#!/bin/bash # this script tests fperm and dperm configuration options . `dirname $0`/../testenv.sh CONFDIR=$TESTDIR/tools/cgconfigparser/cgconfigparser_conf_files # permissions test function check_perm() { STEP=$1 FILENAME=$2 EXPECTED_PERM=$3 EXPECTED_UID=$4 EXPECTED_GID=$5 REAL_PERM=`stat -c "%a" $FILENAME` REAL_UID=`stat -c "%U" $FILENAME` REAL_GID=`stat -c "%G" $FILENAME` if [ "$EXPECTED_PERM" != "$REAL_PERM" ]; then die "$STEP: Wrong permissions of $FILENAME,"\ " expected $EXPECTED_PERM, actual $REAL_PERM" fi if [ "$EXPECTED_UID" != "$REAL_UID" ]; then die "$STEP: Wrong uid of $FILENAME,"\ " expected $EXPECTED_UID, actual $REAL_UID" fi if [ "$EXPECTED_GID" != "$REAL_GID" ]; then die "$STEP: Wrong gid of $FILENAME,"\ " expected $EXPECTED_GID, actual $REAL_GID" fi } # all mount points are in /$TMP/cgroups mkdir /$TMP/cgroups/ 2>/dev/null # STEP1: simple config file without default section $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions.conf` || \ die "STEP1: cgconfigparser -l $CONFDIR/permissions.conf failed" check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www" 770 root root check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 666 root root check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www/tasks" 640 root nobody check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root nobody $TOOLSDIR/cgclear || die "STEP1: cgclear failed" # STEP2: config file with one default section $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default1.conf` || \ die "STEP2: cgconfigparser -l $CONFDIR/permissions_default1.conf failed" check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www/tasks" 646 nobody nobody check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody $TOOLSDIR/cgclear || die "cgclear failed" # STEP3: config file with two default sections - the last wins $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default2.conf` || \ die "STEP3: cgconfigparser -l $CONFDIR/permissions_default2.conf failed" check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www/tasks" 646 nobody nobody check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody $TOOLSDIR/cgclear || die "cgclear failed" # STEP4: config file with one default section, now with SUID and SGID bits $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default3.conf` || \ die "STEP4: cgconfigparser -l $CONFDIR/permissions_default3.conf failed" check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www" 2757 nobody nobody check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 7646 nobody nobody check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www/tasks" 1646 nobody nobody check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh" 2757 root nobody check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody $TOOLSDIR/cgclear || die "cgclear failed" # STEP5: config file without default section, but with -a -t params $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 757 -f 757 || \ die "STEP5: cgconfigparser -l $CONFDIR/permissions_default4.conf failed" check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody $TOOLSDIR/cgclear || die "cgclear failed" # STEP6: config file without default section, but with -a -t params and sticky bit $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 2757 -f 7757 || \ die "STEP6: cgconfigparser -l $CONFDIR/permissions_default4.conf failed" check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/www" 2757 nobody nobody check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 7646 nobody nobody check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ssh" 2757 root nobody check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody $TOOLSDIR/cgclear || die "cgclear failed" # STEP7: config file without default section, but with only -d params (=-f is taken from umask) $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 757 || \ die "STEP7: cgconfigparser -l $CONFDIR/permissions_default4.conf failed" check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 644 nobody nobody check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody $TOOLSDIR/cgclear || die "cgclear failed" # STEP8: config file without default section, but with -f, -d and -t $TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 757 -f 757 -s 7247 || \ die "STEP8: cgconfigparser -l $CONFDIR/permissions_default4.conf failed" check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/www/tasks" 7246 nobody nobody check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody $TOOLSDIR/cgclear || die "cgclear failed" cleanup exit 0