Bash程序  |  808行  |  24.1 KB

#!/bin/bash
##############################################################
#
#  Copyright (c) International Business Machines  Corp., 2003
#
#  This program is free software;  you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY;  without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
#  the GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program;  if not, write to the Free Software
#  Foundation,
#
#  FILE        : tacl_xattr.sh
#  USAGE       : ./tacl_xattr.sh
#
#  DESCRIPTION : A script that will test ACL and Extend Attribute on Linux system.
#  REQUIREMENTS:
#                1) Kernel with loop device support
#                2) A spare (scratch) disk partition of 100MB or larger.
#                3) Kernel with ACL and Extend Attribute function support
#
#  HISTORY     :
#      10/23/2003 Kai Zhao (ltcd3@cn.ibm.com)
#      07/06/2004 Jacky Malcles enable ext3 & clean users home dir.
#
#  CODE COVERAGE:
#                 76.3% - fs/posix_acl.c
#                 80.9% - xattr_acl.c
#                 73.0% - xattr.c
#
##############################################################

CUR_PATH=""
CONTENT=""
RES=""
USER_PERMISSION=""
GROUP_PERMISSION=""
OTHER_PERMISSION=""
ITEM_OWNER=""
ITEM_GROUP=""

################################################################
#
# Make sure that uid=root is running this script.
# Make sure that loop device is built into the kernel
# Make sure that ACL(Access Control List) and Extended Attribute are
#     built into the kernel
#
################################################################

if [ $UID != 0 ]
then
	echo "FAILED: Must have root access to execute this script"
	exit 1
fi

#################################################################
#
# Prepare Ext2 file system for ACL and Extended Attribute test
# Make some directory , file and symlink for the test
# Add three users for the test
#
#################################################################

if [ ! -e tacl ]
then
	mkdir -m 777 tacl
else
	echo "FAILED: Directory tacl are exist"
	exit 1
fi

dd if=/dev/zero of=tacl/blkext2 bs=1k count=10240
chmod 777 tacl/blkext2

losetup /dev/loop0 tacl/blkext2 >/dev/null 2>&1
if [ $? != 0 ]
then
	printf "\nFAILED:  [ losetup ] Must have loop device support by kernel\n"
	printf "\t to execute this script\n"
	exit 1
fi

mount | grep ext2
if [ $? != 0 ]
then
	mkfs -t ext3 /dev/loop0
	mkdir  -m 777 tacl/mount-ext2
	mount -t ext3 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2
	if [ $? != 0 ]
	then
		printf "\nFAILED:  [ mount ] Make sure that ACL (Access Control List)\n"
		printf "\t and Extended Attribute are built into the kernel\n"
		printf "\t Can not mount ext2 file system with acl and user_xattr options\n"
		exit 1
	fi

else
	mkfs -t ext2 /dev/loop0
	mkdir  -m 777 tacl/mount-ext2
	mount -t ext2 -o defaults,acl,user_xattr /dev/loop0 tacl/mount-ext2
	if [ $? != 0 ]
	then
		printf "\nFAILED:  [ mount ] Make sure that ACL (Access Control List)\n"
		printf "\t and Extended Attribute are built into the kernel\n"
		printf "\t Can not mount ext2 file system with acl and user_xattr options\n"
		exit 1
	fi
fi

chmod 777 tacl/mount-ext2

useradd -d `pwd`/tacl/tacluser1 tacluser1
useradd -d `pwd`/tacl/tacluser2 tacluser2
useradd -d `pwd`/tacl/tacluser3 tacluser3
useradd -d `pwd`/tacl/tacluser4 tacluser4

if [ ! -e tacl/mount-ext2/shared ]
then
	mkdir -p -m 777 tacl/mount-ext2/shared
fi

CUR_PATH=`pwd`

su - tacluser1 << TACL_USER1

	mkdir $CUR_PATH/tacl/mount-ext2/shared/team1
	touch $CUR_PATH/tacl/mount-ext2/shared/team1/file1

	cd $CUR_PATH/tacl/mount-ext2/shared/team1
	ln -sf file1 symlinkfile1
	cd $CUR_PATH

	cd $CUR_PATH/tacl/mount-ext2/shared
	ln -sf team1 symlinkdir1
	cd $CUR_PATH

TACL_USER1

su - tacluser2 << TACL_USER2

	mkdir $CUR_PATH/tacl/mount-ext2/shared/team2
	touch $CUR_PATH/tacl/mount-ext2/shared/team2/file1

	cd $CUR_PATH/tacl/mount-ext2/shared/team2
	ln -sf file1 symlinkfile1
	cd $CUR_PATH

	cd $CUR_PATH/tacl/mount-ext2/shared
	ln -sf team2 symlinkdir2
	cd $CUR_PATH

TACL_USER2

#############################################################################################
#
#  The permissions bit limit user's act
#  lrwxrwxrwx    1 tacluser1 tacluser1        5 Jun 23 13:39 symlinkdir1 -> team1
#  lrwxrwxrwx    1 tacluser2 tacluser2        5 Jun 23 13:39 symlinkdir2 -> team2
#  dr-x------    2 tacluser1 tacluser1     1024 Jun 23 13:39 team1
#  drwxrwxr-x    2 tacluser2 tacluser2     1024 Jun 23 13:39 team2
#
#############################################################################################

chmod 500 tacl/mount-ext2/shared/team1

su - tacluser1 << TACL_USER1

	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ]
	then
		printf "\nFAILED:  [ touch ] Create file must be denied by file permission bits\n"
		printf "\t [ Physical Directory ]\n"
	else
		printf "\nSUCCESS: Create file denied by file permission bits [ Physical directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ]
	then
		printf "\nFAILED:  [ touch ] Create file must be denied by file permission bits\n"
		printf "\t [ Symlink Directory ]\n"
	else
		printf "\nSUCCESS: Create file denied by file permission bits [ Symlink directory ]\n"
	fi

TACL_USER1

#################################################################
#
# ACL_USER_OBJ are a superset of the permissions specified
#   by the file permission bits.
# The effective user ID of the process matches the user ID of
#   the file object owner.
# Owner's act are based ACL_USER_OBJ
#
#################################################################

setfacl -m u::rx tacl/mount-ext2/shared/team1
su - tacluser1 << TACL_USER1

	cd $CUR_PATH/tacl/mount-ext2/shared/team1/ 2> /dev/null
	if [ $? != 0 ]
	then
		printf "\nFAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner execute\n"
		printf "\t permissions, but operation failed [ Physical Directory ]\n"
	else
		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner execute permissions,\n"
		printf "\t operation success [ Physical Directory ]\n"
	fi

	cd $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/ 2> /dev/null
	if [ $? != 0 ]
	then
		printf "\nFAILED: [ touch ] ACL_USER_OBJ  entry already contains the owner execute\n"
		printf "\t permissions, but operation failed [ Symlink Directory ]\n"
	else
		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner execute permissions,\n"
		printf "\t operation success [ Symlink Directory ]\n"
	fi

TACL_USER1

setfacl -m u::rwx tacl/mount-ext2/shared/team1

su - tacluser1 << TACL_USER1

	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfil1 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1 ]
	then
		printf "\nFAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner write \n"
		printf "\t permissions, but operation failed [ Physical Directory ]\n"
	else
		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner write permissions,\n"
		printf "\t operation success [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfil2 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2 ]
	then
		printf "\nFAILED:  [ touch ] ACL_USER_OBJ  entry already contains the owner write \n"
		printf "\t permissions, but operation failed [ Symlink Directory ]\n"
	else
		printf "\nSUCCESS: ACL_USER_OBJ  entry contains the owner write permissions,\n"
		printf "\t operation success [ Symlink Directory ]\n"
	fi

TACL_USER1

#################################################################
#
# The effective user ID of the process matches the qualifier of
#   any entry of type ACL_USER
# IF  the  matching  ACL_USER entry and the ACL_MASK
#   entry contain the requested permissions,#  access is granted,
#  ELSE access is denied.
#
#################################################################

setfacl -m u:tacluser3:rwx tacl/mount-ext2/shared/team1

su - tacluser3 << TACL_USER3

	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3 ]
	then
		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
		printf "\t operation success [ Physical Directory ]\n"
	else
		printf "\nFAILED:  ACL_USER entry contains the user permissions,\n"
		printf "\t but operation denied [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile4 ]
	then
		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
		printf "\t operation success [ Symlink Directory ]\n"
	else
		printf "\nFAILED:  ACL_USER entry contains the user permissions,\n"
		printf "\t but operation denied [ Symlink Directory ]\n"
	fi

TACL_USER3

setfacl -m mask:--- tacl/mount-ext2/shared/team1

su - tacluser3 << TACL_USER3

	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile5 ]
	then
		printf "\nFAILED:  [ touch ] ACL_USER entry contains the user permissions\n"
		printf "\t but ACL_MASK are set --- ,\n"
		printf "\t operation must be denied [ Physical Directory ]\n"
	else
		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
		printf "\t but ACL_MASK are set ___ ,\n"
		printf "\t operation success [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile6 ]
	then
		printf "\nFAILED:  [ touch ] ACL_USER entry contains the user permissions\n"
		printf "\t but ACL_MASK are set --- ,\n"
		printf "\t operation must be denied [ Symlink Directory ]\n"
	else
		printf "\nSUCCESS: ACL_USER entry contains the user permissions,\n"
		printf "\t but ACL_MASK are set ___ ,\n"
		printf "\t operation success [ Symlink Directory ]\n"
	fi

TACL_USER3

###########################################################################################
#
# The effective group ID or any of the supplementary group IDs of the process match the
#  qualifier of the entry of type ACL_GROUP_OBJ, or the qualifier of any entry of type
#  ACL_GROUP
#
# IF the ACL contains an ACL_MASK entry, THEN
#                 if  the ACL_MASK entry and any of the matching ACL_GROUP_OBJ
#                 or ACL_GROUP  entries  contain  the  requested  permissions,
#                 access is granted,
#
#                 else access is denied.
#
# ELSE  (note  that  there  can be no ACL_GROUP entries without an ACL_MASK entry)
#                 if the ACL_GROUP_OBJ entry contains  the  requested  permis-
#                 sions, access is granted,
#
#                 else access is denied.
#
###########################################################################################

setfacl -m g:tacluser2:rwx tacl/mount-ext2/shared/team1

su - tacluser2 << TACL_USER2
	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile7 ]
	then
		printf "\nSUCCESS: ACL_GROUP entry contains the group permissions,\n"
		printf "\t option success [ Physical Directory ]\n"
	else
		printf "\nFAILED:  [ touch ] ACL_GROUP entry already contains the group permissions,\n"
		printf "\t but option success [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile8 ]
	then
		printf "\nSUCCESS: ACL_GROUP entry contains the group permissions,\n"
		printf "\t option success [ Symlink Directory ]\n"
	else
		printf "\nFAILED:  [ touch ] ACL_GROUP entry already contains the group permissions,\n"
		printf "\t but option success [ Symlink Directory ]\n"
	fi

TACL_USER2

setfacl -m mask:--- tacl/mount-ext2/shared/team1

su - tacluser2 << TACL_USER2
	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile9 ]
	then
		printf "\nFAILED:  [ touch ] ACL_GROUP entry contains the group permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option must no be success [ Physical Directory ]\n"
	else
		printf "\nSUCCESS: ACL_GROUP entry already contains the group permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option success [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile10 ]
	then
		printf "\nFAILED:  [ touch ] ACL_GROUP entry contains the group permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option must no be success [ Symlink Directory ]\n"
	else
		printf "\nSUCCESS: ACL_GROUP entry already contains the group permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option success [ Symlink Directory ]\n"
	fi

TACL_USER2

setfacl -m g::rwx tacl/mount-ext2/shared/team1
usermod -g tacluser1 tacluser2

su - tacluser2 << TACL_USER2

	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile11 ]
	then
		printf "\nSUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,\n"
		printf "\t option success [ Physical Directory ]\n"
	else
		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry already contains the group owner,\n"
		printf "\t but option denied [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile12 ]
	then
		printf "\nSUCCESS: ACL_GROUP_OBJ entry contains the group owner permissions,\n"
		printf "\t option success [ Symlink Directory ]\n"
	else
		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry already contains the group owner,\n"
		printf "\t but option denied [ Symlink Directory ]\n"
	fi

TACL_USER2

setfacl -m mask:--- tacl/mount-ext2/shared/team1

su - tacluser2 << TACL_USER2
	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile13 ]
	then
		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option must no be success [ Physical Directory ]\n"
	else
		printf "\nSUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option success [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile14 ]
	then
		printf "\nFAILED:  [ touch ] ACL_GROUP_OBJ entry contains the group owner permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option must no be success [ Symlink Directory ]\n"
	else
		printf "\nSUCCESS: ACL_GROUP_OBJ entry already contains the group owner permissions\n"
		printf "\t and ACL_MASK entry are set ---,\n"
		printf "\t option success [ Symlink Directory ]\n"
	fi

TACL_USER2

usermod -g tacluser2 tacluser2

###################################################################################
#
# IF the ACL_OTHER entry contains the requested permissions, access is granted
#
###################################################################################

setfacl -m o::rwx tacl/mount-ext2/shared/team1

su - tacluser4 << TACL_USER4

	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile15 ]
	then
		printf "\nSUCCESS: ACL_OTHER entry contains the user permissions,\n"
		printf "\t operation success [ Physical Directory ]\n"
	else
		printf "\nFAILED:  ACL_OTHER entry contains the user permissions,\n"
		printf "\t but operation denied [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile16 ]
	then
		printf "\nSUCCESS: ACL_OTHER entry contains the user permissions,\n"
		printf "\t operation success [ Symlink Directory ]\n"
	else
		printf "\nFAILED:  ACL_OTHER entry contains the user permissions,\n"
		printf "\t but operation denied [ Symlink Directory ]\n"
	fi

TACL_USER4

setfacl -m mask:--- tacl/mount-ext2/shared/team1

su - tacluser4 << TACL_USER4

	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/team1/newfile17 ]
	then
		printf "\nSUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]\n"
	else
		printf "\nFAILED:  ACL_OTHER do not strick by ACL_MASK [ Physical Directory ]\n"
	fi

	touch $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 2> /dev/null
	if [ -e $CUR_PATH/tacl/mount-ext2/shared/symlinkdir1/newfile18 ]
	then
		printf "\nSUCCESS: [ touch ] ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]\n"
	else
		printf "\nFAILED:  ACL_OTHER do not strick by ACL_MASK [ Symlink Directory ]\n"
	fi

TACL_USER4

############################################################################
#
# OBJECT CREATION AND DEFAULT ACLs
# The new object inherits the default ACL of the containing directory as its access ACL.
#
############################################################################

rm -f tacl/mount-ext2/shared/team1/newfil*

#
# Test ACL_USER_OBJ default ACLs
#
setfacl -m d:u::r -m d:g::r -m d:o::r tacl/mount-ext2/shared/team1

su - tacluser1 << TACL_USER1

	MASK=`umask`
	umask 0
	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile1
	umask $MASK > /dev/null

TACL_USER1

CONTENT=""
CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile1`
RES=`echo $CONTENT | grep ".r--r--r--" | awk '{print $1}'`

if [ $RES != "" ]
then
	printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n"
else
	printf "\nFAILED:  With default ACLs set, new file permission set not correct\n"
fi



#
# Test ACL_USER and ACL_GROUP defaults ACLs
#
setfacl -m d:u:tacluser3:rw -m d:g:tacluser3:rw tacl/mount-ext2/shared/team1
su - tacluser3 << TACL_USER3

	MASK=`umask`
	umask 0
	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile2
	umask $MASK > /dev/null

TACL_USER3

CONTENT=""
CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile2`
RES=`echo $CONTENT | grep ".r--rw-r--" | awk '{print $1}'`

if [ $RES != "" ]
then
	printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n"
else
	printf "\nFAILED:  With default ACLs set, new file permission set not correct\n"
fi

#
# Test ACL_GROUP default ACLs
#

setfacl -m d:u::rwx -m d:g::rwx -m d:o::rwx tacl/mount-ext2/shared/team1
su - tacluser3 << TACL_USER3

	MASK=`umask`
	umask 0
	touch $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3
	umask $MASK > /dev/null

TACL_USER3

CONTENT=""
CONTENT=`ls -l tacl/mount-ext2/shared/team1/newfile3`
RES=`echo $CONTENT | grep ".rw-rw-rw-" | awk '{print \$1}'`

if [ $RES != "" ]
then
	printf "\nSUCCESS: With default ACLs set, new file permission set correct.\n"
else
	printf "\nFAILED:  With default ACLs set, new file permission set not correct\n"
fi


#################################################################################
#
# Chmod also change ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER permissions
#
#################################################################################
su - tacluser3 << TACL_USER3
	MASK=`umask`
	umask 0

	chmod 777 $CUR_PATH/tacl/mount-ext2/shared/team1/newfile3
	umask $MASK > /dev/null
TACL_USER3

CONTENT=""
CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile3`

USER_PERMISSION=`echo $CONTENT | awk '{print \$10}'`

GROUP_PERMISSION=`echo $CONTENT | awk '{print \$12}'`
OTHER_PERMISSION=`echo $CONTENT | awk '{print \$15}'`

if [ $USER_PERMISSION = "user::rwx" ]
then
	if [ $GROUP_PERMISSION = "group::rwx" ]
	then
		if [ $OTHER_PERMISSION = "other::rwx" ]
		then
			printf "\nSUCCESS: Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are correct\n"
		else
			printf "\nFAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n"
		fi
	else
		printf "\nFAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n"
	fi
else
	printf "\nFAILED:  Chmod with ACL_USER_OBJ ACL_GROUP_OBJ and ACL_OTHER are not correct\n"
fi


#####################################################################################
#
# Chown only change object owner and group
#
#####################################################################################

chown tacluser2.tacluser2 tacl/mount-ext2/shared/team1/newfile2
CONTENT=""
CONTENT=`getfacl tacl/mount-ext2/shared/team1/newfile2`

ITEM_OWNER=`echo $CONTENT | awk '{print \$6}'`
ITEM_GROUP=`echo $CONTENT | awk '{print \$9}'`

if [ $ITEM_OWNER = "tacluser2" ]
then
	if [ $ITEM_GROUP = "tacluser2" ]
	then
		printf "\nSUCCESS: Chown correct\n"
	else
		printf "\nFAILED:  Chown are not correct\n"
	fi
else
	echo "FAILED:  Chown are not correct"
fi

#####################################################
#
# Test ACLs backup and restore
#
#####################################################

getfacl -RL tacl/mount-ext2/ > tacl/tmp1
setfacl -m u::--- -m g::--- -m o::--- tacl/mount-ext2/shared/team1
setfacl --restore tacl/tmp1
getfacl -RL tacl/mount-ext2/ > tacl/tmp2

if [ `diff tacl/tmp1 tacl/tmp2` ]
then
	printf "\nFAILED:  ACLs backup and restore are not correct\n"
else
	printf "\nSUCCESS: ACLs backup and restore are correct\n"
fi

printf "\n\tEnd ACLs Test\n"

#####################################################
#
# Now begin Extend Attribute test
#
#####################################################

printf "\nNow begin Extend Attribute Test\n"

# dir
printf "\nAttach name:value pair to object dir\n\n"
attr -s attrname1 -V attrvalue1 tacl/mount-ext2/shared/team2
if [ $? != 0 ]
then
	echo "FAILED: Attach name:value pair to object dir"
fi

#file
echo
echo "Attach name:value pair to object file "
echo ""
attr -s attrname2 -V attrvalue2 tacl/mount-ext2/shared/team2/file1
if [ $? != 0 ]
then
	echo "FAILED: Attach name:value pair to object file"
fi

#symlink file
echo
echo "Attach name:value pair to object symlink file"
echo ""
attr -s attrname3 -V attrvalue3 tacl/mount-ext2/shared/team2/symlinkfile1
if [ $? != 0 ]
then
	echo "INFO: Can't attach name:value pair to object symlink file"
fi

echo ""
ls -lRt tacl/mount-ext2/shared/team2

echo
echo "get extended attributes of filesystem objects"
echo ""

echo "Dump the values"
getfattr -d tacl/mount-ext2/shared/team2
if [ $? != 0 ]
then
	echo "FAILED: getfattr: Dump the values"
fi

echo "Recursively dump the values"
getfattr -dR tacl/mount-ext2/*
if [ $? != 0 ]
then
	echo "FAILED: getfattr: Recursively Dump the values"
fi

echo "Do not follow symlinks."
echo "but extended user attributes are disallowed for symbolic links"
getfattr -h --no-dereference tacl/mount-ext2/shared/team2/symlinkfile1
if [ $? != 0 ]
then
        echo "FAILED: getfattr: Do not follow symlinks."
fi
echo

echo "Logical walk, follow symbolic links"
getfattr -L tacl/mount-ext2/shared/team2/*
if [ $? != 0 ]
then
	echo "FAILED: getfattr: Logical walk"
fi

echo "Physical walk, skip all symbolic links"
getfattr -P tacl/mount-ext2/shared/team2/*
if [ $? != 0 ]
then
	echo "FAILED: getfattr: Physical walk"
fi

echo "attr -g to search the named object"
attr -g attrname1 tacl/mount-ext2/shared/team2
if [ $? != 0 ]
then
	echo "FAILED: attr: to search the named object"
fi
echo

echo "attr -r to remove the named object"
attr -r attrname2 tacl/mount-ext2/shared/team2/file1
if [ $? != 0 ]
then
	echo "FAILED: attr: to remove the named object"
fi


#################################
#
# Backup and Restore
#
#################################
getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea
setfattr -h --restore=tacl/backup.ea

getfattr -dhR -m- -e hex tacl/mount-ext2 > tacl/backup.ea1
if [ `diff  tacl/backup.ea1  tacl/backup.ea` ]
then
        printf "\nFAILED:  EAs backup and restore are not correct\n"
else
        printf "\nSUCCESS: EAs backup and restore are correct\n"
fi

printf "\n\tEnd EAs Test\n"



#####################################################
#
# Clean up
#
#####################################################

userdel tacluser1
userdel tacluser2
userdel tacluser3
userdel tacluser4
umount -d tacl/mount-ext2
rm -rf tacl