# This is a tools-level test for POSIX.1e ACL functionality.  Run it as root
# using ACL-enabled kernel:
#
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
#
# WARNING: Creates files in unsafe way.
#
# $FreeBSD$

$ whoami
> root
$ umask 022

# Smoke test for getfacl(1).
$ touch xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ getfacl -q xxx
> user::rw-
> group::r--
> other::r--

$ setfacl -m u:42:r,g:43:w xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

# Check whether ls correctly marks files with "+".
$ ls -l xxx | cut -d' ' -f1
> -rw-rw-r--+

# Same as above, but for symlinks.
$ ln -s xxx lll
$ getfacl -h lll
> # file: lll
> # owner: root
> # group: wheel
> user::rwx
> group::r-x
> other::r-x

$ getfacl -qh lll
> user::rwx
> group::r-x
> other::r-x

$ getfacl -q lll
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

$ setfacl -hm u:44:x,g:45:w lll
$ getfacl -h lll
> # file: lll
> # owner: root
> # group: wheel
> user::rwx
> user:44:--x
> group::r-x
> group:45:-w-
> mask::rwx
> other::r-x

# XXX: Why doesn't ls(1) print '+' for symbolic links with ACL set?
$ ls -l lll | cut -d' ' -f1
> lrwxrwxr-x

# Check whether the original file is left untouched.
$ ls -l xxx | cut -d' ' -f1
> -rw-rw-r--+

$ rm lll

# Test removing entries.
$ setfacl -x user:42: xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

$ setfacl -m g:43:r xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:r--
> mask::r--
> other::r--

# Make sure cp without any flags does not copy the ACL.
$ cp xxx yyy
$ ls -l yyy | cut -d' ' -f1
> -rw-r--r--

# Make sure it does with the "-p" flag.
$ rm yyy
$ cp -p xxx yyy
$ getfacl yyy
> # file: yyy
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:r--
> mask::r--
> other::r--

$ rm yyy

# Test removing entries by...  by example?
$ setfacl -m u:42:r,g:43:w xxx
$ setfacl -x u:42: xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

# Test setfacl -b.
$ setfacl -b xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> mask::r--
> other::r--

$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--+

$ setfacl -nb xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--

# Check setfacl(1) and getfacl(1) with multiple files.
$ touch xxx yyy zzz

$ ls -l xxx yyy zzz | cut -d' ' -f1
> -rw-r--r--
> -rw-r--r--
> -rw-r--r--

$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-rwxr--+
> -rw-rwxr--+
> -rw-rwxr--+

$ getfacl -q nnn xxx yyy zzz
> getfacl: nnn: No such file or directory
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--
> 
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--
> 
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--

$ setfacl -b nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-r--r--+
> -rw-r--r--+
> -rw-r--r--+

$ setfacl -bn nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-r--r--
> -rw-r--r--
> -rw-r--r--

$ rm xxx yyy zzz

# Check whether chmod actually does what it should do.
$ touch xxx
$ setfacl -m u:42:rwx,g:43:rwx xxx
$ chmod 600 xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> user:42:rwx		# effective: ---
> group::r--		# effective: ---
> group:43:rwx		# effective: ---
> mask::---
> other::---

$ chmod 060 xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::---
> user:42:rwx		# effective: rw-
> group::r--
> group:43:rwx		# effective: rw-
> mask::rw-
> other::---

# Test default ACLs.
$ umask 022
$ mkdir ddd
$ getfacl -q ddd
> user::rwx
> group::r-x
> other::r-x

$ ls -l | grep ddd | cut -d' ' -f1
> drwxr-xr-x

$ getfacl -dq ddd
$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
$ getfacl -dq ddd
> user::rwx
> group::r-x
> mask::rwx
> other::r-x

# No change - ls(1) output doesn't take into account default ACLs.
$ ls -l | grep ddd | cut -d' ' -f1
> drwxr-xr-x

$ setfacl -dm g:42:rwx,u:42:r ddd
$ setfacl -dm g::w ddd
$ getfacl -dq ddd
> user::rwx
> user:42:r--
> group::-w-
> group:42:rwx
> mask::rwx
> other::r-x

$ setfacl -dx group:42: ddd
$ getfacl -dq ddd
> user::rwx
> user:42:r--
> group::-w-
> mask::rw-
> other::r-x

$ ls -l | grep ddd | cut -d' ' -f1
> drwxr-xr-x

$ rmdir ddd
$ rm xxx

# Test inheritance.
$ mkdir ddd

$ touch ddd/xxx
$ getfacl -q ddd/xxx
> user::rw-
> group::r--
> other::r--

$ mkdir ddd/ddd
$ getfacl -q ddd/ddd
> user::rwx
> group::r-x
> other::r-x

$ rmdir ddd/ddd
$ rm ddd/xxx

$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
$ setfacl -dm g:42:rwx,u:43:r ddd
$ getfacl -dq ddd
> user::rwx
> user:43:r--
> group::r-x
> group:42:rwx
> mask::rwx
> other::r-x

$ touch ddd/xxx
$ getfacl -q ddd/xxx
> user::rw-
> user:43:r--
> group::r-x		# effective: r--
> group:42:rwx		# effective: r--
> mask::r--
> other::r--

$ mkdir ddd/ddd
$ getfacl -q ddd/ddd
> user::rwx
> user:43:r--
> group::r-x
> group:42:rwx		# effective: r-x
> mask::r-x
> other::r-x

$ rmdir ddd/ddd
$ rm ddd/xxx
$ rmdir ddd

# Test if we deal properly with fifos.
$ mkfifo fff
$ ls -l fff | cut -d' ' -f1
> prw-r--r--

$ setfacl -m u:42:r,g:43:w fff
$ getfacl fff
> # file: fff
> # owner: root
> # group: wheel
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

$ ls -l fff | cut -d' ' -f1
> prw-rw-r--+

$ setfacl -bn fff
$ getfacl fff
> # file: fff
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ ls -l fff | cut -d' ' -f1
> prw-r--r--

$ rm fff