# Copyright (c) 2008, 2009 Edward Tomasz NapieraƂa # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a tools-level test intended to verify that cp(1) and mv(1) # do the right thing with respect to ACLs. Run it as root using # ACL-enabled kernel: # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test # # You need to have three subdirectories, named nfs4, posix and none, # with filesystems with NFSv4 ACLs, POSIX.1e ACLs and no ACLs enabled, # respectively, mounted on them, in your current directory. # # WARNING: Creates files in unsafe way. $ whoami > root $ umask 022 $ touch nfs4/xxx $ getfacl -nq nfs4/xxx > owner@:--x-----------:------:deny > owner@:rw-p---A-W-Co-:------:allow > group@:-wxp----------:------:deny > group@:r-------------:------:allow > everyone@:-wxp---A-W-Co-:------:deny > everyone@:r-----a-R-c--s:------:allow $ touch posix/xxx $ getfacl -nq posix/xxx > user::rw- > group::r-- > other::r-- $ rm posix/xxx # mv without any ACLs. $ chmod 456 nfs4/xxx $ mv nfs4/xxx posix/ $ ls -l posix/xxx | cut -d' ' -f1 > -r--r-xrw- # mv with POSIX.1e ACLs. $ setfacl -m u:42:x,g:43:w posix/xxx $ rm -f posix/yyy $ mv posix/xxx posix/yyy $ getfacl -nq posix/yyy > user::r-- > user:42:--x > group::r-x > group:43:-w- > mask::rwx > other::rw- # mv from POSIX.1e to NFSv4. $ rm -f nfs4/xxx $ mv posix/yyy nfs4/xxx > mv: failed to set acl entries for nfs4/xxx: Invalid argument $ getfacl -nq nfs4/xxx > owner@:-wxp----------:------:deny > owner@:r------A-W-Co-:------:allow > group@:--------------:------:deny > group@:rwxp----------:------:allow > everyone@:--x----A-W-Co-:------:deny > everyone@:rw-p--a-R-c--s:------:allow # mv with NFSv4 ACLs. $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ rm -f nfs4/yyy $ mv nfs4/xxx nfs4/yyy $ getfacl -nq nfs4/yyy > user:42:--x-----------:------:allow > group:43:-w------------:------:allow > owner@:-wxp----------:------:deny > owner@:r------A-W-Co-:------:allow > group@:--------------:------:deny > group@:rwxp----------:------:allow > everyone@:--x----A-W-Co-:------:deny > everyone@:rw-p--a-R-c--s:------:allow # mv from NFSv4 to POSIX.1e. $ rm -f posix/xxx $ mv nfs4/yyy posix/xxx > mv: failed to set acl entries for posix/xxx: Invalid argument $ ls -l posix/xxx | cut -d' ' -f1 > -r--rwxrw- # mv from POSIX.1e to none. $ setfacl -m u:42:x,g:43:w posix/xxx $ mv posix/xxx none/xxx > mv: failed to set acl entries for none/xxx: Operation not supported $ ls -l none/xxx | cut -d' ' -f1 > -r--rwxrw- # cp with POSIX.1e ACLs. $ rm -f posix/xxx $ touch posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ getfacl -nq posix/xxx > user::rw- > user:42:--x > group::r-- > group:43:-w- > mask::rwx > other::r-- $ rm -f posix/yyy $ cp posix/xxx posix/yyy $ getfacl -nq posix/yyy > user::rw- > group::r-x > other::r-- $ rm -f posix/yyy $ cp -p posix/xxx posix/yyy $ getfacl -nq posix/yyy > user::rw- > user:42:--x > group::r-- > group:43:-w- > mask::rwx > other::r-- # mv from POSIX.1e to NFSv4. $ rm -f nfs4/xxx $ cp -p posix/xxx nfs4/xxx > cp: failed to set acl entries for nfs4/xxx: Invalid argument $ ls -l nfs4/xxx | cut -d' ' -f1 > -rw-rwxr-- # cp with NFSv4 ACLs. $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ rm -f nfs4/yyy $ cp -p nfs4/xxx nfs4/yyy $ getfacl -nq nfs4/yyy > user:42:--x-----------:------:allow > group:43:-w------------:------:allow > owner@:--x-----------:------:deny > owner@:rw-p---A-W-Co-:------:allow > group@:--------------:------:deny > group@:rwxp----------:------:allow > everyone@:-wxp---A-W-Co-:------:deny > everyone@:r-----a-R-c--s:------:allow # cp from NFSv4 to POSIX.1e. $ rm -f posix/xxx $ cp -p nfs4/xxx posix/xxx > cp: failed to set acl entries for posix/xxx: Invalid argument $ ls -l posix/xxx | cut -d' ' -f1 > -rw-rwxr-- $ cp -p nfs4/yyy none/xxx > cp: failed to set acl entries for none/xxx: Operation not supported