#!/bin/sh -u # # Copyright (C) 2008 CAI Qian # Copyright (c) International Business Machines Corp., 2003 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See # the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # FILE: /etc/at.deny # # PURPOSE: Test that /etc/at.deny , does not allow those in the file # to run cron jobs. # # HISTORY: # 04/03 Jerone Young (jyoung5@us.ibm.com) # export TCID=at_deny01 export TST_TOTAL=1 export TST_COUNT=1 TMP=${TMP:=/tmp} deny="/etc/at.deny" test_user1="test_user_1" test_user2="test_user_2" test_user1_home="/home/${test_user1}" test_user2_home="/home/${test_user2}" tmpfile="$TMP/at_deny_test" if [ "$(id -ru)" = 0 ]; then . cmdlib.sh fi #----------------------------------------------------------------------- # FUNCTION: do_setup #----------------------------------------------------------------------- do_setup() { # Move any files that may get in the way. rm "${tmpfile}" >/dev/null 2>&1 mv "${deny}" "${deny}.old" >/dev/null 2>&1 # if /etc/at.allow is there, /etc/at.deny will be ignored. So, we # need to remove it first. if [ -f "/etc/at.allow" ]; then mv /etc/at.allow /etc/at.allow.old fi # Remove users for clean enviroment. rm -rf "${test_user1_home}" "${test_user2_home}" userdel -r "${test_user1}" >/dev/null 2>&1 userdel -r "${test_user2}" >/dev/null 2>&1 # Create the 1st user. if ! useradd -g users -d "${test_user1_home}" -m "${test_user1}"; then echo "Could not add test user ${test_user1} to system." exit 1 fi # Create the 2nd user. if ! useradd -g users -d "${test_user2_home}" -m "${test_user2}"; then echo "Could not add test user ${test_user2} to system." exit 1 fi # This is the workaround for a potential bug. # [Bug 468337] At Refuse to Work with Non-login Shell # https://bugzilla.redhat.com/show_bug.cgi?id=468337 # As we are running in non-login shell now, we cannot run the script # by simply given it a relative path. Therefore, we copy it to test # users' home directories, and run it from there. cp "$0" "${test_user1_home}/." && cp "$0" "${test_user2_home}/." && echo "export LTPROOT='$LTPROOT'" > "${test_user1_home}/cached_ltproot" && echo "export LTPROOT='$LTPROOT'" > "${test_user2_home}/cached_ltproot" if [ $? -ne 0 ]; then tst_resm TBROK "Couldn't copy over req'd files for test users" exit 1 fi restart_daemon atd } #----------------------------------------------------------------------- # FUNCTION: do_cleanup #----------------------------------------------------------------------- do_cleanup() { # We forcefully remove those files anyway. Otherwise userdel may # give us bad warnings. rm -rf "${test_user1_home}" "${test_user2_home}" userdel -r "${test_user1}" >/dev/null 2>&1 userdel -r "${test_user2}" >/dev/null 2>&1 rm "${deny}" mv "${deny}.old" "${deny}" >/dev/null 2>&1 rm "${tmpfile}" >/dev/null 2>&1 if [ -f /etc/at.allow.old ]; then mv /etc/at.allow.old /etc/at.allow fi } #----------------------------------------------------------------------- # FUNCTION: run_test #----------------------------------------------------------------------- run_test() { if [ $(whoami) = "${test_user1}" ]; then . "${test_user1_home}/cached_ltproot" || exit 1 export PATH="$PATH:$LTPROOT/testcases/bin" echo "TEST: ${deny} should deny only those who are not in the file to run jobs." echo "(1) TEST THAT PERSON NOT IN ${deny} IS ABLE TO RUN JOB." echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | if ! at -m now + 1 minutes; then echo "Error while adding job using at for user ${test_user1}." exit 1 fi echo " Sleeping for 75 seconds...." sleep 75 exit_code=1 test -e "${tmpfile}" && exit_code=0 if [ ${exit_code} -eq 1 ]; then tst_resm TFAIL "At denyed user to execute test job" else tst_resm TPASS "At did not deny user to execute job" fi rm -f "${tmpfile}" >/dev/null 2>&1 exit ${exit_code} elif [ $(whoami) = "${test_user2}" ]; then . "${test_user2_home}/cached_ltproot" || exit 1 export PATH="$PATH:$LTPROOT/testcases/bin" echo "(2) TEST THAT PERSON IN ${deny} IS NOT ABLE TO RUN JOB." echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | if ! at -m now + 1 minutes; then echo "Expected error while adding job user at for user ${test_user2}" fi echo "Sleeping for 75 seconds...." sleep 75 exit_code=1 test -e "${tmpfile}" || exit_code=0 if [ ${exit_code} -eq 1 ]; then echo "At did not deny user to execute job, TEST FAILED." else echo "At denyed user to execute test job, TEST PASSED." fi rm -f "${tmpfile}" >/dev/null 2>&1 exit ${exit_code} fi } #----------------------------------------------------------------------- # FUNCTION: main #----------------------------------------------------------------------- if ! type at > /dev/null; then tst_resm TCONF "at command not found on system" elif [ "$(id -ru)" = 0 ]; then if do_setup ; then if ! echo "${test_user2}" >"${deny}"; then exit_code=1 elif ! su "${test_user1}" -lc "${test_user1_home}/${0##*/}"; then exit_code=1 elif ! su "${test_user2}" -lc "${test_user2_home}/${0##*/}"; then exit_code=1 else exit_code=0 fi do_cleanup else exit_code=1 fi exit ${exit_code} else run_test exit 0 fi