path: root/tools/regression/acltools/tools-posix.test

# This is a tools-level test for POSIX.1e ACL functionality.  Run it as root
# using ACL-enabled kernel:
#
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
#
# WARNING: Creates files in unsafe way.
#
# $FreeBSD$

$ whoami
> root
$ umask 022

# Smoke test for getfacl(1).
$ touch xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ getfacl -q xxx
> user::rw-
> group::r--
> other::r--

$ setfacl -m u:42:r,g:43:w xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

# Check whether ls correctly marks files with "+".
$ ls -l xxx | cut -d' ' -f1
> -rw-rw-r--+

# Test removing entries.
$ setfacl -x user:42: xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

$ setfacl -m g:43:r xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:r--
> mask::r--
> other::r--

# Make sure cp without any flags does not copy the ACL.
$ cp xxx yyy
$ ls -l yyy | cut -d' ' -f1
> -rw-r--r--

# Make sure it does with the "-p" flag.
$ rm yyy
$ cp -p xxx yyy
$ getfacl yyy
> # file: yyy
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:r--
> mask::r--
> other::r--

$ rm yyy

# Test removing entries by...  by example?
$ setfacl -m u:42:r,g:43:w xxx
$ setfacl -x u:42: xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

# Test setfacl -b.
$ setfacl -b xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> mask::r--
> other::r--

$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--+

$ setfacl -nb xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--

# Check setfacl(1) and getfacl(1) with multiple files.
$ touch xxx yyy zzz

$ ls -l xxx yyy zzz | cut -d' ' -f1
> -rw-r--r--
> -rw-r--r--
> -rw-r--r--

$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-rwxr--+
> -rw-rwxr--+
> -rw-rwxr--+

$ getfacl -q nnn xxx yyy zzz
> getfacl: nnn: No such file or directory
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--
> 
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--
> 
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--

$ setfacl -b nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-r--r--+
> -rw-r--r--+
> -rw-r--r--+

$ rm xxx yyy zzz

# Check whether chmod actually does what it should do.
$ touch xxx
$ setfacl -m u:42:rwx,g:43:rwx xxx
$ chmod 600 xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> user:42:rwx		# effective: ---
> group::r--		# effective: ---
> group:43:rwx		# effective: ---
> mask::---
> other::---

$ chmod 060 xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::---
> user:42:rwx		# effective: rw-
> group::r--
> group:43:rwx		# effective: rw-
> mask::rw-
> other::---

# Test default ACLs.
$ umask 022
$ mkdir ddd
$ getfacl -q ddd
> user::rwx
> group::r-x
> other::r-x

$ getfacl -dq ddd
$ setfacl -d -m u::rwx,g::rx,o::rx,mask::rwx ddd
$ getfacl -dq ddd
> user::rwx
> group::r-x
> mask::rwx
> other::r-x

$ setfacl -dm g:42:rwx,u:42:r ddd
$ setfacl -dm g::w ddd
$ getfacl -dq ddd
> user::rwx
> user:42:r--
> group::-w-
> group:42:rwx
> mask::rwx
> other::r-x

$ setfacl -dx group:42: ddd
$ getfacl -dq ddd
> user::rwx
> user:42:r--
> group::-w-
> mask::rw-
> other::r-x

> # XXX: Test inheritance.

$ rmdir ddd
$ rm xxx