7290 Wdiff usr/src/test/zfs-tests/tests/functional/privilege/privilege_001_pos.ksh

Print this page

7290 ZFS test suite needs to control what utilities it can run
Reviewed by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>

Split	Close
Expand all
Collapse all

          --- old/usr/src/test/zfs-tests/tests/functional/privilege/privilege_001_pos.ksh
          +++ new/usr/src/test/zfs-tests/tests/functional/privilege/privilege_001_pos.ksh

   1    1  #! /usr/bin/ksh -p
   2    2  #
   3    3  # CDDL HEADER START
   4    4  #
   5    5  # The contents of this file are subject to the terms of the
   6    6  # Common Development and Distribution License (the "License").
   7    7  # You may not use this file except in compliance with the License.
   8    8  #
   9    9  # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10   10  # or http://www.opensolaris.org/os/licensing.
  11   11  # See the License for the specific language governing permissions
  12   12  # and limitations under the License.
  13   13  #
  14   14  # When distributing Covered Code, include this CDDL HEADER in each
  15   15  # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16   16  # If applicable, add the following below this CDDL HEADER, with the
  17   17  # fields enclosed by brackets "[]" replaced with your own identifying
  18   18  # information: Portions Copyright [yyyy] [name of copyright owner]

↓ open down ↓

18 lines elided

↑ open up ↑

  19   19  #
  20   20  # CDDL HEADER END
  21   21  #
  22   22  
  23   23  #
  24   24  # Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  25   25  # Use is subject to license terms.
  26   26  #
  27   27  
  28   28  #
  29      -# Copyright (c) 2013 by Delphix. All rights reserved.
       29 +# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
  30   30  #
  31   31  
  32   32  . $STF_SUITE/include/libtest.shlib
  33   33  
  34   34  #
  35   35  # DESCRIPTION:
  36   36  #
  37   37  # The RBAC profile "ZFS Storage Management" works
  38   38  #
  39   39  # STRATEGY:

  40   40  #       (create)
  41   41  #       1. As a normal user, try to create a pool - which should fail.
  42   42  #       2. Assign "ZFS Storage Management" profile, try to create pool again,
  43   43  #          which should succeed.
  44   44  #
  45   45  #       (works well with other ZFS profile tests)
  46   46  #       3. Attempt to create a ZFS filesystem, which should fail.
  47   47  #       4. Add the "ZFS File System Management" profile, attempt to create a FS
  48   48  #          which should succeed.
  49   49  #
  50   50  #       (destroy)
  51   51  #       5. Remove the FS profile, then attempt to destroy the pool, which

↓ open down ↓

12 lines elided

↑ open up ↑

  52   52  #          should succeed.
  53   53  #       6. Remove the Storage profile, then attempt to recreate the pool, which
  54   54  #          should fail.
  55   55  #
  56   56  
  57   57  # We can only run this in the global zone
  58   58  verify_runnable "global"
  59   59  
  60   60  log_assert "The RBAC profile \"ZFS Storage Management\" works"
  61   61  
  62      -ZFS_USER=$($CAT /tmp/zfs-privs-test-user.txt)
       62 +ZFS_USER=$(cat /tmp/zfs-privs-test-user.txt)
  63   63  
  64   64  # the user shouldn't be able to do anything initially
  65      -log_mustnot $SU $ZFS_USER -c "$ZPOOL create $TESTPOOL $DISKS"
  66      -log_mustnot $SU $ZFS_USER -c "$PFEXEC $ZPOOL create $TESTPOOL $DISKS"
       65 +log_mustnot su $ZFS_USER -c "zpool create $TESTPOOL $DISKS"
       66 +log_mustnot su $ZFS_USER -c "pfexec zpool create $TESTPOOL $DISKS"
  67   67  
  68   68  # the first time we assign the profile, we insist it should work
  69      -log_must $USERMOD -P "ZFS Storage Management" $ZFS_USER
  70      -log_must $SU $ZFS_USER -c "$PFEXEC $ZPOOL create -f $TESTPOOL $DISKS"
       69 +log_must usermod -P "ZFS Storage Management" $ZFS_USER
       70 +log_must su $ZFS_USER -c "pfexec zpool create -f $TESTPOOL $DISKS"
  71   71  
  72   72  # ensure the user can't create a filesystem with this profile
  73      -log_mustnot $SU $ZFS_USER -c "$ZFS create $TESTPOOL/fs"
       73 +log_mustnot su $ZFS_USER -c "zfs create $TESTPOOL/fs"
  74   74  
  75   75  # add ZFS File System Management profile, and try to create a fs
  76      -log_must $USERMOD -P "ZFS File System Management" $ZFS_USER
  77      -log_must $SU $ZFS_USER -c "$PFEXEC $ZFS create $TESTPOOL/fs"
       76 +log_must usermod -P "ZFS File System Management" $ZFS_USER
       77 +log_must su $ZFS_USER -c "pfexec zfs create $TESTPOOL/fs"
  78   78  
  79   79  # revoke File System Management profile
  80      -$USERMOD -P, $ZFS_USER
  81      -$USERMOD -P "ZFS Storage Management" $ZFS_USER
       80 +usermod -P, $ZFS_USER
       81 +usermod -P "ZFS Storage Management" $ZFS_USER
  82   82  
  83   83  # ensure the user can destroy pools
  84      -log_mustnot $SU $ZFS_USER -c "$ZPOOL destroy $TESTPOOL"
  85      -log_must $SU $ZFS_USER -c "$PFEXEC $ZPOOL destroy $TESTPOOL"
       84 +log_mustnot su $ZFS_USER -c "zpool destroy $TESTPOOL"
       85 +log_must su $ZFS_USER -c "pfexec zpool destroy $TESTPOOL"
  86   86  
  87   87  # revoke Storage Management profile
  88      -$USERMOD -P, $ZFS_USER
  89      -log_mustnot $SU $ZFS_USER -c "$PFEXEC $ZPOOL create -f $TESTPOOL $DISKS"
       88 +usermod -P, $ZFS_USER
       89 +log_mustnot su $ZFS_USER -c "pfexec zpool create -f $TESTPOOL $DISKS"
  90   90  
  91   91  log_pass "The RBAC profile \"ZFS Storage Management\" works"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX