SHA256
1
0
forked from pool/acl
OBS User unknown 2009-08-01 09:21:55 +00:00 committed by Git OBS Bridge
parent fb817d5c77
commit 6ac3fa08b3
15 changed files with 22 additions and 2185 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e7113f1a6447476b8f20ede65eaa4179b287be47829b9b820357754c570db880
size 129813

3
acl-2.2.48.src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f29cc6c3453703b9f3be2b5fdc60c4af6dc52f1696eaf7b657dd71948bbce27d
size 361965

View File

@ -1,47 +0,0 @@
From 1c666c65d5a33b17d57e7022fddf7b74d2ca1809 Mon Sep 17 00:00:00 2001
From: Eric Sandeen <sandeen@sandeen.net>
Date: Mon, 9 Feb 2009 00:59:00 +0100
Subject: [PATCH] acl: Return error status on setfacl failures
Resolves Red Hat bug:
rh#368451 - setfacl returns 0 even though it fails
From: Jiri Moskovcak <jmoskovc@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
---
setfacl/setfacl.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/setfacl/setfacl.c b/setfacl/setfacl.c
index 96f6fc4..240a9b5 100644
--- a/setfacl/setfacl.c
+++ b/setfacl/setfacl.c
@@ -137,7 +137,7 @@ restore(
if (error < 0)
goto fail;
if (error == 0)
- return 0;
+ return status;
if (path_p == NULL) {
if (filename) {
@@ -151,6 +151,7 @@ restore(
"aborting\n"),
progname, backup_line);
}
+ status = 1;
goto getout;
}
@@ -169,6 +170,7 @@ restore(
fprintf(stderr, _("%s: %s: %s in line %d\n"),
progname, xquote(filename), strerror(errno),
line);
+ status = 1;
goto getout;
}
--
1.6.0.2

View File

@ -1,210 +0,0 @@
From: Brandon Philips <bphilips@suse.de>
Subject: [PATH] acl: add getfacl -R -L -P tests
Test fixes to walk_tree.c by Andreas.
Signed-off-by: Brandon Philips <bphilips@suse.de>
---
test/getfacl-recursive.test | 194 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 194 insertions(+)
Index: acl-2.2.47/test/getfacl-recursive.test
===================================================================
--- /dev/null
+++ acl-2.2.47/test/getfacl-recursive.test
@@ -0,0 +1,194 @@
+Tests for proper path recursion
+
+ $ mkdir -p 1/2/3
+ $ mkdir 1/link
+ $ touch 1/link/file
+ $ ln -s `pwd`/1/link 1/2/link
+ $ getfacl -P -R 1/2
+ > # file: 1/2
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/3
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+
+ $ getfacl -R 1/2
+ > # file: 1/2
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/3
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+
+ $ getfacl -R -L 1/2
+ > # file: 1/2
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/3
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/link
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/link/file
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rw-
+ > group::r--
+ > other::r--
+ >
+
+ $ getfacl -P -R 1
+ > # file: 1
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/3
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/link
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/link/file
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rw-
+ > group::r--
+ > other::r--
+ >
+
+ $ getfacl -R 1
+ > # file: 1
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/3
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/link
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/link/file
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rw-
+ > group::r--
+ > other::r--
+ >
+
+ $ getfacl -R -L 1
+ > # file: 1
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/3
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/link
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/2/link/file
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rw-
+ > group::r--
+ > other::r--
+ >
+ > # file: 1/link
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rwx
+ > group::r-x
+ > other::r-x
+ >
+ > # file: 1/link/file
+ > # owner: %TUSER
+ > # group: %TGROUP
+ > user::rw-
+ > group::r--
+ > other::r--
+ >
+
+ $ rm -R 1/

View File

@ -1,70 +0,0 @@
From: Brandon Philips <bphilips@suse.de>
Subject: [PATCH] acl: add make tests target and use make to run tests
The tests are difficult to run. So, this patch adds a Make target that
sets up the path and runs *.test files in the test/ directory.
nfs specific tests can be ran from the test directory by running
`make nfs-tests`
tests requiring root can be ran from the test directory by running
`make root-tests`
Signed-off-by: Brandon Philips <bphilips@suse.de>
---
Makefile | 4 ++++
test/Makefile | 27 ++++++++++++++++++++++++---
2 files changed, 28 insertions(+), 3 deletions(-)
Index: acl-2.2.47/test/Makefile
===================================================================
--- acl-2.2.47.orig/test/Makefile
+++ acl-2.2.47/test/Makefile
@@ -5,10 +5,31 @@
TOPDIR = ..
include $(TOPDIR)/include/builddefs
-LSRCFILES = run make-tree \
- cp.test getfacl-noacl.test misc.test nfs-dir.test \
- nfsacl.test permissions.test setfacl.test
+TESTS = $(wildcard *.test)
+ROOT = $(wildcard root/*.test)
+NFS = $(wildcard nfs/*.test)
+LSRCFILES = run make-tree $(TESTS) $(ROOT) $(NFS)
include $(BUILDRULES)
default install install-dev install-lib:
+
+PATH := $(abspath ../getfacl/):$(abspath ../setfacl/):$(abspath ../chacl/):$(PATH)
+
+tests: $(TESTS)
+root-tests: $(ROOT)
+nfs-tests: $(NFS)
+
+$(TESTS):
+ @echo "*** $@ ***"; perl run $@
+
+$(NFS):
+ @echo "NFS specific tests"; @echo "*** $@ ***"; perl run $@
+
+$(ROOT):
+ @echo "Note: Tests must run as root"; @echo "*** $@ ***"; perl run $@
+
+.PHONY: $(TESTS) $(NFS) $(ROOT)
+.NOTPARALLEL:
+
+
Index: acl-2.2.47/Makefile
===================================================================
--- acl-2.2.47.orig/Makefile
+++ acl-2.2.47/Makefile
@@ -65,3 +65,7 @@ install-lib: default
realclean distclean: clean
rm -f $(LDIRT) $(CONFIGURE)
rm -rf autom4te.cache Logs
+
+.PHONY: tests
+tests: default
+ $(MAKE) -C test/ tests

View File

@ -1,182 +0,0 @@
From: Eric Sandeen <sandeen@sandeen.net>
Date: Mon, 9 Feb 2009 00:50:51 +0100
Subject: [PATCH] acl: add short option support to the acl commands
Resolves Red Hat bugs:
rh#204087 - getfacl/setfacl should support -n
rh#457244 - setfacl does not recognize -v and -h
Folds in [PATCH] Manpage documents -r instead of -t now
From: Jiri Moskovcak <jmoskovc@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
---
getfacl/getfacl.c | 22 +++++++++++-----------
man/man1/getfacl.1 | 25 ++++++++++++++-----------
man/man1/setfacl.1 | 4 ++--
setfacl/setfacl.c | 8 ++++----
4 files changed, 31 insertions(+), 28 deletions(-)
Index: acl-2.2.47/getfacl/getfacl.c
===================================================================
--- acl-2.2.47.orig/getfacl/getfacl.c
+++ acl-2.2.47/getfacl/getfacl.c
@@ -43,7 +43,7 @@
#define POSIXLY_CORRECT_STR "POSIXLY_CORRECT"
#if !POSIXLY_CORRECT
-# define CMD_LINE_OPTIONS "dRLP"
+# define CMD_LINE_OPTIONS "aceEsRLPtpndvh"
#endif
#define POSIXLY_CMD_LINE_OPTIONS "d"
@@ -555,23 +555,23 @@ void help(void)
#if !POSIXLY_CORRECT
} else {
printf(_(
-" --access display the file access control list only\n"
+" -a, --access display the file access control list only\n"
" -d, --default display the default access control list only\n"
-" --omit-header do not display the comment header\n"
-" --all-effective print all effective rights\n"
-" --no-effective print no effective rights\n"
-" --skip-base skip files that only have the base entries\n"
+" -c, --omit-header do not display the comment header\n"
+" -e, --all-effective print all effective rights\n"
+" -E, --no-effective print no effective rights\n"
+" -s, --skip-base skip files that only have the base entries\n"
" -R, --recursive recurse into subdirectories\n"
" -L, --logical logical walk, follow symbolic links\n"
" -P, --physical physical walk, do not follow symbolic links\n"
-" --tabular use tabular output format\n"
-" --numeric print numeric user/group identifiers\n"
-" --absolute-names don't strip leading '/' in pathnames\n"));
+" -t, --tabular use tabular output format\n"
+" -n, --numeric print numeric user/group identifiers\n"
+" -p, --absolute-names don't strip leading '/' in pathnames\n"));
}
#endif
printf(_(
-" --version print version and exit\n"
-" --help this help text\n"));
+" -v, --version print version and exit\n"
+" -h, --help this help text\n"));
}
int main(int argc, char *argv[])
Index: acl-2.2.47/man/man1/getfacl.1
===================================================================
--- acl-2.2.47.orig/man/man1/getfacl.1
+++ acl-2.2.47/man/man1/getfacl.1
@@ -12,10 +12,10 @@ getfacl \- get file access control lists
.SH SYNOPSIS
.B getfacl
-[\-dRLPvh] file ...
+[\-aceEsRLPtpndvh] file ...
.B getfacl
-[\-dRLPvh] \-
+[\-aceEsRLPtpndvh] \-
.SH DESCRIPTION
For each file, getfacl displays the file name, owner, the group,
@@ -78,22 +78,22 @@ accessing the file mode.
.SS OPTIONS
.TP 4
-.I \-\-access
+.I \-a, \-\-access
Display the file access control list.
.TP
.I \-d, \-\-default
Display the default access control list.
.TP
-.I \-\-omit-header
+.I \-c, \-\-omit-header
Do not display the comment header (the first three lines of each file's output).
.TP
-.I \-\-all-effective
+.I \-e, \-\-all-effective
Print all effective rights comments, even if identical to the rights defined by the ACL entry.
.TP
-.I \-\-no-effective
+.I \-E, \-\-no-effective
Do not print effective rights comments.
.TP
-.I \-\-skip-base
+.I \-s, \-\-skip-base
Skip files that only have the base ACL entries (owner, group, others).
.TP
.I \-R, \-\-recursive
@@ -109,17 +109,20 @@ Physical walk, do not follow symbolic li
link arguments.
Only effective in combination with \-R.
.TP
-.I \-\-tabular
+.I \-t, \-\-tabular
Use an alternative tabular output format. The ACL and the default ACL are displayed side by side. Permissions that are ineffective due to the ACL mask entry are displayed capitalized. The entry tag names for the ACL_USER_OBJ and ACL_GROUP_OBJ entries are also displayed in capital letters, which helps in spotting those entries.
.TP
-.I \-\-absolute-names
+.I \-p, \-\-absolute-names
Do not strip leading slash characters (`/'). The default behavior is to
strip leading slash characters.
.TP
-.I \-\-version
+.I \-n, \-\-numeric
+List numeric user and group IDs
+.TP
+.I \-v, \-\-version
Print the version of getfacl and exit.
.TP
-.I \-\-help
+.I \-h, \-\-help
Print help explaining the command line options.
.TP
.I \-\-
Index: acl-2.2.47/man/man1/setfacl.1
===================================================================
--- acl-2.2.47.orig/man/man1/setfacl.1
+++ acl-2.2.47/man/man1/setfacl.1
@@ -115,10 +115,10 @@ This also skips symbolic link arguments.
Only effective in combination with \-R.
This option cannot be mixed with `\-\-restore'.
.TP 4
-.I \-\-version
+.I \-v, \-\-version
Print the version of setfacl and exit.
.TP 4
-.I \-\-help
+.I \-h, \-\-help
Print help explaining the command line options.
.TP 4
.I \-\-
Index: acl-2.2.47/setfacl/setfacl.c
===================================================================
--- acl-2.2.47.orig/setfacl/setfacl.c
+++ acl-2.2.47/setfacl/setfacl.c
@@ -42,10 +42,10 @@ extern int do_set(const char *path_p, co
/* '-' stands for `process non-option arguments in loop' */
#if !POSIXLY_CORRECT
-# define CMD_LINE_OPTIONS "-:bkndm:M:x:X:RLP"
+# define CMD_LINE_OPTIONS "-:bkndvhm:M:x:X:RLP"
# define CMD_LINE_SPEC "[-bkndRLP] { -m|-M|-x|-X ... } file ..."
#endif
-#define POSIXLY_CMD_LINE_OPTIONS "-:bkndm:M:x:X:"
+#define POSIXLY_CMD_LINE_OPTIONS "-:bkndvhm:M:x:X:"
#define POSIXLY_CMD_LINE_SPEC "[-bknd] {-m|-M|-x|-X ... } file ..."
struct option long_options[] = {
@@ -265,8 +265,8 @@ void help(void)
}
#endif
printf(_(
-" --version print version and exit\n"
-" --help this help text\n"));
+" -v, --version print version and exit\n"
+" -h, --help this help text\n"));
}

View File

@ -1,63 +0,0 @@
From: Eric Sandeen <sandeen@sandeen.net>
Date: Mon, 9 Feb 2009 01:02:38 +0100
Subject: [PATCH] acl: fix setfacl for long utf8 filenames
Resolved Red Hat bugs:
rh#183181 - Bad: utf8 long filenames - invalid argument
rh#287701 - PATH_MAX patch seems incomplete
From: Andrey <afletdinov@dc.baikal.ru>
From: Thomas Woerner <twoerner@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Acked-by: Brandon Philips <bphilips@suse.de>
---
setfacl/parse.c | 8 +++++++-
test/utf8-filenames.test | 14 ++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
Index: acl-2.2.47/setfacl/parse.c
===================================================================
--- acl-2.2.47.orig/setfacl/parse.c
+++ acl-2.2.47/setfacl/parse.c
@@ -24,6 +24,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
+#include <limits.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -412,7 +413,12 @@ read_acl_comments(
gid_t *gid_p)
{
int c;
- char linebuf[1024];
+ /*
+ Max PATH_MAX bytes even for UTF-8 path names and additional 9
+ bytes for "# file: ". Not a good solution but for now it is the
+ best I can do without too much impact on the code. [tw]
+ */
+ char linebuf[(4*PATH_MAX)+9];
char *cp;
char *p;
int comments_read = 0;
Index: acl-2.2.47/test/utf8-filenames.test
===================================================================
--- /dev/null
+++ acl-2.2.47/test/utf8-filenames.test
@@ -0,0 +1,14 @@
++Test the setfacl --restore with utf8 paths.
++Regression test: https://bugzilla.redhat.com/show_bug.cgi?id=183181
+
+The utf string UPATH is 250 bytes long and is repeated 4 times to create the
+path that setfacl will use. This size should work on systems with a small 255
+NAME_MAX.
+
+ $ export UPATH="官官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話官話話官話官話官話>官話官話話官話官"
+ $ mkdir -p $UPATH/$UPATH/$UPATH
+ $ touch $UPATH/$UPATH/$UPATH/$UPATH
+ $ getfacl $UPATH/$UPATH/$UPATH/$UPATH > utf8-filenames.acl
+ $ setfacl --restore=utf8-filenames.acl
+ $ rm -R $UPATH
+ $ rm utf8-filenames.acl

View File

@ -1,24 +0,0 @@
From: Brandon Philips <bphilips@suse.de>
Subject: [PATCH] acl: minor fix to cp.test
X -> x
Signed-off-by: Brandon Philips <bphilips@suse.de>
---
test/cp.test | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: acl-2.2.47/test/cp.test
===================================================================
--- acl-2.2.47.orig/test/cp.test
+++ acl-2.2.47/test/cp.test
@@ -24,7 +24,7 @@ The cp utility should only copy ACLs if
> blubb
$ rm -r i
- $ setfacl -R -m u:bin:rwX h
+ $ setfacl -R -m u:bin:rwx h
$ getfacl --omit-header h/x
> user::rw-
> user:bin:rwx

View File

@ -1,219 +0,0 @@
From: Brandon Philips <bphilips@suse.de>
Subject: [PATCH] acl: move nfs tests to their own folder
Since these tests require nfs mounts to run move them into a seperate
folder so they don't run by default.
Signed-off-by: Brandon Philips <bphilips@suse.de>
---
test/nfs-dir.test | 50 --------------------------------------------------
test/nfs/nfs-dir.test | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
test/nfs/nfsacl.test | 42 ++++++++++++++++++++++++++++++++++++++++++
test/nfsacl.test | 42 ------------------------------------------
4 files changed, 92 insertions(+), 92 deletions(-)
Index: acl-2.2.47/test/nfs-dir.test
===================================================================
--- acl-2.2.47.orig/test/nfs-dir.test
+++ /dev/null
@@ -1,50 +0,0 @@
-This is a regression test for a bug in 2.4 kernels. The test must be run
-as root on a machine that has a loopback mounted NFS export. The mount
-must have root squashing enabled. The test must be run in the root of
-the nfs mount, and requires the following environment variable:
-
-EXPORT_PATH => the path that is mounted at the working directory.
-
- Create a test directory and file.
-
- $ umask 022
- $ mkdir %{EXPORT_PATH}/test
- $ echo blah > %{EXPORT_PATH}/test/blah
-
- Make sure the file can be accessed before.
-
- $ su bin
- $ cat test/blah
- > blah
-
- Set up a situation that triggers the bug.
-
- $ su
- $ chmod go-rwx %{EXPORT_PATH}/test
- $ setfacl -m u:bin:rx %{EXPORT_PATH}/test
- $ ls -dl %{EXPORT_PATH}/test | awk '{print $1, $3, $4}'
- > drwxr-x---+ root root
- $ getfacl --omit-header %{EXPORT_PATH}/test 2> /dev/null
- > user::rwx
- > user:bin:r-x
- > group::---
- > mask::r-x
- > other::---
- >
-
- This should also succeed. With the bug, reading the file would
- fail with "Stale NFS file handle" or "Input/output error".
-
- $ su bin
- $ cat test/blah
- > blah
- $ sleep 3
- $ cat test/blah
- > blah
- $ cat test/blah
- > blah
-
- Clean up.
-
- $ su
- $ rm -rf %{EXPORT_PATH}/test
Index: acl-2.2.47/test/nfs/nfs-dir.test
===================================================================
--- /dev/null
+++ acl-2.2.47/test/nfs/nfs-dir.test
@@ -0,0 +1,50 @@
+This is a regression test for a bug in 2.4 kernels. The test must be run
+as root on a machine that has a loopback mounted NFS export. The mount
+must have root squashing enabled. The test must be run in the root of
+the nfs mount, and requires the following environment variable:
+
+EXPORT_PATH => the path that is mounted at the working directory.
+
+ Create a test directory and file.
+
+ $ umask 022
+ $ mkdir %{EXPORT_PATH}/test
+ $ echo blah > %{EXPORT_PATH}/test/blah
+
+ Make sure the file can be accessed before.
+
+ $ su bin
+ $ cat test/blah
+ > blah
+
+ Set up a situation that triggers the bug.
+
+ $ su
+ $ chmod go-rwx %{EXPORT_PATH}/test
+ $ setfacl -m u:bin:rx %{EXPORT_PATH}/test
+ $ ls -dl %{EXPORT_PATH}/test | awk '{print $1, $3, $4}'
+ > drwxr-x---+ root root
+ $ getfacl --omit-header %{EXPORT_PATH}/test 2> /dev/null
+ > user::rwx
+ > user:bin:r-x
+ > group::---
+ > mask::r-x
+ > other::---
+ >
+
+ This should also succeed. With the bug, reading the file would
+ fail with "Stale NFS file handle" or "Input/output error".
+
+ $ su bin
+ $ cat test/blah
+ > blah
+ $ sleep 3
+ $ cat test/blah
+ > blah
+ $ cat test/blah
+ > blah
+
+ Clean up.
+
+ $ su
+ $ rm -rf %{EXPORT_PATH}/test
Index: acl-2.2.47/test/nfs/nfsacl.test
===================================================================
--- /dev/null
+++ acl-2.2.47/test/nfs/nfsacl.test
@@ -0,0 +1,42 @@
+This is a regression test for bugs in the nfsacl protocol extension.
+The test should be run on an NFS export mount with ACL support.
+
+ Create a test directory and file.
+
+ $ umask 022
+ $ mkdir -p test/sub
+ $ echo blah > test/sub/blah
+
+ $ cp -rp test/sub test/sub2
+ $ find test/sub2 | sort | xargs ls -dl | awk '{print $1,$8}'
+ > drwxr-xr-x test/sub2
+ > -rw-r--r-- test/sub2/blah
+
+ $ rm -rf test/sub2
+
+ $ setfacl -m u:daemon:rwx test/sub
+ $ setfacl -dm u:daemon:rwx test/sub
+ $ getfattr -m- test/sub
+ > # file: test/sub
+ > system.posix_acl_access
+ > system.posix_acl_default
+ >
+
+ $ cp -rp test/sub test/sub2
+ $ find test/sub2 | sort | xargs ls -dl | awk '{print $1,$8}'
+ > drwxrwxr-x+ test/sub2
+ > -rw-r--r-- test/sub2/blah
+
+ $ rm -rf test/sub2
+
+ $ setfacl -m u:daemon:rw test/sub/blah
+ $ cp -rp test/sub test/sub2
+ $ find test/sub2 | sort | xargs ls -dl | awk '{print $1,$8}'
+ > drwxrwxr-x+ test/sub2
+ > -rw-rw-r--+ test/sub2/blah
+
+ $ rm -rf test/sub2
+
+ Clean up.
+
+ $ rm -rf test
Index: acl-2.2.47/test/nfsacl.test
===================================================================
--- acl-2.2.47.orig/test/nfsacl.test
+++ /dev/null
@@ -1,42 +0,0 @@
-This is a regression test for bugs in the nfsacl protocol extension.
-The test should be run on an NFS export mount with ACL support.
-
- Create a test directory and file.
-
- $ umask 022
- $ mkdir -p test/sub
- $ echo blah > test/sub/blah
-
- $ cp -rp test/sub test/sub2
- $ find test/sub2 | sort | xargs ls -dl | awk '{print $1,$8}'
- > drwxr-xr-x test/sub2
- > -rw-r--r-- test/sub2/blah
-
- $ rm -rf test/sub2
-
- $ setfacl -m u:daemon:rwx test/sub
- $ setfacl -dm u:daemon:rwx test/sub
- $ getfattr -m- test/sub
- > # file: test/sub
- > system.posix_acl_access
- > system.posix_acl_default
- >
-
- $ cp -rp test/sub test/sub2
- $ find test/sub2 | sort | xargs ls -dl | awk '{print $1,$8}'
- > drwxrwxr-x+ test/sub2
- > -rw-r--r-- test/sub2/blah
-
- $ rm -rf test/sub2
-
- $ setfacl -m u:daemon:rw test/sub/blah
- $ cp -rp test/sub test/sub2
- $ find test/sub2 | sort | xargs ls -dl | awk '{print $1,$8}'
- > drwxrwxr-x+ test/sub2
- > -rw-rw-r--+ test/sub2/blah
-
- $ rm -rf test/sub2
-
- Clean up.
-
- $ rm -rf test

View File

@ -1,881 +0,0 @@
From: Brandon Philips <bphilips@suse.de>
Subject: [PATCH] acl: move root tests to their own folder
Since these tests require root perms to run move them into a seperate
folder so they don't run by default.
Signed-off-by: Brandon Philips <bphilips@suse.de>
---
test/permissions.test | 279 ---------------------------------------------
test/root/permissions.test | 279 +++++++++++++++++++++++++++++++++++++++++++++
test/root/setfacl.test | 144 +++++++++++++++++++++++
test/setfacl.test | 144 -----------------------
4 files changed, 423 insertions(+), 423 deletions(-)
Index: acl-2.2.47/test/permissions.test
===================================================================
--- acl-2.2.47.orig/test/permissions.test
+++ /dev/null
@@ -1,279 +0,0 @@
-This script tests if file permissions are properly checked with and
-without ACLs. The script must be run as root to allow switching users.
-The following users are required. They must be a member in the groups
-listed in parentheses.
-
- bin (bin)
- daemon (bin, daemon)
-
-
-Cry immediately if we are not running as root.
-
- $ id -u
- > 0
-
-
-First, set up a temporary directory and create a regular file with
-defined permissions.
-
- $ mkdir d
- $ cd d
- $ umask 027
- $ touch f
- $ ls -l f | awk -- '{ print $1, $3, $4 }'
- > -rw-r----- root root
-
-
-Make sure root has access to the file. Verify that user daemon does not
-have access to the file owned by root.
-
- $ echo root > f
-
- $ su daemon
- $ echo daemon >> f
- > f: Permission denied
-
- $ su
-
-
-Now, change the ownership of the file to bin:bin and verify that this
-gives user bin write access.
-
- $ chown bin:bin f
- $ ls -l f | awk -- '{ print $1, $3, $4 }'
- > -rw-r----- bin bin
- $ su bin
- $ echo bin >> f
-
-
-User daemon is a member in the owning group, which has only read access.
-Verify this.
-
- $ su daemon
- $ cat f
- > root
- > bin
-
- $ echo daemon >> f
- > f: Permission denied
-
-
-Now, add an ACL entry for user daemon that grants him rw- access. File
-owners and users capable of CAP_FOWNER are allowed to change ACLs.
-
- $ su bin
- $ setfacl -m u:daemon:rw f
- $ getfacl --omit-header f
- > user::rw-
- > user:daemon:rw-
- > group::r--
- > mask::rw-
- > other::---
- >
-
-
-Verify that the additional ACL entry grants user daemon write access.
-
- $ su daemon
- $ echo daemon >> f
- $ cat f
- > root
- > bin
- > daemon
-
-
-Remove write access from the group class permission bits, and
-verify that this masks daemon's write permission.
-
- $ su bin
- $ chmod g-w f
- $ getfacl --omit-header f
- > user::rw-
- > user:daemon:rw- #effective:r--
- > group::r--
- > mask::r--
- > other::---
- >
-
- $ su daemon
- $ echo daemon >> f
- > f: Permission denied
-
-
-Add an entry for group daemon with rw- access, and change the
-permissions for user daemon to r--. Also change the others permissions t
-rw-. The user entry should take precedence, so daemon should be denied
-access.
-
- $ su bin
- $ setfacl -m u:daemon:r,g:daemon:rw-,o::rw- f
-
- $ su daemon
- $ echo daemon >> f
- > f: Permission denied
-
-
-Remove the entry for user daemon. The group daemon permissions should
-now give user daemon rw- access.
-
- $ su bin
- $ setfacl -x u:daemon f
-
- $ su daemon
- $ echo daemon2 >> f
- $ cat f
- > root
- > bin
- > daemon
- > daemon2
-
-
-Set the group daemon permissions to r-- and verify that after than, user
-daemon does not have write access anymore.
-
- $ su bin
- $ setfacl -m g:daemon:r f
-
- $ su daemon
- $ echo daemon3 >> f
- > f: Permission denied
-
-
-Now, remove the group daemon entry. Because user daemon is a member in
-the owning group, he should still have no write access.
-
- $ su bin
- $ setfacl -x g:daemon f
-
- $ su daemon
- $ echo daemon4 >> f
- > f: Permission denied
-
-
-Change the owning group. The other permissions should now grant user
-daemon write access.
-
- $ su
- $ chgrp root f
-
- $ su daemon
- $ echo daemon5 >> f
- $ cat f
- > root
- > bin
- > daemon
- > daemon2
- > daemon5
-
-
-Verify that permissions in separate matching ACL entries do not
-accumulate.
-
- $ su
- $ setfacl -m g:bin:r,g:daemon:w f
-
- $ su daemon
- $ : < f # open for reading
- $ : > f # open for writing
- $ : <> f # open for read-write
- > f: Permission denied
-
-
-Test if directories can have ACLs. We assume that only one access check
-algorithm is used for all file types the file system, so these tests
-only need to verify that ACL permissions make a difference.
-
- $ su
- $ mkdir -m 750 e
- $ touch e/h
-
- $ su bin
- $ shopt -s nullglob ; echo e/*
- >
-
- $ echo i > e/i
- > e/i: Permission denied
-
- $ su
- $ setfacl -m u:bin:rx e
-
- $ su bin
- $ echo e/*
- > e/h
- $ echo i > e/i
- > e/i: Permission denied
-
- $ su
- $ setfacl -m u:bin:rwx e
-
- $ su bin
- $ echo i > e/i
-
-
-Test if symlinks are properly followed.
-
- $ su
- $ touch g
- $ ln -s g l
- $ setfacl -m u:bin:rw l
- $ ls -l g | awk -- '{ print $1, $3, $4 }'
- > -rw-rw----+ root root
-
-
-Test if ACLs are effective for block and character special files, fifos,
-sockets. This is done by creating special files locally. The devices do
-not need to exist: The access check is earlier in the code path than the
-test if the device exists.
-
-
- $ mknod -m 0660 hdt b 91 64 # /dev/hdt
- $ mknod -m 0660 null c 1 3 # /dev/null
- $ mkfifo -m 0660 fifo
-
- $ su bin
- $ : < hdt
- > hdt: Permission denied
- $ : < null
- > null: Permission denied
- $ : < fifo
- > fifo: Permission denied
-
- $ su
- $ setfacl -m u:bin:rw hdt null fifo
-
- $ su bin
- $ : < hdt
- > hdt: No such device or address
- $ : < null
- $ ( echo blah > fifo & ) ; cat fifo
- > blah
-
-
-Test if CAP_FOWNER is properly honored for directories. This addresses a
-specific bug in XFS 1.2, which does not grant root access to files in
-directories if the file has an ACL and only CAP_FOWNER would grant them.
-
- $ su
- $ mkdir -m 600 x
- $ chown daemon:daemon x
- $ echo j > x/j
- $ ls -l x/j | awk -- '{ print $1, $3, $4 }'
- > -rw-r----- root root
-
- $ setfacl -m u:daemon:r x
-
- $ ls -l x/j | awk -- '{ print $1, $3, $4 }'
- > -rw-r----- root root
- (With the bug this gives: `ls: x/j: Permission denied'.)
-
- $ echo k > x/k
- (With the bug this gives: `x/k: Permission denied'.)
-
- $ chmod 750 x
-
-
-Clean up.
-
- $ su
- $ cd ..
- $ rm -rf d
Index: acl-2.2.47/test/setfacl.test
===================================================================
--- acl-2.2.47.orig/test/setfacl.test
+++ /dev/null
@@ -1,144 +0,0 @@
-Setfacl utility tests. Run these tests on a filesystem with ACL support.
-
- $ mkdir d
- $ chown bin:bin d
- $ cd d
-
- $ su bin
- $ sg bin
- $ umask 027
- $ touch g
- $ ls -dl g | awk '{print $1}'
- > -rw-r-----
-
- $ setfacl -m m:- g
- $ ls -dl g | awk '{print $1}'
- > -rw-------+
-
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rw-
- > group::r-- #effective:---
- > mask::---
- > other::---
- >
-
- $ setfacl -x m g
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rw-
- > group::r--
- > other::---
- >
-
- $ setfacl -m u:daemon:rw g
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rw-
- > user:daemon:rw-
- > group::r--
- > mask::rw-
- > other::---
- >
-
- $ setfacl -m u::rwx,g::r-x,o:- g
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rwx
- > user:daemon:rw-
- > group::r-x
- > mask::rwx
- > other::---
- >
-
- $ setfacl -m u::rwx,g::r-x,o:-,m:- g
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rwx
- > user:daemon:rw- #effective:---
- > group::r-x #effective:---
- > mask::---
- > other::---
- >
-
- $ setfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rwx
- > user:root:---
- > user:daemon:rw- #effective:---
- > group::r-x #effective:---
- > mask::---
- > other::---
- >
-
- $ setfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rwx
- > user:root:---
- > user:daemon:rw- #effective:---
- > group::r-x #effective:---
- > mask::---
- > other::---
- >
-
- $ setfacl -m u::rwx,g::r-x,o:-,u:root:- g
- $ getfacl g
- > # file: g
- > # owner: bin
- > # group: bin
- > user::rwx
- > user:root:---
- > user:daemon:rw-
- > group::r-x
- > mask::rwx
- > other::---
- >
-
- $ setfacl --test -x u: g
- > setfacl: g: Malformed access ACL `user:root:---,user:daemon:rw-,group::r-x,mask::rwx,other::---': Missing or wrong entry at entry 1
-
- $ setfacl --test -x u:x
- > setfacl: Option -x: Invalid argument near character 3
-
- $ setfacl -m d:u:root:rwx g
- > setfacl: g: Only directories can have default ACLs
-
- $ setfacl -x m g
- > setfacl: g: Malformed access ACL `user::rwx,user:root:---,user:daemon:rw-,group::r-x,other::---': Missing or wrong entry at entry 5
- setfacl --test -m d:u:daemon:rwx setfacl
- setfacl --test -n -m d:u:daemon:rwx setfacl
-
-Check if the mask is properly recalculated
-
- $ mkdir d
- $ setfacl --test -m u::rwx,u:bin:rwx,g::r-x,o::--- d
- > d: u::rwx,u:bin:rwx,g::r-x,m::rwx,o::---,*
-
- $ setfacl --test -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d
- > d: u::rwx,u:bin:rwx,g::r-x,m::---,o::---,*
-
- $ setfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,o::--- d
- > d: *,d:u::rwx,d:u:bin:rwx,d:g::r-x,d:m::rwx,d:o::---
-
- $ setfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d
- > d: *,d:u::rwx,d:u:bin:rwx,d:g::r-x,d:m::---,d:o::---
-
- $ su
- $ cd ..
- $ rm -r d
Index: acl-2.2.47/test/root/permissions.test
===================================================================
--- /dev/null
+++ acl-2.2.47/test/root/permissions.test
@@ -0,0 +1,279 @@
+This script tests if file permissions are properly checked with and
+without ACLs. The script must be run as root to allow switching users.
+The following users are required. They must be a member in the groups
+listed in parentheses.
+
+ bin (bin)
+ daemon (bin, daemon)
+
+
+Cry immediately if we are not running as root.
+
+ $ id -u
+ > 0
+
+
+First, set up a temporary directory and create a regular file with
+defined permissions.
+
+ $ mkdir d
+ $ cd d
+ $ umask 027
+ $ touch f
+ $ ls -l f | awk -- '{ print $1, $3, $4 }'
+ > -rw-r----- root root
+
+
+Make sure root has access to the file. Verify that user daemon does not
+have access to the file owned by root.
+
+ $ echo root > f
+
+ $ su daemon
+ $ echo daemon >> f
+ >~ .*f: Permission denied$
+
+ $ su
+
+
+Now, change the ownership of the file to bin:bin and verify that this
+gives user bin write access.
+
+ $ chown bin:bin f
+ $ ls -l f | awk -- '{ print $1, $3, $4 }'
+ > -rw-r----- bin bin
+ $ su bin
+ $ echo bin >> f
+
+
+User daemon is a member in the owning group, which has only read access.
+Verify this.
+
+ $ su daemon
+ $ cat f
+ > root
+ > bin
+
+ $ echo daemon >> f
+ >~ .*f: Permission denied$
+
+
+Now, add an ACL entry for user daemon that grants him rw- access. File
+owners and users capable of CAP_FOWNER are allowed to change ACLs.
+
+ $ su bin
+ $ setfacl -m u:daemon:rw f
+ $ getfacl --omit-header f
+ > user::rw-
+ > user:daemon:rw-
+ > group::r--
+ > mask::rw-
+ > other::---
+ >
+
+
+Verify that the additional ACL entry grants user daemon write access.
+
+ $ su daemon
+ $ echo daemon >> f
+ $ cat f
+ > root
+ > bin
+ > daemon
+
+
+Remove write access from the group class permission bits, and
+verify that this masks daemon's write permission.
+
+ $ su bin
+ $ chmod g-w f
+ $ getfacl --omit-header f
+ > user::rw-
+ > user:daemon:rw- #effective:r--
+ > group::r--
+ > mask::r--
+ > other::---
+ >
+
+ $ su daemon
+ $ echo daemon >> f
+ >~ .*f: Permission denied$
+
+
+Add an entry for group daemon with rw- access, and change the
+permissions for user daemon to r--. Also change the others permissions t
+rw-. The user entry should take precedence, so daemon should be denied
+access.
+
+ $ su bin
+ $ setfacl -m u:daemon:r,g:daemon:rw-,o::rw- f
+
+ $ su daemon
+ $ echo daemon >> f
+ >~ .*f: Permission denied$
+
+
+Remove the entry for user daemon. The group daemon permissions should
+now give user daemon rw- access.
+
+ $ su bin
+ $ setfacl -x u:daemon f
+
+ $ su daemon
+ $ echo daemon2 >> f
+ $ cat f
+ > root
+ > bin
+ > daemon
+ > daemon2
+
+
+Set the group daemon permissions to r-- and verify that after than, user
+daemon does not have write access anymore.
+
+ $ su bin
+ $ setfacl -m g:daemon:r f
+
+ $ su daemon
+ $ echo daemon3 >> f
+ >~ .*f: Permission denied$
+
+
+Now, remove the group daemon entry. Because user daemon is a member in
+the owning group, he should still have no write access.
+
+ $ su bin
+ $ setfacl -x g:daemon f
+
+ $ su daemon
+ $ echo daemon4 >> f
+ >~ .*f: Permission denied$
+
+
+Change the owning group. The other permissions should now grant user
+daemon write access.
+
+ $ su
+ $ chgrp root f
+
+ $ su daemon
+ $ echo daemon5 >> f
+ $ cat f
+ > root
+ > bin
+ > daemon
+ > daemon2
+ > daemon5
+
+
+Verify that permissions in separate matching ACL entries do not
+accumulate.
+
+ $ su
+ $ setfacl -m g:bin:r,g:daemon:w f
+
+ $ su daemon
+ $ : < f
+ $ : > f
+ $ : <> f
+ >~ .*f: Permission denied$
+
+
+Test if directories can have ACLs. We assume that only one access check
+algorithm is used for all file types the file system, so these tests
+only need to verify that ACL permissions make a difference.
+
+ $ su
+ $ mkdir -m 750 e
+ $ touch e/h
+
+ $ su bin
+ $ shopt -s nullglob ; echo e/*
+ >
+
+ $ echo i > e/i
+ >~ .*e/i: Permission denied$
+
+ $ su
+ $ setfacl -m u:bin:rx e
+
+ $ su bin
+ $ echo e/*
+ > e/h
+ $ echo i > e/i
+ >~ .*e/i: Permission denied$
+
+ $ su
+ $ setfacl -m u:bin:rwx e
+
+ $ su bin
+ $ echo i > e/i
+
+
+Test if symlinks are properly followed.
+
+ $ su
+ $ touch g
+ $ ln -s g l
+ $ setfacl -m u:bin:rw l
+ $ ls -l g | awk -- '{ print $1, $3, $4 }'
+ > -rw-rw----+ root root
+
+
+Test if ACLs are effective for block and character special files, fifos,
+sockets. This is done by creating special files locally. The devices do
+not need to exist: The access check is earlier in the code path than the
+test if the device exists.
+
+
+ $ mknod -m 0660 hdt b 91 64
+ $ mknod -m 0660 null c 1 3
+ $ mkfifo -m 0660 fifo
+
+ $ su bin
+ $ : < hdt
+ >~ .*hdt: Permission denied$
+ $ : < null
+ >~ .*null: Permission denied$
+ $ : < fifo
+ >~ .*fifo: Permission denied$
+
+ $ su
+ $ setfacl -m u:bin:rw hdt null fifo
+
+ $ su bin
+ $ : < hdt
+ >~ .*hdt: No such device or address$
+ $ : < null
+ $ ( echo blah > fifo & ) ; cat fifo
+ > blah
+
+
+Test if CAP_FOWNER is properly honored for directories. This addresses a
+specific bug in XFS 1.2, which does not grant root access to files in
+directories if the file has an ACL and only CAP_FOWNER would grant them.
+
+ $ su
+ $ mkdir -m 600 x
+ $ chown daemon:daemon x
+ $ echo j > x/j
+ $ ls -l x/j | awk -- '{ print $1, $3, $4 }'
+ > -rw-r----- root root
+
+ $ setfacl -m u:daemon:r x
+
+ $ ls -l x/j | awk -- '{ print $1, $3, $4 }'
+ > -rw-r----- root root
+ (With the bug this gives: `ls: x/j: Permission denied'.)
+
+ $ echo k > x/k
+ (With the bug this gives: `x/k: Permission denied'.)
+
+ $ chmod 750 x
+
+
+Clean up.
+
+ $ su
+ $ cd ..
+ $ rm -rf d
Index: acl-2.2.47/test/root/setfacl.test
===================================================================
--- /dev/null
+++ acl-2.2.47/test/root/setfacl.test
@@ -0,0 +1,144 @@
+Setfacl utility tests. Run these tests on a filesystem with ACL support.
+
+ $ mkdir d
+ $ chown bin:bin d
+ $ cd d
+
+ $ su bin
+ $ sg bin
+ $ umask 027
+ $ touch g
+ $ ls -dl g | awk '{print $1}'
+ > -rw-r-----
+
+ $ setfacl -m m:- g
+ $ ls -dl g | awk '{print $1}'
+ > -rw-------+
+
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rw-
+ > group::r-- #effective:---
+ > mask::---
+ > other::---
+ >
+
+ $ setfacl -x m g
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rw-
+ > group::r--
+ > other::---
+ >
+
+ $ setfacl -m u:daemon:rw g
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rw-
+ > user:daemon:rw-
+ > group::r--
+ > mask::rw-
+ > other::---
+ >
+
+ $ setfacl -m u::rwx,g::r-x,o:- g
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rwx
+ > user:daemon:rw-
+ > group::r-x
+ > mask::rwx
+ > other::---
+ >
+
+ $ setfacl -m u::rwx,g::r-x,o:-,m:- g
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rwx
+ > user:daemon:rw- #effective:---
+ > group::r-x #effective:---
+ > mask::---
+ > other::---
+ >
+
+ $ setfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rwx
+ > user:root:---
+ > user:daemon:rw- #effective:---
+ > group::r-x #effective:---
+ > mask::---
+ > other::---
+ >
+
+ $ setfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rwx
+ > user:root:---
+ > user:daemon:rw- #effective:---
+ > group::r-x #effective:---
+ > mask::---
+ > other::---
+ >
+
+ $ setfacl -m u::rwx,g::r-x,o:-,u:root:- g
+ $ getfacl g
+ > # file: g
+ > # owner: bin
+ > # group: bin
+ > user::rwx
+ > user:root:---
+ > user:daemon:rw-
+ > group::r-x
+ > mask::rwx
+ > other::---
+ >
+
+ $ setfacl --test -x u: g
+ > setfacl: g: Malformed access ACL `user:root:---,user:daemon:rw-,group::r-x,mask::rwx,other::---': Missing or wrong entry at entry 1
+
+ $ setfacl --test -x u:x
+ > setfacl: Option -x: Invalid argument near character 3
+
+ $ setfacl -m d:u:root:rwx g
+ > setfacl: g: Only directories can have default ACLs
+
+ $ setfacl -x m g
+ > setfacl: g: Malformed access ACL `user::rwx,user:root:---,user:daemon:rw-,group::r-x,other::---': Missing or wrong entry at entry 5
+ setfacl --test -m d:u:daemon:rwx setfacl
+ setfacl --test -n -m d:u:daemon:rwx setfacl
+
+Check if the mask is properly recalculated
+
+ $ mkdir d
+ $ setfacl --test -m u::rwx,u:bin:rwx,g::r-x,o::--- d
+ > d: u::rwx,u:bin:rwx,g::r-x,m::rwx,o::---,*
+
+ $ setfacl --test -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d
+ > d: u::rwx,u:bin:rwx,g::r-x,m::---,o::---,*
+
+ $ setfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,o::--- d
+ > d: *,d:u::rwx,d:u:bin:rwx,d:g::r-x,d:m::rwx,d:o::---
+
+ $ setfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d
+ > d: *,d:u::rwx,d:u:bin:rwx,d:g::r-x,d:m::---,d:o::---
+
+ $ su
+ $ cd ..
+ $ rm -r d

View File

@ -1,192 +0,0 @@
From: Andreas Gruenbacher <agruen@suse.de>
Subject: [PATCH] acl: various improvements for test/run
Update the run script with various improvements:
Avoid a warning:
main::process_test() called too early to check prototype at ./run line 47.
main::process_test() called too early to check prototype at ./run line 60.
Create two ENV variables TUSER and TGROUP to get the user/group
running the test.
Add a >~ test line that is similar to > but is interpreted as a regular
expression.
Signed-off-by: Brandon Philips <bphilips@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
---
test/run | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 72 insertions(+), 18 deletions(-)
Index: acl-2.2.47/test/run
===================================================================
--- acl-2.2.47.orig/test/run
+++ acl-2.2.47/test/run
@@ -1,5 +1,32 @@
#!/usr/bin/perl -w -U
+# Copyright (c) 2007, 2008 Andreas Gruenbacher.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions, and the following disclaimer,
+# without modification, immediately at the beginning of the file.
+# 2. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# Alternatively, this software may be distributed under the terms of the
+# GNU Public License ("GPL").
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
#
# Possible improvements:
#
@@ -12,12 +39,13 @@
use strict;
use FileHandle;
use Getopt::Std;
-use POSIX qw(isatty setuid);
-use vars qw($opt_v);
+use POSIX qw(isatty setuid getcwd);
+use vars qw($opt_l $opt_v);
no warnings qw(taint);
-getopts('v');
+$opt_l = ~0; # a really huge number
+getopts('l:v');
my ($OK, $FAILED) = ("ok", "failed");
if (isatty(fileno(STDOUT))) {
@@ -25,18 +53,24 @@ if (isatty(fileno(STDOUT))) {
$FAILED = "\033[31m\033[1m" . $FAILED . "\033[m";
}
+$ENV{"TUSER"} = getpwuid($>);
+$ENV{"TGROUP"} = getgrgid($));
+
sub exec_test($$);
+sub process_test($$$$);
my ($prog, $in, $out) = ([], [], []);
-my $line_number = 0;
-my $prog_line;
+my $prog_line = 0;
my ($tests, $failed) = (0,0);
+my $lineno;
+my $width = ($ENV{COLUMNS} || 80) >> 1;
for (;;) {
- my $line = <>; $line_number++;
+ my $line = <>; $lineno++;
if (defined $line) {
# Substitute %VAR and %{VAR} with environment variables.
- $line =~ s[%(?:(\w+)|\{(\w+)\})][$ENV{"$1$2"}]eg;
+ $line =~ s[%(\w+)][$ENV{$1}]eg;
+ $line =~ s[%{(\w+)}][$ENV{$1}]eg;
}
if (defined $line) {
if ($line =~ s/^\s*< ?//) {
@@ -45,14 +79,14 @@ for (;;) {
push @$out, $line;
} else {
process_test($prog, $prog_line, $in, $out);
+ last if $prog_line >= $opt_l;
$prog = [];
$prog_line = 0;
}
if ($line =~ s/^\s*\$ ?//) {
- $line =~ s/\s+#.*//; # remove comments here...
$prog = [ map { s/\\(.)/$1/g; $_ } split /(?<!\\)\s+/, $line ];
- $prog_line = $line_number;
+ $prog_line = $lineno;
$in = [];
$out = [];
}
@@ -84,27 +118,37 @@ sub process_test($$$$) {
print "[$prog_line] \$ ", join(' ',
map { s/\s/\\$&/g; $_ } @$p), " -- ";
my $result = exec_test($prog, $in);
- my $good = 1;
+ my @good = ();
my $nmax = (@$out > @$result) ? @$out : @$result;
for (my $n=0; $n < $nmax; $n++) {
- if (!defined($out->[$n]) || !defined($result->[$n]) ||
- $out->[$n] ne $result->[$n]) {
- $good = 0;
- }
+ my $use_re;
+ if (defined $out->[$n] && $out->[$n] =~ /^~ /) {
+ $use_re = 1;
+ $out->[$n] =~ s/^~ //g;
+ }
+
+ if (!defined($out->[$n]) || !defined($result->[$n]) ||
+ (!$use_re && $result->[$n] ne $out->[$n]) ||
+ ( $use_re && $result->[$n] !~ /^$out->[$n]/)) {
+ push @good, ($use_re ? '!~' : '!=');
+ }
+ else {
+ push @good, ($use_re ? '=~' : '==');
+ }
}
+ my $good = !(grep /!/, @good);
$tests++;
$failed++ unless $good;
print $good ? $OK : $FAILED, "\n";
- if (!$good) {
+ if (!$good || $opt_v) {
for (my $n=0; $n < $nmax; $n++) {
my $l = defined($out->[$n]) ? $out->[$n] : "~";
chomp $l;
my $r = defined($result->[$n]) ? $result->[$n] : "~";
chomp $r;
- print sprintf("%-37s %s %-39s\n", $l, $l eq $r ? "|" : "?", $r);
+ print sprintf("%-" . ($width-3) . "s %s %s\n",
+ $r, $good[$n], $l);
}
- } elsif ($opt_v) {
- print join('', @$result);
}
}
@@ -191,11 +235,21 @@ sub exec_test($$) {
if (!chdir $prog->[1]) {
return [ "chdir: $prog->[1]: $!\n" ];
}
+ $ENV{PWD} = getcwd;
return [];
} elsif ($prog->[0] eq "su") {
return su($prog->[1]);
} elsif ($prog->[0] eq "sg") {
return sg($prog->[1]);
+ } elsif ($prog->[0] eq "export") {
+ my ($name, $value) = split /=/, $prog->[1];
+ # FIXME: need to evaluate $value, so that things like this will work:
+ # export dir=$PWD/dir
+ $ENV{$name} = $value;
+ return [];
+ } elsif ($prog->[0] eq "unset") {
+ delete $ENV{$prog->[1]};
+ return [];
}
pipe *IN2, *OUT

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Sat Aug 1 04:26:07 CEST 2009 - bphilips@novell.com
- Version bump to 2.2.48
- Document the new flags comments
- Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "setfacl --restore=file".
- Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
- Stop quoting nonprintable characters in the getfacl output
- Avoid unnecessary but destructive chown calls
- Clarify license notice
-------------------------------------------------------------------
Thu Feb 12 23:11:42 PST 2009 - bphilips@novell.com

177
acl.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package acl (Version 2.2.47)
# spec file for package acl (Version 2.2.48)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -23,22 +23,11 @@ BuildRequires: libattr-devel
Group: System/Filesystems
AutoReqProv: on
Summary: Commands for Manipulating POSIX Access Control Lists
Version: 2.2.47
Release: 31
Source: %name-%version.src.tar.bz2
Version: 2.2.48
Release: 1
Source: %name-%version.src.tar.gz
Patch0: builddefs.in.diff
Patch1: walk-tree-fix-for-deref.patch
Patch2: null-pointer-access.diff
Patch3: acl-add-make-test-target-and-use-make-to-run-tests.patch
Patch4: acl-various-improvements-for-test-run.patch
Patch5: acl-move-root-tests-to-their-own-folder.patch
Patch6: acl-move-nfs-tests-to-their-own-folder.patch
Patch7: acl-minor-fix-to-cp.test.patch
Patch8: acl-add-getfacl-r-l-p-tests.patch
Patch9: acl-fix-setfacl-for-long-utf8-filenames.patch
Patch10: acl-Return-error-status-on-setfacl-failures.patch
Patch11: acl-add-short-option-support-to-the-acl-commands.patch
Url: ftp://oss.sgi.com/projects/xfs/cmd_tars
Url: http://download.savannah.gnu.org/releases-noredirect/acl/
License: GPL v2 or later
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -46,15 +35,13 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
getfacl and setfacl commands for retrieving and setting POSIX access
control lists.
Authors:
--------
Andreas Gruenbacher <a.gruenbacher@computer.org>
SGI
%package -n libacl
License: GPL v2 or later; LGPL v2.1 or later
License: GPL v2 or later ; LGPL v2.1 or later
Summary: A dynamic library for accessing POSIX Access Control Lists
Group: System/Libraries
# bug437293
@ -68,15 +55,13 @@ This package contains the libacl.so dynamic library which contains the
POSIX 1003.1e draft standard 17 functions for manipulating access
control lists.
Authors:
--------
Andreas Gruenbacher <a.gruenbacher@computer.org>
SGI
%package -n libacl-devel
License: GPL v2 or later; LGPL v2.1 or later
License: GPL v2 or later ; LGPL v2.1 or later
Summary: Include Files and Libraries mandatory for Development
AutoReqProv: on
Group: Development/Libraries/C and C++
@ -93,8 +78,6 @@ Obsoletes: libacl-devel-64bit
This package contains all necessary include files and libraries needed
to develop applications that require these.
Authors:
--------
SGI
@ -102,17 +85,6 @@ Authors:
%prep
%setup -n acl-%version
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%build
export OPTIMIZER="$RPM_OPT_FLAGS -fPIC"
@ -162,6 +134,7 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/libacl.{a,la,so}
%dir %attr(755,root,root) /usr/share/doc/packages/acl
%doc %attr(644,root,root) /usr/share/doc/packages/acl/CHANGES.gz
%doc %attr(644,root,root) /usr/share/doc/packages/acl/COPYING
%doc %attr(644,root,root) /usr/share/doc/packages/acl/COPYING.LGPL
%doc %attr(644,root,root) /usr/share/doc/packages/acl/PORTING
%doc %attr(644,root,root) /usr/share/doc/packages/acl/README
%doc %attr(644,root,root) %{_mandir}/man1/chacl.1.gz
@ -220,137 +193,3 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/libacl.{a,la,so}
/%{_lib}/libacl.so.1*
%changelog
* Thu Feb 12 2009 bphilips@novell.com
- fix setfacl for long utf8 filenames (rh#183181)
- Return error status on setfacl failures (rh#368451)
- getfacl/setfacl should support shortcode flags (rh#204087)
* Thu Jan 08 2009 bphilips@novell.com
- Added a number of unit test improvements
* Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
* Tue Nov 11 2008 ro@suse.de
- SLE-11 uses PPC64 instead of PPC, adapt baselibs.conf
* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Fri Jul 11 2008 bphilips@suse.de
- Failure to recursively set/get ACLs on directories (bnc#404075)
- When invoked as ``setfacl -- ...'', setfacl segfaults (bnc#369425).
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Sat Oct 27 2007 agruen@suse.de
- Don't exhaust the number of file descriptors in the path walking
code, and make sure each directory is only visited once.
* Thu Oct 25 2007 agruen@suse.de
- A large jump to the current upstream version 2.2.45.
- Fix the upstream path walking code.
* Sat Mar 18 2006 agruen@suse.de
- Remove broken file /usr/lib[64]/libacl.la.
* Fri Mar 17 2006 agruen@suse.de
- Fix symlinks in the -devel package (149945, Nathan Scott).
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Jan 13 2006 mjancar@suse.cz
- update to 2.2.34
* Tue Sep 06 2005 coolo@suse.de
- Fixing devel dependencies (the libtool check chokes on the symlinks,
but it still is right)
* Fri Aug 26 2005 agruen@suse.de
- Update to version 2.2.31: Integrate a patch we had separately;
additional stdin error handling in setfacl.
* Fri Aug 19 2005 kukuk@suse.de
- Move devel files from / to /usr
- Don't generate filelist dynamic (fix broken attr statements)
* Mon Apr 25 2005 meissner@suse.de
- Use RPM_OPT_FLAGS.
* Mon Feb 21 2005 agruen@suse.de
- Update to version 2.2.30. Several fixes.
* Thu Nov 11 2004 coolo@suse.de
- use %%find_lang
* Wed Aug 25 2004 agruen@suse.de
- #43472: Fix processing of the X pseudo permission in setfacl:
Must not modify the sequence of commands directly or else only
the first file is processed correctly, and X is not evaluated
for any other file. Add test case for X pseudo permission.
- Remove support for relative permission changes; this
non-standard feature was disabled since a while already.
- Bump version number to 2.2.25.
* Sun Jan 11 2004 adrian@suse.de
- build as user
* Thu Jan 01 2004 agruen@suse.de
- Update to version 2.2.21. Bug fix in directory tree walking
code.
* Tue Oct 21 2003 kukuk@suse.de
- Fix provides for update case
* Thu Aug 28 2003 agruen@suse.de
- Fix a bug with error handling while walking directory trees.
* Wed Aug 27 2003 ro@suse.de
- fix patch depth in specfile
* Tue Aug 26 2003 agruen@suse.de
- Fix SIGSEGV if the quote function.
* Fri Aug 15 2003 agruen@suse.de
- Update to 2.2.15: Includes quoting of special characters in
path and user names, and several minor fixes. (For details see
doc/CHANGES in the tarball).
* Mon Jun 16 2003 ja@suse.cz
- File list fixed.
* Sun Apr 06 2003 agruen@suse.de
- Update to 2.2.7.
* Wed Feb 26 2003 agruen@suse.de
- Update to acl-2.2.3a, which has all our patches plus an
additional malloc bug fix.
* Mon Feb 24 2003 agruen@suse.de
- Increment libattr library version to 1.1.0.
- Add symbol level versioning for libacl.
* Sat Feb 08 2003 agruen@suse.de
- Fix a long standing bug in acl_get_file() for Default ACLs (that
probably was there from hour one), and another critical bug in
the libacl entry pre-allocation patch (introduced on Jan 22).
* Tue Jan 28 2003 agruen@suse.de
- Fix inconsistent declarations for visibility("hidden") attributes
("config.h" was not always included).
- Fix a signedness warning in getfacl/user_group.c with a type
cast.
* Wed Jan 22 2003 agruen@suse.de
- Update to acl-2.2.2
- Fix a memory leak in acl_init()
- Add memory pre-allocation support patch for libacl
- Add ACL copying functions patch
- Add visibility(hidden) patch that hides libacl internal functions
from the outside.
- Let mls@suse.de add the following package alias in Autobuild
for building packages against older releases:
libacl-devel -> acl-devel [for <= 8.1]
* Tue Jan 21 2003 agruen@suse.de
- Remove (Prereq: /sbin/ldconfig) tag, and use %%run_ldconfig
in %%post and %%postun instead.
- acl-devel was renamed to libacl-devel: add missing
`Obsoletes: acl-devel' tag to libacl-devel.
* Sun Jan 19 2003 agruen@suse.de
- Fix a typo and add a clarification in the acl.5 manual page.
* Fri Dec 13 2002 schwab@suse.de
- Fix filelist generation.
* Fri Dec 13 2002 jderfina@suse.cz
- upgrading to version 2.1.1
- spliting acl to acl (binaries), libacl (libraries) and libacl-devel
(development stuff). This spliting follows SGI's release.
* Thu Sep 05 2002 agruen@suse.de
- Update to 2.0.19 + additional corrections (see
acl-2.0.19/doc/CHANGES).
* Thu Aug 15 2002 agruen@suse.de
- Remove the suse_update_config macro and the config.* stuff.
(According to ro@suse.de this is not necessary.)
- Change the documentation path in builddefs.in instead of in
configure.in.
- Update to version 2.0.17
* Thu Jun 20 2002 uli@suse.de
- fixed for lib64
* Wed Jun 19 2002 lmuelle@suse.de
- Remove DESTDIR patch, use DIST_ROOT of package instead
- Fix library location in the devel package
- Update to version 2.0.11
* Tue May 07 2002 sf@suse.de
- moved libs to %%{_lib} (they were in /lib _and_ /usr/lib before)
* Mon Feb 25 2002 ro@suse.de
- initial package (v2.0.0) (split from xfsprogs spec)

View File

@ -1,57 +0,0 @@
From: Andreas Gruenbacher <agruen@suse.de>
Subject: Fix NULL pointer access / segmentation fault
When invoked as ``setfacl -- ...'', setfacl segfaults. Reported
by Jiri Moskovcak <jmoskovc@redhat.com> and
Peng Haitao <penght@cn.fujitsu.com>.
This fix is based on their proposed patch.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Cc: Jiri Moskovcak <jmoskovc@redhat.com>
Cc: Peng Haitao <penght@cn.fujitsu.com>
Index: acl-2.2.45/setfacl/setfacl.c
===================================================================
--- acl-2.2.45.orig/setfacl/setfacl.c
+++ acl-2.2.45/setfacl/setfacl.c
@@ -301,7 +301,7 @@ int main(int argc, char *argv[])
int which;
int lineno;
int error;
- seq_t seq = NULL;
+ seq_t seq;
int seq_cmd, parse_mode;
progname = basename(argv[0]);
@@ -326,6 +326,10 @@ int main(int argc, char *argv[])
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
+ seq = seq_init();
+ if (!seq)
+ ERRNO_ERROR(1);
+
while ((opt = getopt_long(argc, argv, cmd_line_options,
long_options, NULL)) != -1) {
/* we remember the two REMOVE_ACL commands of the set
@@ -334,15 +338,12 @@ int main(int argc, char *argv[])
cmd_t seq_remove_acl_cmd = NULL;
if (opt != '\1' && saw_files) {
- if (seq) {
+ if (seq)
seq_free(seq);
- seq = NULL;
- }
- saw_files = 0;
- }
- if (seq == NULL) {
- if (!(seq = seq_init()))
+ seq = seq_init();
+ if (!seq)
ERRNO_ERROR(1);
+ saw_files = 0;
}
switch (opt) {

View File

@ -1,68 +0,0 @@
Subject: acl: Fix WALK_TREE_RECURSIVE for the WALK_TREE_DEREFERENCE case
getfacl.c calls walk_tree() with WALK_TREE_DEREFERENCE. This causes a stat()
of symlinks which in turn causes S_ISDIR(st.st_mode) to be true on symlinks.
This causes getfacl -P to return the contents of symlinks...
e.g.
$ mkdir -p test/sub
$ mkdir test/link
$ touch test/link/file
$ ln -s `pwd`/test/link test/sub/link
$ getfacl -P -R test/sub
# file: test/sub
# owner: philips
# group: users
user::rwx
group::r-x
other::r-x
# file: test/sub/link/file
# owner: philips
# group: users
user::rw-
group::r--
other::r--
After the fix:
$ getfacl -R -P test/sub/
# file: test/sub/
# owner: philips
# group: users
user::rwx
group::r-x
other::r-x
Signed-off-by: Brandon Philips <bphilips@suse.de>
---
libmisc/walk_tree.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
Index: acl-2.2.47/libmisc/walk_tree.c
===================================================================
--- acl-2.2.47.orig/libmisc/walk_tree.c
+++ acl-2.2.47/libmisc/walk_tree.c
@@ -93,8 +93,15 @@ static int walk_tree_rec(const char *pat
have_dir_stat = 1;
}
err = func(path, &st, flags, arg);
+
+ /*
+ * Recurse if WALK_TREE_RECURSIVE and the path is:
+ * a dir not from a symlink
+ * a link and follow_symlinks
+ */
if ((flags & WALK_TREE_RECURSIVE) &&
- (S_ISDIR(st.st_mode) || (S_ISLNK(st.st_mode) && follow_symlinks))) {
+ (!(flags & WALK_TREE_SYMLINK) && S_ISDIR(st.st_mode)) ||
+ ((flags & WALK_TREE_SYMLINK) && follow_symlinks)) {
struct dirent *entry;
/*