nfs4acl/delete.test - pub/scm/linux/kernel/git/dgc/xfstests-dev - Git at Google

 $ mkdir d
 $ cd d

 $ whoami
 > root

 $ id -Gn daemon
 > daemon bin

 $ mkdir n1
 $ touch n1/f

 $ mkdir d2 d3 d4 d5 d6 d7
 $ touch d2/f d3/f d4/f d5/f d6/f d7/f d7/g
 $ chown daemon d2
 $ chgrp bin d3
 $ chmod g+w d3
 $ nfs4acl --set 'daemon:wx::allow' d4
 $ nfs4acl --set 'daemon:d::allow' d5
 $ nfs4acl --set 'daemon:xd::allow' d6
 $ nfs4acl --set 'daemon:D::allow' d7/f d7/g
 $ chmod 664 d7/g

 $ mkdir s2 s3 s4 s5 s6 s7
 $ chmod +t s2 s3 s4 s5 s6 s7
 $ touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g
 $ chown daemon s2
 $ chgrp bin s3
 $ chmod g+w s3
 $ nfs4acl --set 'daemon:wx::allow' s4
 $ nfs4acl --set 'daemon:d::allow' s5
 $ nfs4acl --set 'daemon:xd::allow' s6
 $ nfs4acl --set 'daemon:D::allow' s7/f
 $ nfs4acl --set 'daemon:D::allow' s7/g s7/g
 $ chmod 664 s7/g

 $ su daemon

 Cannot delete files without permissions:
 	$ rm n1/f
 	> rm: cannot remove `n1/f': Permission denied

 Can delete files we own:
 	$ rm d2/f s2/f

 Cannot delete files where we are in the owning group in a non-sticky directory,
 but not in a sticky one:
 	$ rm d3/f s3/f
 	> rm: cannot remove `s3/f': Operation not permitted

 "Write_data/execute" access does not include delete_child access, and so this
 is not enough for deleting:
 	$ rm d4/f s4/f
 	> rm: cannot remove `d4/f': Permission denied
 	> rm: cannot remove `s4/f': Permission denied

 "Delete_child" access alone also is not sufficient:
 	$ rm d5/f s5/f
 	> rm: cannot remove `d5/f': Permission denied
 	> rm: cannot remove `s5/f': Permission denied

 "Execute/delete_child" on the directory does allow that, though, but only in
 a non-sticky directory:
 	$ rm d6/f s6/f
 	> rm: cannot remove `s6/f': Operation not permitted

 "Delete" on the child itself overrides the sticky check as well:
 	$ rm d7/f s7/f

 But Delete is not a subset of POSIX read/write, so chmod turns it off:
 	$ rm d7/g s7/g
 	> rm: cannot remove `d7/g': Permission denied
 	> rm: cannot remove `s7/g': Permission denied

 $ su
 $ cd ..
 $ rm -rf d
	$ mkdir d
	$ cd d

	$ whoami
	> root

	$ id -Gn daemon
	> daemon bin

	$ mkdir n1
	$ touch n1/f

	$ mkdir d2 d3 d4 d5 d6 d7
	$ touch d2/f d3/f d4/f d5/f d6/f d7/f d7/g
	$ chown daemon d2
	$ chgrp bin d3
	$ chmod g+w d3
	$ nfs4acl --set 'daemon:wx::allow' d4
	$ nfs4acl --set 'daemon:d::allow' d5
	$ nfs4acl --set 'daemon:xd::allow' d6
	$ nfs4acl --set 'daemon:D::allow' d7/f d7/g
	$ chmod 664 d7/g

	$ mkdir s2 s3 s4 s5 s6 s7
	$ chmod +t s2 s3 s4 s5 s6 s7
	$ touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g
	$ chown daemon s2
	$ chgrp bin s3
	$ chmod g+w s3
	$ nfs4acl --set 'daemon:wx::allow' s4
	$ nfs4acl --set 'daemon:d::allow' s5
	$ nfs4acl --set 'daemon:xd::allow' s6
	$ nfs4acl --set 'daemon:D::allow' s7/f
	$ nfs4acl --set 'daemon:D::allow' s7/g s7/g
	$ chmod 664 s7/g

	$ su daemon

	Cannot delete files without permissions:
	$ rm n1/f
	> rm: cannot remove `n1/f': Permission denied

	Can delete files we own:
	$ rm d2/f s2/f

	Cannot delete files where we are in the owning group in a non-sticky directory,
	but not in a sticky one:
	$ rm d3/f s3/f
	> rm: cannot remove `s3/f': Operation not permitted

	"Write_data/execute" access does not include delete_child access, and so this
	is not enough for deleting:
	$ rm d4/f s4/f
	> rm: cannot remove `d4/f': Permission denied
	> rm: cannot remove `s4/f': Permission denied

	"Delete_child" access alone also is not sufficient:
	$ rm d5/f s5/f
	> rm: cannot remove `d5/f': Permission denied
	> rm: cannot remove `s5/f': Permission denied

	"Execute/delete_child" on the directory does allow that, though, but only in
	a non-sticky directory:
	$ rm d6/f s6/f
	> rm: cannot remove `s6/f': Operation not permitted

	"Delete" on the child itself overrides the sticky check as well:
	$ rm d7/f s7/f

	But Delete is not a subset of POSIX read/write, so chmod turns it off:
	$ rm d7/g s7/g
	> rm: cannot remove `d7/g': Permission denied
	> rm: cannot remove `s7/g': Permission denied

	$ su
	$ cd ..
	$ rm -rf d