Pretty comprehensive ACL tests.
 
This must be run on a filesystem with ACL support. Also, you will need
two dummy users (bin and daemon) and a dummy group (daemon).
 
	$ umask 027
	$ touch f
	  
Only change a base ACL:
	$ lfs lsetfacl -m u::r f
	$ lfs lsetfacl -m u::rw,u:bin:rw f
	$ lfs ls -dl f | awk '{print $1}'
	> -rw-rw----+
	
	$ lfs lgetfacl --omit-header f
	> user::rw-
	> user:bin:rw-
	> group::r--
	> mask::rw-
	> other::---
	> 

	$ rm f
	$ umask 022
	$ touch f
	$ lfs lsetfacl -m u:bin:rw f
	$ lfs ls -dl f | awk '{print $1}'
	> -rw-rw-r--+

	$ lfs lgetfacl --omit-header f
	> user::rw-
	> user:bin:rw-
	> group::r--
	> mask::rw-
	> other::r--
	> 

	$rm f
	$ umask 027
	$ mkdir d
	$ lfs lsetfacl -m u:bin:rwx d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxrwx---+

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> user:bin:rwx
	> group::r-x
	> mask::rwx
	> other::---
	> 

	$ rmdir d
	$ umask 022
	$ mkdir d
	$ lfs lsetfacl -m u:bin:rwx d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxrwxr-x+

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> user:bin:rwx
	> group::r-x
	> mask::rwx
	> other::r-x
	> 

	$ rmdir d
	 

Multiple users
	 
	$ umask 022
	$ touch f
	$ lfs lsetfacl -m u:bin:rw,u:daemon:r f
	$ lfs ls -dl f | awk '{print $1}'
	> -rw-rw-r--+

	$ lfs lgetfacl --omit-header f
	> user::rw-
	> user:bin:rw-
	> user:daemon:r--
	> group::r--
	> mask::rw-
	> other::r--
	> 
	 
Multiple groups
	 
	$ lfs lsetfacl -m g:users:rw,g:daemon:r f
	$ lfs ls -dl f | awk '{print $1}'
	> -rw-rw-r--+

	$ lfs lgetfacl --omit-header f
	> user::rw-
	> user:bin:rw-
	> user:daemon:r--
	> group::r--
	> group:daemon:r--
	> group:users:rw-
	> mask::rw-
	> other::r--
	> 
	 
Remove one group
	 
	$ lfs lsetfacl -x g:users f
	$ lfs ls -dl f | awk '{print $1}'
	> -rw-rw-r--+

	$ lfs lgetfacl --omit-header f
	> user::rw-
	> user:bin:rw-
	> user:daemon:r--
	> group::r--
	> group:daemon:r--
	> mask::rw-
	> other::r--
	> 
	 
Remove one user
	 
	$ lfs lsetfacl -x u:daemon f
	$ lfs ls -dl f | awk '{print $1}'
	> -rw-rw-r--+

	$ lfs lgetfacl --omit-header f
	> user::rw-
	> user:bin:rw-
	> group::r--
	> group:daemon:r--
	> mask::rw-
	> other::r--
	> 

	$ rm f
	 
Default ACL
	 
	$ umask 027
	$ mkdir d
	$ lfs lsetfacl -m u:bin:rwx,u:daemon:rw,d:u:bin:rwx,d:m:rx d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxrwx---+

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> user:bin:rwx
	> user:daemon:rw-
	> group::r-x
	> mask::rwx
	> other::---
	> default:user::rwx
	> default:user:bin:rwx	#effective:r-x
	> default:group::r-x
	> default:mask::r-x
	> default:other::---
	> 
	 
Umask now ignored?
 
	$ umask 027
	$ touch d/f
	$ lfs ls -dl d/f | awk '{print $1}'
	> -rw-r-----+

	$ lfs lgetfacl --omit-header d/f
	> user::rw-
	> user:bin:rwx	#effective:r--
	> group::r-x	#effective:r--
	> mask::r--
	> other::---
	> 

	$ rm d/f
	$ umask 022
	$ touch d/f
	$ lfs ls -dl d/f | awk '{print $1}'
	> -rw-r-----+

	$ lfs lgetfacl --omit-header d/f
	> user::rw-
	> user:bin:rwx	#effective:r--
	> group::r-x	#effective:r--
	> mask::r--
	> other::---
	> 

	$ rm d/f
	 
Default ACL copying
 
	$ umask 000
	$ mkdir d/d
	$ lfs ls -dl d/d | awk '{print $1}'
	> drwxr-x---+

	$ lfs lgetfacl --omit-header d/d
	> user::rwx
	> user:bin:rwx	#effective:r-x
	> group::r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:rwx	#effective:r-x
	> default:group::r-x
	> default:mask::r-x
	> default:other::---
	> 

	$ rmdir d/d
	$ umask 022
	$ mkdir d/d
	$ lfs ls -dl d/d | awk '{print $1}'
	> drwxr-x---+

	$ lfs lgetfacl --omit-header d/d
	> user::rwx
	> user:bin:rwx	#effective:r-x
	> group::r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:rwx	#effective:r-x
	> default:group::r-x
	> default:mask::r-x
	> default:other::---
	> 
	 
Add some users and groups
 
	$ lfs lsetfacl -nm u:daemon:rx,d:u:daemon:rx,g:users:rx,g:daemon:rwx d/d
	$ lfs ls -dl d/d | awk '{print $1}'
	> drwxr-x---+

	$ lfs lgetfacl --omit-header d/d
	> user::rwx
	> user:bin:rwx	#effective:r-x
	> user:daemon:r-x
	> group::r-x
	> group:daemon:rwx	#effective:r-x
	> group:users:r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:rwx	#effective:r-x
	> default:user:daemon:r-x
	> default:group::r-x
	> default:mask::r-x
	> default:other::---
	> 
	 
Symlink in directory with default ACL?
	 
	$ ln -s d d/l
	$ lfs ls -dl d/l | awk '{print $1}'
	> lrwxrwxrwx

	$ lfs ls -dl -L d/l | awk '{print $1}'
	> drwxr-x---+

# XXX:there is an issue with getfacl dealing symbol link
#	$ lfs lgetfacl --omit-header d/l
	$ cd d
	$ lfs lgetfacl --omit-header l
	> user::rwx
	> user:bin:rwx	#effective:r-x
	> user:daemon:r-x
	> group::r-x
	> group:daemon:rwx	#effective:r-x
	> group:users:r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:rwx	#effective:r-x
	> default:user:daemon:r-x
	> default:group::r-x
	> default:mask::r-x
	> default:other::---
	> 
# XXX
        $ cd ..

	$ rm d/l
	 
Does mask manipulation work?
	 
	$ lfs lsetfacl -m g:daemon:rx,u:bin:rx d/d
	$ lfs ls -dl d/d | awk '{print $1}'
	> drwxr-x---+

	$ lfs lgetfacl --omit-header d/d
	> user::rwx
	> user:bin:r-x
	> user:daemon:r-x
	> group::r-x
	> group:daemon:r-x
	> group:users:r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:rwx	#effective:r-x
	> default:user:daemon:r-x
	> default:group::r-x
	> default:mask::r-x
	> default:other::---
	> 

	$ lfs lsetfacl -m d:u:bin:rwx d/d
	$ lfs ls -dl d/d | awk '{print $1}'
	> drwxr-x---+

	$ lfs lgetfacl --omit-header d/d
	> user::rwx
	> user:bin:r-x
	> user:daemon:r-x
	> group::r-x
	> group:daemon:r-x
	> group:users:r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:rwx
	> default:user:daemon:r-x
	> default:group::r-x
	> default:mask::rwx
	> default:other::---
	> 

	$ rmdir d/d
	 
Remove the default ACL
	 
	$ lfs lsetfacl -k d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxrwx---+

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> user:bin:rwx
	> user:daemon:rw-
	> group::r-x
	> mask::rwx
	> other::---
	> 
	 
Reset to base entries
	 
	$ lfs lsetfacl -b d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxr-x---

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> group::r-x
	> other::---
	> 
	 
Now, chmod should change the group_obj entry
	 
	$ chmod 775 d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxrwxr-x
	
	$ lfs lgetfacl --omit-header d
	> user::rwx
	> group::rwx
	> other::r-x
	> 

	$ rmdir d
	$ umask 002
	$ mkdir d
	$ lfs lsetfacl -m u:daemon:rwx,u:bin:rx,d:u:daemon:rwx,d:u:bin:rx d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxrwxr-x+

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> user:bin:r-x
	> user:daemon:rwx
	> group::rwx
	> mask::rwx
	> other::r-x
	> default:user::rwx
	> default:user:bin:r-x
	> default:user:daemon:rwx
	> default:group::rwx
	> default:mask::rwx
	> default:other::r-x
	> 

	$ chmod 750 d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxr-x---+

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> user:bin:r-x
	> user:daemon:rwx	#effective:r-x
	> group::rwx	#effective:r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:r-x
	> default:user:daemon:rwx
	> default:group::rwx
	> default:mask::rwx
	> default:other::r-x
	> 

	$ chmod 750 d
	$ lfs ls -dl d | awk '{print $1}'
	> drwxr-x---+

	$ lfs lgetfacl --omit-header d
	> user::rwx
	> user:bin:r-x
	> user:daemon:rwx	#effective:r-x
	> group::rwx	#effective:r-x
	> mask::r-x
	> other::---
	> default:user::rwx
	> default:user:bin:r-x
	> default:user:daemon:rwx
	> default:group::rwx
	> default:mask::rwx
	> default:other::r-x
	> 

	$ rmdir d