5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
24 # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
29 # Copyright (c) 2013, 2016 by Delphix. All rights reserved.
32 .
$STF_SUITE/tests
/functional
/delegate
/delegate_common.kshlib
36 # Scan the following permissions one by one to verify privileged user
37 # has correct permission delegation in datasets.
40 # 1. Delegate all the permission one by one to user on dataset.
41 # 2. Verify privileged user has correct permission without any other
42 # permissions allowed.
45 verify_runnable
"both"
47 log_assert
"Verify privileged user has correct permissions once which was "\
48 "delegated to him in datasets"
49 log_onexit restore_root_datasets
53 # Results in Results in
54 # Permission Filesystem Volume
57 # - mount - mount(8) does not permit non-superuser mounts
58 # - mountpoint - mount(8) does not permit non-superuser mounts
59 # - canmount - mount(8) does not permit non-superuser mounts
60 # - rename - mount(8) does not permit non-superuser mounts
61 # - zoned - zones are not supported
62 # - destroy - umount(8) does not permit non-superuser umounts
63 # - sharenfs - sharing requires superuser privileges
64 # - share - sharing requires superuser privileges
65 # - readonly - mount(8) does not permit non-superuser remounts
67 set -A perms create true false \
72 reservation true true \
73 dnodesize true false \
74 recordsize true false \
76 compression true true \
84 aclinherit true false \
92 # Results in Results in
93 # Permission Filesystem Volume
96 # - zoned - zones are not supported
97 # - sharenfs - sharing requires superuser privileges
98 # - share - sharing requires superuser privileges
99 # - xattr - Not supported on FreeBSD
101 set -A perms create true false \
107 reservation true true \
108 dnodesize true false \
109 recordsize true false \
110 mountpoint true false \
112 compression true true \
113 canmount true false \
123 aclinherit true false \
133 set -A perms create true false \
139 reservation true true \
140 dnodesize true false \
141 recordsize true false \
142 mountpoint true false \
144 compression true true \
145 canmount true false \
155 aclinherit true false \
165 if is_global_zone
; then
166 typeset
-i n
=${#perms[@]}
167 perms
[((n
))]="sharenfs"; perms
[((n
+1))]="true"; perms
[((n
+2))]="false"
168 perms
[((n
+3))]="share"; perms
[((n
+4))]="true"; perms
[((n
+5))]="false"
172 for dtst
in $DATASETS; do
174 typeset
type=$
(get_prop
type $dtst)
175 [[ $type == "volume" ]] && k
=2
178 while (( i
< ${#perms[@]} )); do
179 log_must zfs allow
$STAFF1 ${perms[$i]} $dtst
181 if [[ ${perms[((i+k))]} == "true" ]]; then
182 log_must verify_perm
$dtst ${perms[$i]} $STAFF1
184 log_must verify_noperm
$dtst ${perms[$i]} $STAFF1
187 log_must restore_root_datasets
193 log_pass
"Verify privileged user has correct permissions " \
194 "in datasets passed."