1 #!/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 #
29 # Copyright (c) 2013 by Delphix. All rights reserved.
30 #
31
32 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
33
34 #
35 # DESCRIPTION:
36 # Scan the following permissions one by one to verify privileged user
37 # has correct permission delegation in datasets.
38 #
39 # STRATEGY:
40 # 1. Delegate all the permission one by one to user on dataset.
41 # 2. Verify privileged user has correct permission without any other
42 # permissions allowed.
43 #
44
45 verify_runnable "both"
46
47 log_assert "Verify privileged user has correct permissions once which was "\
48 "delegated to him in datasets"
49 log_onexit restore_root_datasets
50
51 #
52 # Results in Results in
53 # Permission Filesystem Volume
54 #
55 set -A perms create true false \
56 snapshot true true \
57 mount true false \
58 send true true \
59 allow true true \
60 quota true false \
61 reservation true true \
62 recordsize true false \
63 mountpoint true false \
64 checksum true true \
65 compression true true \
66 canmount true false \
67 atime true false \
68 devices true false \
69 exec true false \
70 volsize false true \
71 setuid true false \
72 readonly true true \
73 snapdir true false \
74 userprop true true \
75 aclmode true false \
76 aclinherit true false \
77 rollback true true \
78 clone true true \
79 rename true true \
80 promote true true \
81 zoned true false \
82 xattr true false \
83 receive true false \
84 destroy true true
85 if is_global_zone; then
86 typeset -i n=${#perms[@]}
87 perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
88 perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
89 fi
90
91 for dtst in $DATASETS; do
92 typeset -i k=1
93 typeset type=$(get_prop type $dtst)
94 [[ $type == "volume" ]] && k=2
95
96 typeset -i i=0
97 while (( i < ${#perms[@]} )); do
98 log_must $ZFS allow $STAFF1 ${perms[$i]} $dtst
99
100 if [[ ${perms[((i+k))]} == "true" ]]; then
101 log_must verify_perm $dtst ${perms[$i]} $STAFF1
102 else
103 log_must verify_noperm $dtst ${perms[$i]} $STAFF1
104 fi
105
106 log_must restore_root_datasets
107
108 ((i += 3))
109 done
110 done
111
112 log_pass "Verify privileged user has correct permissions " \
113 "in datasets passed."