4 desc="NFSv4 granular permissions checking - WRITE_DATA vs APPEND_DATA on directories"
9 [ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit
18 expect 0 mkdir ${n2} 0755
19 expect 0 mkdir ${n3} 0777
23 # Tests 2..7 - check out whether root user can do stuff.
25 expect 0 create ${n0} 0644
27 # Can create symlinks?
28 expect 0 link ${n0} ${n1}
32 # Can create directories?
33 expect 0 mkdir ${n0} 0755
36 # Check whether user 65534 is permitted to create and remove
37 # files, but not subdirectories.
38 expect 0 prependacl . user:65534:write_data::allow,user:65534:append_data::deny
41 expect 0 -u 65534 -g 65534 create ${n0} 0644
43 # Can create symlinks?
44 expect 0 -u 65534 -g 65534 link ${n0} ${n1}
45 expect 0 -u 65534 -g 65534 unlink ${n1}
46 expect 0 -u 65534 -g 65534 unlink ${n0}
48 # Can create directories?
49 expect EACCES -u 65534 -g 65534 mkdir ${n0} 0755
50 expect ENOENT -u 65534 -g 65534 rmdir ${n0}
51 expect 0 mkdir ${n0} 0755
52 expect 0 -u 65534 -g 65534 rmdir ${n0}
54 # Can move files from other directory?
55 expect 0 create ../${n3}/${n1} 0644
56 expect 0 -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
58 # Can move files from other directory overwriting existing files?
59 expect 0 create ../${n3}/${n1} 0644
60 expect 0 -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
62 expect 0 -u 65534 -g 65534 unlink ${n0}
64 # Can move directories from other directory?
65 expect 0 mkdir ../${n3}/${n1} 0777
66 expect EACCES -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
68 # Can move directories from other directory overwriting existing directory?
69 expect EACCES -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
70 expect 0 -u 65534 -g 65534 rmdir ../${n3}/${n1}
72 # Check whether user 65534 is permitted to create
73 # subdirectories, but not files - and to remove neither of them.
74 expect 0 prependacl . user:65534:write_data::deny,user:65534:append_data::allow
77 expect EACCES -u 65534 -g 65534 create ${n0} 0644
79 # Can create symlinks?
80 expect 0 create ${n0} 0644
81 expect EACCES -u 65534 -g 65534 link ${n0} ${n1}
82 expect ENOENT -u 65534 -g 65534 unlink ${n1}
83 expect EACCES -u 65534 -g 65534 unlink ${n0}
86 # Can create directories?
87 expect 0 -u 65534 -g 65534 mkdir ${n0} 0755
88 expect EACCES -u 65534 -g 65534 rmdir ${n0}
91 # Can move files from other directory?
92 expect 0 create ../${n3}/${n1} 0644
93 expect EACCES -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
95 # Can move files from other directory overwriting existing files?
96 expect EACCES -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
97 expect 0 -u 65534 -g 65534 unlink ../${n3}/${n1}
99 # Can move directories from other directory?
100 expect 0 mkdir ../${n3}/${n1} 0777
101 expect 0 -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
103 # Can move directories from other directory overwriting existing directory?
104 expect 0 mkdir ../${n3}/${n1} 0777
105 expect EACCES -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
106 expect 0 prependacl . user:65534:delete_child::allow
107 expect 0 -u 65534 -g 65534 rename ../${n3}/${n1} ${n0}
108 expect 0 -u 65534 -g 65534 rmdir ${n0}