1 Pretty comprehensive ACL tests.
3 This must be run on a filesystem with ACL support. Also, you will need
4 two dummy users (bin and daemon) and a dummy group (daemon).
9 Only change a base ACL:
10 $ lfs lsetfacl -m u::r f
11 $ lfs lsetfacl -m u::rw,u:bin:rw f
12 $ lfs ls -dl f | awk '{print $1}'
15 $ lfs lgetfacl --omit-header f
26 $ lfs lsetfacl -m u:bin:rw f
27 $ lfs ls -dl f | awk '{print $1}'
30 $ lfs lgetfacl --omit-header f
41 $ lfs lsetfacl -m u:bin:rwx d
42 $ lfs ls -dl d | awk '{print $1}'
45 $ lfs lgetfacl --omit-header d
56 $ lfs lsetfacl -m u:bin:rwx d
57 $ lfs ls -dl d | awk '{print $1}'
60 $ lfs lgetfacl --omit-header d
75 $ lfs lsetfacl -m u:bin:rw,u:daemon:r f
76 $ lfs ls -dl f | awk '{print $1}'
79 $ lfs lgetfacl --omit-header f
90 $ lfs lsetfacl -m g:users:rw,g:daemon:r f
91 $ lfs ls -dl f | awk '{print $1}'
94 $ lfs lgetfacl --omit-header f
107 $ lfs lsetfacl -x g:users f
108 $ lfs ls -dl f | awk '{print $1}'
111 $ lfs lgetfacl --omit-header f
123 $ lfs lsetfacl -x u:daemon f
124 $ lfs ls -dl f | awk '{print $1}'
127 $ lfs lgetfacl --omit-header f
142 $ lfs lsetfacl -m u:bin:rwx,u:daemon:rw,d:u:bin:rwx,d:m:rx d
143 $ lfs ls -dl d | awk '{print $1}'
146 $ lfs lgetfacl --omit-header d
154 > default:user:bin:rwx #effective:r-x
164 $ lfs ls -dl d/f | awk '{print $1}'
167 $ lfs lgetfacl --omit-header d/f
169 > user:bin:rwx #effective:r--
170 > group::r-x #effective:r--
178 $ lfs ls -dl d/f | awk '{print $1}'
181 $ lfs lgetfacl --omit-header d/f
183 > user:bin:rwx #effective:r--
184 > group::r-x #effective:r--
195 $ lfs ls -dl d/d | awk '{print $1}'
198 $ lfs lgetfacl --omit-header d/d
200 > user:bin:rwx #effective:r-x
205 > default:user:bin:rwx #effective:r-x
214 $ lfs ls -dl d/d | awk '{print $1}'
217 $ lfs lgetfacl --omit-header d/d
219 > user:bin:rwx #effective:r-x
224 > default:user:bin:rwx #effective:r-x
230 Add some users and groups
232 $ lfs lsetfacl -nm u:daemon:rx,d:u:daemon:rx,g:users:rx,g:daemon:rwx d/d
233 $ lfs ls -dl d/d | awk '{print $1}'
236 $ lfs lgetfacl --omit-header d/d
238 > user:bin:rwx #effective:r-x
241 > group:daemon:rwx #effective:r-x
246 > default:user:bin:rwx #effective:r-x
247 > default:user:daemon:r-x
253 Symlink in directory with default ACL?
256 $ lfs ls -dl d/l | awk '{print $1}'
259 $ lfs ls -dl -L d/l | awk '{print $1}'
262 $ lfs lgetfacl --omit-header d/l
264 > user:bin:rwx #effective:r-x
267 > group:daemon:rwx #effective:r-x
272 > default:user:bin:rwx #effective:r-x
273 > default:user:daemon:r-x
281 Does mask manipulation work?
283 $ lfs lsetfacl -m g:daemon:rx,u:bin:rx d/d
284 $ lfs ls -dl d/d | awk '{print $1}'
287 $ lfs lgetfacl --omit-header d/d
297 > default:user:bin:rwx #effective:r-x
298 > default:user:daemon:r-x
304 $ lfs lsetfacl -m d:u:bin:rwx d/d
305 $ lfs ls -dl d/d | awk '{print $1}'
308 $ lfs lgetfacl --omit-header d/d
318 > default:user:bin:rwx
319 > default:user:daemon:r-x
327 Remove the default ACL
330 $ lfs ls -dl d | awk '{print $1}'
333 $ lfs lgetfacl --omit-header d
342 Reset to base entries
345 $ lfs ls -dl d | awk '{print $1}'
348 $ lfs lgetfacl --omit-header d
354 Now, chmod should change the group_obj entry
357 $ lfs ls -dl d | awk '{print $1}'
360 $ lfs lgetfacl --omit-header d
369 $ lfs lsetfacl -m u:daemon:rwx,u:bin:rx,d:u:daemon:rwx,d:u:bin:rx d
370 $ lfs ls -dl d | awk '{print $1}'
373 $ lfs lgetfacl --omit-header d
381 > default:user:bin:r-x
382 > default:user:daemon:rwx
389 $ lfs ls -dl d | awk '{print $1}'
392 $ lfs lgetfacl --omit-header d
395 > user:daemon:rwx #effective:r-x
396 > group::rwx #effective:r-x
400 > default:user:bin:r-x
401 > default:user:daemon:rwx
408 $ lfs ls -dl d | awk '{print $1}'
411 $ lfs lgetfacl --omit-header d
414 > user:daemon:rwx #effective:r-x
415 > group::rwx #effective:r-x
419 > default:user:bin:r-x
420 > default:user:daemon:rwx