#!/bin/bash ############################################################## # # Copyright (c) International Business Machines Corp., 2003 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See # the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, # # FILE : tacl_xattr.sh # USAGE : ./tacl_xattr.sh # # DESCRIPTION : A script that will test ACL and Extend Attribute on Linux system. # REQUIREMENTS: # 1) Kernel with loop device support # 2) A spare (scratch) disk partition of 100MB or larger. # 3) Kernel with ACL and Extend Attribute function support # # HISTORY : # 10/23/2003 Kai Zhao (ltcd3@cn.ibm.com) # 07/06/2004 Jacky Malcles enable ext3 & clean users home dir. # # CODE COVERAGE: # 76.3% - fs/posix_acl.c # 80.9% - xattr_acl.c # 73.0% - xattr.c # ############################################################## CUR_PATH="" CONTENT="" RES="" USER_PERMISSION="" GROUP_PERMISSION="" OTHER_PERMISSION="" ITEM_OWNER="" ITEM_GROUP="" ################################################################ # # Make sure that uid=root is running this script. # Make sure that loop device is built into the kernel # Make sure that ACL(Access Control List) and Extended Attribute are # built into the kernel # ################################################################ if [ $UID != 0 ] then echo "FAILED: Must have root access to execute this script" exit 1 fi ################################################################# # # Prepare Ext2 file system for ACL and Extended Attribute test # Make some directory , file and symlink for the test # Add three users for the test # ################################################################# if [ ! -e tacl ] then mkdir -m 777 tacl else echo "FAILED: Directory tacl are exist" exit 1 fi dd if=/dev/zero of=tacl/blkext2 bs=1k count=10240 chmod 777 tacl/blkext2 losetup /dev/loop0 tacl/blkext2 >/dev/null 2>&1 if [ $? != 0 ] then printf "\nFAILED: [ losetup ] Must have loop device support by kernel\n" printf "\t to execute this script\n" exit 1 fi mount | grep ext2 if [ $? != 0 ] then mkfs -t ext3 /dev/loop0 mkdir -m 777 tacl/mount-ext2 mount -t ext3 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2 if [ $? != 0 ] then printf "\nFAILED: [ mount ] Make sure that ACL (Access Control List)\n" printf "\t and Extended Attribute are built into the kernel\n" printf "\t Can not mount ext2 file system with acl and user_xattr options\n" exit 1 fi else mkfs -t ext2 /dev/loop0 mkdir -m 777 tacl/mount-ext2 mount -t ext2 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2 if [ $? != 0 ] then printf "\nFAILED: [ mount ] Make sure that ACL (Access Control List)\n" printf "\t and Extended Attribute are built into the kernel\n" printf "\t Can not mount ext2 file system with acl and user_xattr options\n" exit 1 fi fi chmod 777 tacl/mount-ext2 useradd -d `pwd`/tacl/tacluser1 tacluser1 useradd -d `pwd`/tacl/tacluser2 tacluser2 useradd -d `pwd`/tacl/tacluser3 tacluser3 useradd -d `pwd`/tacl/tacluser4 tacluser4 if [ ! -e tacl/mount-ext2/shared ] then mkdir -p -m 777 tacl/mount-ext2/shared fi CUR_PATH=`pwd` su - tacluser1 << TACL_USER1 mkdir $CUR_PATH/tacl/mount-ext2/shared/team1 touch $CUR_PATH/tacl/mount-ext2/shared/team1/file1 cd $CUR_PATH/tacl/mount-ext2/shared/team1 ln -sf file1 symlinkfile1 cd $CUR_PATH cd $CUR_PATH/tacl/mount-ext2/shared ln -sf team1 symlinkdir1 cd $CUR_PATH TACL_USER1 su - tacluser2 << TACL_USER2 mkdir $CUR_PATH/tacl/mount-ext2/shared/team2 touch $CUR_PATH/tacl/mount-ext2/shared/team2/file1 cd $CUR_PATH/tacl/mount-ext2/shared/team2 ln -sf file1 symlinkfile1 cd $CUR_PATH cd $CUR_PATH/tacl/mount-ext2/shared ln -sf team2 symlinkdir2 cd $CUR_PATH TACL_USER2 ############################################################################################# # # The permissions bit limit user's act # lrwxrwxrwx 1 tacluser1 tacluser1 5 Jun 23 13:39 symlinkdir1 -> team1 # lrwxrwxrwx 1 tacluser2 tacluser2 5 Jun 23 13:39 symlinkdir2 -> team2 # dr-x------ 2 tacluser1 tacluser1 1024 Jun 23 13:39 team1 # drwxrwxr-x 2 tacluser2 tacluser2 1024 Jun 23 13:39 team2 # ############################################################################################# chmod 500 tacl/mount-ext2/shared/team1 su - tacluser1 << TACL_USER1 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ] then printf "\nFAILED: [ touch ] Create file must be denied by file permission bits\n" printf "\t [ Physical Directory ]\n" else printf "\nSUCCESS: Create file denied by file permission bits [ Physical directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ] then printf "\nFAILED: [ touch ] Create file must be denied by file permission bits\n" printf "\t [ Symlink Directory ]\n" else printf "\nSUCCESS: Create file denied by file permission bits [ Symlink directory ]\n" fi TACL_USER1 ################################################################# # # ACL_USER_OBJ are a superset of the permissions specified # by the file permission bits. # The effective user ID of the process matches the user ID of # the file object owner. # Owner's act are based ACL_USER_OBJ # ################################################################# setfacl -m u::rx tacl/mount-ext2/shared/team1 su - tacluser1 << TACL_USER1 cd $CUR_PATH/tacl/mount-ext2/shared/team1/ 2> /dev/null if [ $? != 0 ] then printf "\nFAILED: [ touch ] ACL_USER_OBJ entry already contains the owner execute\n" printf "\t permissions, but operation failed [ Physical Directory ]\n" else printf "\nSUCCESS: ACL_USER_OBJ entry contains the owner execute permissions,\n" printf "\t operation success [ Physical Directory ]\n" fi cd $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/ 2> /dev/null if [ $? != 0 ] then printf "\nFAILED: [ touch ] ACL_USER_OBJ entry already contains the owner execute\n" printf "\t permissions, but operation failed [ Symlink Directory ]\n" else printf "\nSUCCESS: ACL_USER_OBJ entry contains the owner execute permissions,\n" printf "\t operation success [ Symlink Directory ]\n" fi TACL_USER1 setfacl -m u::rwx tacl/mount-ext2/shared/team1 su - tacluser1 << TACL_USER1 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ] then printf "\nFAILED: [ touch ] ACL_USER_OBJ entry already contains the owner write \n" printf "\t permissions, but operation failed [ Physical Directory ]\n" else printf "\nSUCCESS: ACL_USER_OBJ entry contains the owner write permissions,\n" printf "\t operation success [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ] then printf "\nFAILED: [ touch ] ACL_USER_OBJ entry already contains the owner write \n" printf "\t permissions, but operation failed [ Symlink Directory ]\n" else printf "\nSUCCESS: ACL_USER_OBJ entry contains the owner write permissions,\n" printf "\t operation success [ Symlink Directory ]\n" fi TACL_USER1 ################################################################# # # The effective user ID of the process matches the qualifier of # any entry of type ACL_USER # IF the matching ACL_USER entry and the ACL_MASK # entry contain the requested permissions,# access is granted, # ELSE access is denied. # ################################################################# setfacl -m u:tacluser3:rwx tacl/mount-ext2/shared/team1 su - tacluser3 << TACL_USER3 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 ] then printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n" printf "\t operation success [ Physical Directory ]\n" else printf "\nFAILED: ACL_USER entry contains the user permissions,\n" printf "\t but operation denied [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 ] then printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n" printf "\t operation success [ Symlink Directory ]\n" else printf "\nFAILED: ACL_USER entry contains the user permissions,\n" printf "\t but operation denied [ Symlink Directory ]\n" fi TACL_USER3 setfacl -m mask:--- tacl/mount-ext2/shared/team1 su - tacluser3 << TACL_USER3 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 ] then printf "\nFAILED: [ touch ] ACL_USER entry contains the user permissions\n" printf "\t but ACL_MASK are set --- ,\n" printf "\t operation must be denied [ Physical Directory ]\n" else printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n" printf "\t but ACL_MASK are set ___ ,\n" printf "\t operation success [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 ] then printf "\nFAILED: [ touch ] ACL_USER entry contains the user permissions\n" printf "\t but ACL_MASK are set --- ,\n" printf "\t operation must be denied [ Symlink Directory ]\n" else printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n" printf "\t but ACL_MASK are set ___ ,\n" printf "\t operation success [ Symlink Directory ]\n" fi TACL_USER3 ########################################################################################### # # The effective group ID or any of the supplementary group IDs of the process match the # qualifier of the entry of type ACL_GROUP_OBJ, or the qualifier of any entry of type # ACL_GROUP # # IF the ACL contains an ACL_MASK entry, THEN # if the ACL_MASK entry and any of the matching ACL_GROUP_OBJ # or ACL_GROUP entries contain the requested permissions, # access is granted, # # else access is denied. # # ELSE (note that there can be no ACL_GROUP entries without an ACL_MASK entry) # if the ACL_GROUP_OBJ entry contains the requested permis- # sions, access is granted, # # else access is denied. # ########################################################################################### setfacl -m g:tacluser2:rwx tacl/mount-ext2/shared/team1 su - tacluser2 << TACL_USER2 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 ] then printf "\nSUCCESS: ACL_GROUP entry contains the group permissions,\n" printf "\t option success [ Physical Directory ]\n" else printf "\nFAILED: [ touch ] ACL_GROUP entry already contains the group permissions,\n" printf "\t but option success [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 ] then printf "\nSUCCESS: ACL_GROUP entry contains the group permissions,\n" printf "\t option success [ Symlink Directory ]\n" else printf "\nFAILED: [ touch ] ACL_GROUP entry already contains the group permissions,\n" printf "\t but option success [ Symlink Directory ]\n" fi TACL_USER2 setfacl -m mask:--- tacl/mount-ext2/shared/team1 su - tacluser2 << TACL_USER2 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 ] then printf "\nFAILED: [ touch ] ACL_GROUP entry contains the group permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option must no be success [ Physical Directory ]\n" else printf "\nSUCCESS: ACL_GROUP entry already contains the group permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option success [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 ] then printf "\nFAILED: [ touch ] ACL_GROUP entry contains the group permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option must no be success [ Symlink Directory ]\n" else printf "\nSUCCESS: ACL_GROUP entry already contains the group permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option success [ Symlink Directory ]\n" fi TACL_USER2 setfacl -m g::rwx tacl/mount-ext2/shared/team1 usermod -g tacluser1 tacluser2 su - tacluser2 << TACL_USER2 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 ] then printf "\nSUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,\n" printf "\t option success [ Physical Directory ]\n" else printf "\nFAILED: [ touch ] ACL_GROUP_OBJ entry already contains the group owner,\n" printf "\t but option denied [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 ] then printf "\nSUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,\n" printf "\t option success [ Symlink Directory ]\n" else printf "\nFAILED: [ touch ] ACL_GROUP_OBJ entry already contains the group owner,\n" printf "\t but option denied [ Symlink Directory ]\n" fi TACL_USER2 setfacl -m mask:--- tacl/mount-ext2/shared/team1 su - tacluser2 << TACL_USER2 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 ] then printf "\nFAILED: [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option must no be success [ Physical Directory ]\n" else printf "\nSUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option success [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 ] then printf "\nFAILED: [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option must no be success [ Symlink Directory ]\n" else printf "\nSUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions\n" printf "\t and ACL_MASK entry are set ---,\n" printf "\t option success [ Symlink Directory ]\n" fi TACL_USER2 usermod -g tacluser2 tacluser2 ################################################################################### # # IF the ACL_OTHER entry contains the requested permissions, access is granted # ################################################################################### setfacl -m o::rwx tacl/mount-ext2/shared/team1 su - tacluser4 << TACL_USER4 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 ] then printf "\nSUCCESS: ACL_OTHER entry contains the user permissions,\n" printf "\t operation success [ Physical Directory ]\n" else printf "\nFAILED: ACL_OTHER entry contains the user permissions,\n" printf "\t but operation denied [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 ] then printf "\nSUCCESS: ACL_OTHER entry contains the user permissions,\n" printf "\t operation success [ Symlink Directory ]\n" else printf "\nFAILED: ACL_OTHER entry contains the user permissions,\n" printf "\t but operation denied [ Symlink Directory ]\n" fi TACL_USER4 setfacl -m mask:--- tacl/mount-ext2/shared/team1 su - tacluser4 << TACL_USER4 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 ] then printf "\nSUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]\n" else printf "\nFAILED: ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]\n" fi touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 2> /dev/null if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 ] then printf "\nSUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]\n" else printf "\nFAILED: ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]\n" fi TACL_USER4 ############################################################################ # # OBJECT CREATION AND DEFAULT ACLs # The new object inherits the default ACL of the containing directory as its access ACL. # ############################################################################ rm -f tacl/mount-ext2/shared/team1/newfil* # # Test ACL_USER_OBJ default ACLs # setfacl -m d:u::r -m d:g::r -m d:o::r tacl/mount-ext2/shared/team1 su - tacluser1 << TACL_USER1 MASK=`umask` umask 0 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 umask $MASK > /dev/null TACL_USER1 CONTENT="" CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile1` RES=`echo $CONTENT | grep ".r--r--r--" | awk '{print $1}'` if [ $RES != "" ] then printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n" else printf "\nFAILED: With default ACLs set, new file permission set not correct\n" fi # # Test ACL_USER and ACL_GROUP defaults ACLs # setfacl -m d:u:tacluser3:rw -m d:g:tacluser3:rw tacl/mount-ext2/shared/team1 su - tacluser3 << TACL_USER3 MASK=`umask` umask 0 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 umask $MASK > /dev/null TACL_USER3 CONTENT="" CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile2` RES=`echo $CONTENT | grep ".r--rw-r--" | awk '{print $1}'` if [ $RES != "" ] then printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n" else printf "\nFAILED: With default ACLs set, new file permission set not correct\n" fi # # Test ACL_GROUP default ACLs # setfacl -m d:u::rwx -m d:g::rwx -m d:o::rwx tacl/mount-ext2/shared/team1 su - tacluser3 << TACL_USER3 MASK=`umask` umask 0 touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 umask $MASK > /dev/null TACL_USER3 CONTENT="" CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile3` RES=`echo $CONTENT | grep ".rw-rw-rw-" | awk '{print \$1}'` if [ $RES != "" ] then printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n" else printf "\nFAILED: With default ACLs set, new file permission set not correct\n" fi ################################################################################# # # Chmod also change ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER permissions # ################################################################################# su - tacluser3 << TACL_USER3 MASK=`umask` umask 0 chmod 777 $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 umask $MASK > /dev/null TACL_USER3 CONTENT="" CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile3` USER_PERMISSION=`echo $CONTENT | awk '{print \$10}'` GROUP_PERMISSION=`echo $CONTENT | awk '{print \$12}'` OTHER_PERMISSION=`echo $CONTENT | awk '{print \$15}'` if [ $USER_PERMISSION = "user::rwx" ] then if [ $GROUP_PERMISSION = "group::rwx" ] then if [ $OTHER_PERMISSION = "other::rwx" ] then printf "\nSUCCESS: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are correct\n" else printf "\nFAILED: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n" fi else printf "\nFAILED: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n" fi else printf "\nFAILED: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n" fi ##################################################################################### # # Chown only change object owner and group # ##################################################################################### chown tacluser2.tacluser2 tacl/mount-ext2/shared/team1/newfile2 CONTENT="" CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile2` ITEM_OWNER=`echo $CONTENT | awk '{print \$6}'` ITEM_GROUP=`echo $CONTENT | awk '{print \$9}'` if [ $ITEM_OWNER = "tacluser2" ] then if [ $ITEM_GROUP = "tacluser2" ] then printf "\nSUCCESS: Chown correct\n" else printf "\nFAILED: Chown are not correct\n" fi else echo "FAILED: Chown are not correct" fi ##################################################### # # Test ACLs backup and restore # ##################################################### getfacl -RL tacl/mount-ext2/ > tacl/tmp1 setfacl -m u::--- -m g::--- -m o::--- tacl/mount-ext2/shared/team1 setfacl --restore tacl/tmp1 getfacl -RL tacl/mount-ext2/ > tacl/tmp2 if [ `diff tacl/tmp1 tacl/tmp2` ] then printf "\nFAILED: ACLs backup and restore are not correct\n" else printf "\nSUCCESS: ACLs backup and restore are correct\n" fi printf "\n\tEnd ACLs Test\n" ##################################################### # # Now begin Extend Attribute test # ##################################################### printf "\nNow begin Extend Attribute Test\n" # dir printf "\nAttach name:value pair to object dir\n\n" attr -s attrname1 -V attrvalue1 tacl/mount-ext2/shared/team2 if [ $? != 0 ] then echo "FAILED: Attach name:value pair to object dir" fi #file echo echo "Attach name:value pair to object file " echo "" attr -s attrname2 -V attrvalue2 tacl/mount-ext2/shared/team2/file1 if [ $? != 0 ] then echo "FAILED: Attach name:value pair to object file" fi #symlink file echo echo "Attach name:value pair to object symlink file" echo "" attr -s attrname3 -V attrvalue3 tacl/mount-ext2/shared/team2/symlinkfile1 if [ $? != 0 ] then echo "INFO: Can't attach name:value pair to object symlink file" fi echo "" ls -lRt tacl/mount-ext2/shared/team2 echo echo "get extended attributes of filesystem objects" echo "" echo "Dump the values" getfattr -d tacl/mount-ext2/shared/team2 if [ $? != 0 ] then echo "FAILED: getfattr: Dump the values" fi echo "Recursively dump the values" getfattr -dR tacl/mount-ext2/* if [ $? != 0 ] then echo "FAILED: getfattr: Recursively Dump the values" fi echo "Do not follow symlinks." echo "but extended user attributes are disallowed for symbolic links" getfattr -h --no-dereference tacl/mount-ext2/shared/team2/symlinkfile1 if [ $? != 0 ] then echo "FAILED: getfattr: Do not follow symlinks." fi echo echo "Logical walk, follow symbolic links" getfattr -L tacl/mount-ext2/shared/team2/* if [ $? != 0 ] then echo "FAILED: getfattr: Logical walk" fi echo "Physical walk, skip all symbolic links" getfattr -P tacl/mount-ext2/shared/team2/* if [ $? != 0 ] then echo "FAILED: getfattr: Physical walk" fi echo "attr -g to search the named object" attr -g attrname1 tacl/mount-ext2/shared/team2 if [ $? != 0 ] then echo "FAILED: attr: to search the named object" fi echo echo "attr -r to remove the named object" attr -r attrname2 tacl/mount-ext2/shared/team2/file1 if [ $? != 0 ] then echo "FAILED: attr: to remove the named object" fi ################################# # # Backup and Restore # ################################# getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea setfattr -h --restore=tacl/backup.ea getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea1 if [ `diff tacl/backup.ea1 tacl/backup.ea` ] then printf "\nFAILED: EAs backup and restore are not correct\n" else printf "\nSUCCESS: EAs backup and restore are correct\n" fi printf "\n\tEnd EAs Test\n" ##################################################### # # Clean up # ##################################################### userdel tacluser1 userdel tacluser2 userdel tacluser3 userdel tacluser4 umount -d tacl/mount-ext2 rm -rf tacl