\nNow begin Extend Attribute Test\n"
687
688# dir
689printf "\nAttach name:value pair to object dir\n\n"
690attr -s attrname1 -V attrvalue1 tacl/mount-ext2/shared/team2
691if [ $? != 0 ]
692then
693	echo "FAILED: Attach name:value pair to object dir"
694fi
695
696#file
697echo
698echo "Attach name:value pair to object file "
699echo ""
700attr -s attrname2 -V attrvalue2 tacl/mount-ext2/shared/team2/file1
701if [ $? != 0 ]
702then
703	echo "FAILED: Attach name:value pair to object file"
704fi
705
706#symlink file
707echo
708echo "Attach name:value pair to object symlink file"
709echo ""
710attr -s attrname3 -V attrvalue3 tacl/mount-ext2/shared/team2/symlinkfile1
711if [ $? != 0 ]
712then
713	echo "INFO: Can't attach name:value pair to object symlink file"
714fi
715
716echo ""
717ls -lRt tacl/mount-ext2/shared/team2
718
719echo
720echo "get extended attributes of filesystem objects"
721echo ""
722
723echo "Dump the values"
724getfattr -d tacl/mount-ext2/shared/team2
725if [ $? != 0 ]
726then
727	echo "FAILED: getfattr: Dump the values"
728fi
729
730echo "Recursively dump the values"
731getfattr -dR tacl/mount-ext2/*
732if [ $? != 0 ]
733then
734	echo "FAILED: getfattr: Recursively Dump the values"
735fi
736
737echo "Do not follow symlinks."
738echo "but extended user attributes are disallowed for symbolic links"
739getfattr -h --no-dereference tacl/mount-ext2/shared/team2/symlinkfile1
740if [ $? != 0 ]
741then
742        echo "FAILED: getfattr: Do not follow symlinks."
743fi
744echo
745
746echo "Logical walk, follow symbolic links"
747getfattr -L tacl/mount-ext2/shared/team2/*
748if [ $? != 0 ]
749then
750	echo "FAILED: getfattr: Logical walk"
751fi
752
753echo "Physical walk, skip all symbolic links"
754getfattr -P tacl/mount-ext2/shared/team2/*
755if [ $? != 0 ]
756then
757	echo "FAILED: getfattr: Physical walk"
758fi
759
760echo "attr -g to search the named object"
761attr -g attrname1 tacl/mount-ext2/shared/team2
762if [ $? != 0 ]
763then
764	echo "FAILED: attr: to search the named object"
765fi
766echo
767
768echo "attr -r to remove the named object"
769attr -r attrname2 tacl/mount-ext2/shared/team2/file1
770if [ $? != 0 ]
771then
772	echo "FAILED: attr: to remove the named object"
773fi
774
775
776#################################
777#
778# Backup and Restore
779#
780#################################
781getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea
782setfattr -h --restore=tacl/backup.ea
783
784getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea1
785if [ `diff  tacl/backup.ea1  tacl/backup.ea` ]
786then
787        printf "\nFAILED:  EAs backup and restore are not correct\n"
788else
789        printf "\nSUCCESS: EAs backup and restore are correct\n"
790fi
791
792printf "\n\tEnd EAs Test\n"
793
794
795
796#####################################################
797#
798# Clean up
799#
800#####################################################
801
802userdel tacluser1
803userdel tacluser2
804userdel tacluser3
805userdel tacluser4
806umount -d tacl/mount-ext2
807rm -rf tacl
808