| #! /bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # Copyright (c) 2016 Red Hat, Inc. All Rights Reserved. |
| # |
| # FS QA Test 369 |
| # |
| # RichACL delete test |
| # |
| . ./common/preamble |
| _begin_fstest auto quick richacl |
| |
| # Import common functions. |
| |
| # real QA test starts here |
| |
| _supported_fs generic |
| |
| _require_scratch |
| _require_scratch_richacl |
| _require_richacl_prog |
| _require_runas |
| |
| _scratch_mkfs_richacl >> $seqres.full |
| _scratch_mount |
| |
| cd $SCRATCH_MNT |
| |
| r() |
| { |
| echo "--- runas -u 99 -g 99 $*" |
| _runas -u 99 -g 99 -- "$@" |
| } |
| |
| umask 022 |
| |
| chmod go+w . |
| mkdir d1 d2 d3 d4 d5 d6 d7 |
| touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h |
| chmod o+w d1/g |
| chown 99 d2 |
| chgrp 99 d3 |
| chmod g+w d3 |
| $SETRICHACL_PROG --set 'u:99:wx::allow' d4 |
| $SETRICHACL_PROG --set 'u:99:d::allow' d5 |
| $SETRICHACL_PROG --set 'u:99:xd::allow' d6 |
| $SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h |
| chmod 664 d7/g |
| |
| mkdir s2 s3 s4 s5 s6 s7 |
| chmod +t s2 s3 s4 s5 s6 s7 |
| touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h |
| chown 99 s2 |
| chgrp 99 s3 |
| chmod g+w s3 |
| $SETRICHACL_PROG --set 'u:99:wx::allow' s4 |
| $SETRICHACL_PROG --set 'u:99:d::allow' s5 |
| $SETRICHACL_PROG --set 'u:99:xd::allow' s6 |
| $SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h |
| chmod 664 s7/g |
| |
| # Cannot delete files with no or only with write permissions on the directory |
| r rm -f d1/f d1/g |
| |
| # Can delete files in directories we own |
| r rm -f d2/f s2/f |
| |
| # Can delete files in non-sticky directories we have write access to |
| r rm -f d3/f s3/f |
| |
| # "Write_data/execute" access does not include delete_child access, so deleting |
| # is not allowed: |
| r rm -f d4/f s4/f |
| |
| # "Delete_child" access alone also is not sufficient |
| r rm -f d5/f s5/f |
| |
| # "Execute/delete_child" access is sufficient for non-sticky directories |
| r rm -f d6/f s6/f |
| |
| # "Delete" access on the child is sufficient, even in sticky directories. |
| r rm -f d7/f s7/f |
| |
| # Regression: Delete access must not override add_file / add_subdirectory |
| # access. |
| r touch h |
| r mv -f h d7/ |
| r mv -f h s7/ |
| |
| # A chmod turns off the "delete" permission |
| r rm -f d7/g s7/g |
| |
| # success, all done |
| status=0 |
| exit |