1 Pretty comprehensive ACL tests.
3 This must be run on a filesystem with ACL support. Also, you will need
4 two dummy users (bin and daemon) and a dummy group (daemon).
10 Only change a base ACL:
12 $ setfacl -m u::rw,u:bin:rw f
13 $ ls -dl f | awk '{print $1}'
16 $ getfacl --omit-header f
27 $ setfacl -m u:bin:rw f
28 $ ls -dl f | awk '{print $1}'
31 $ getfacl --omit-header f
42 $ setfacl -m u:bin:rwx d
43 $ ls -dl d | awk '{print $1}'
46 $ getfacl --omit-header d
57 $ setfacl -m u:bin:rwx d
58 $ ls -dl d | awk '{print $1}'
61 $ getfacl --omit-header d
76 $ setfacl -m u:bin:rw,u:daemon:r f
77 $ ls -dl f | awk '{print $1}'
80 $ getfacl --omit-header f
91 $ setfacl -m g:users:rw,g:daemon:r f
92 $ ls -dl f | awk '{print $1}'
95 $ getfacl --omit-header f
108 $ setfacl -x g:users f
109 $ ls -dl f | awk '{print $1}'
112 $ getfacl --omit-header f
124 $ setfacl -x u:daemon f
125 $ ls -dl f | awk '{print $1}'
128 $ getfacl --omit-header f
143 $ setfacl -m u:bin:rwx,u:daemon:rw,d:u:bin:rwx,d:m:rx d
144 $ ls -dl d | awk '{print $1}'
147 $ getfacl --omit-header d
155 > default:user:bin:rwx #effective:r-x
165 $ ls -dl d/f | awk '{print $1}'
168 $ getfacl --omit-header d/f
170 > user:bin:rwx #effective:r--
171 > group::r-x #effective:r--
179 $ ls -dl d/f | awk '{print $1}'
182 $ getfacl --omit-header d/f
184 > user:bin:rwx #effective:r--
185 > group::r-x #effective:r--
196 $ ls -dl d/d | awk '{print $1}'
199 $ getfacl --omit-header d/d
201 > user:bin:rwx #effective:r-x
206 > default:user:bin:rwx #effective:r-x
215 $ ls -dl d/d | awk '{print $1}'
218 $ getfacl --omit-header d/d
220 > user:bin:rwx #effective:r-x
225 > default:user:bin:rwx #effective:r-x
231 Add some users and groups
233 $ setfacl -nm u:daemon:rx,d:u:daemon:rx,g:users:rx,g:daemon:rwx d/d
234 $ ls -dl d/d | awk '{print $1}'
237 $ getfacl --omit-header d/d
239 > user:bin:rwx #effective:r-x
242 > group:daemon:rwx #effective:r-x
247 > default:user:bin:rwx #effective:r-x
248 > default:user:daemon:r-x
254 Symlink in directory with default ACL?
257 $ ls -dl d/l | awk '{print $1}' | sed 's/\.$//g'
260 $ ls -dl -L d/l | awk '{print $1}'
263 $ getfacl --omit-header d/l
265 > user:bin:rwx #effective:r-x
268 > group:daemon:rwx #effective:r-x
273 > default:user:bin:rwx #effective:r-x
274 > default:user:daemon:r-x
282 Does mask manipulation work?
284 $ setfacl -m g:daemon:rx,u:bin:rx d/d
285 $ ls -dl d/d | awk '{print $1}'
288 $ getfacl --omit-header d/d
298 > default:user:bin:rwx #effective:r-x
299 > default:user:daemon:r-x
305 $ setfacl -m d:u:bin:rwx d/d
306 $ ls -dl d/d | awk '{print $1}'
309 $ getfacl --omit-header d/d
319 > default:user:bin:rwx
320 > default:user:daemon:r-x
328 Remove the default ACL
331 $ ls -dl d | awk '{print $1}'
334 $ getfacl --omit-header d
343 Reset to base entries
346 $ ls -dl d | awk '{print $1}' | sed 's/\.$//g'
349 $ getfacl --omit-header d
355 Now, chmod should change the group_obj entry
358 $ ls -dl d | awk '{print $1}' | sed 's/\.$//g'
361 $ getfacl --omit-header d
370 $ setfacl -m u:daemon:rwx,u:bin:rx,d:u:daemon:rwx,d:u:bin:rx d
371 $ ls -dl d | awk '{print $1}'
374 $ getfacl --omit-header d
382 > default:user:bin:r-x
383 > default:user:daemon:rwx
390 $ ls -dl d | awk '{print $1}'
393 $ getfacl --omit-header d
396 > user:daemon:rwx #effective:r-x
397 > group::rwx #effective:r-x
401 > default:user:bin:r-x
402 > default:user:daemon:rwx
409 $ ls -dl d | awk '{print $1}'
412 $ getfacl --omit-header d
415 > user:daemon:rwx #effective:r-x
416 > group::rwx #effective:r-x
420 > default:user:bin:r-x
421 > default:user:daemon:rwx
429 Dangling symlink test http://savannah.nongnu.org/bugs/?28131
441 $ setfacl -R -m u:bin:rw d
443 > getfacl: d/b: No such file or directory
453 $ setfacl -RL -m u:bin:rw d
454 > setfacl: d/b: No such file or directory
457 Malformed restore file
459 $ echo "# owner: root" > f
460 $ setfacl --restore=f 2>&1
461 >setfacl: f: No filename found in line 0, aborting