1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28#
29# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
30#
31
32. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
33
34#
35# DESCRIPTION:
36#	Verify option '-d' allow permission to the descendent datasets, and not
37#	for this dataset itself.
38#
39# STRATEGY:
40#	1. Create descendent datasets of $ROOT_TESTFS
41#	2. Select user, group and everyone and set descendent permission
42#	   separately.
43#	3. Set descendent permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
44#	4. Verify those permissions are allowed to $ROOT_TESTFS's
45#	   descendent dataset.
46#	5. Verify the permissions are not allowed to $ROOT_TESTFS or
47#	   $ROOT_TESTVOL.
48#
49
50verify_runnable "both"
51
52log_assert "Verify option '-d' allow permission to the descendent datasets."
53log_onexit restore_root_datasets
54
55childfs=$ROOT_TESTFS/childfs
56
57eval set -A dataset $DATASETS
58typeset perms="snapshot,reservation,compression,checksum,userprop"
59
60# Verify option '-d' only affect sub-datasets
61log_must zfs create $childfs
62for dtst in $DATASETS ; do
63	log_must zfs allow -d $STAFF1 $perms $dtst
64	log_must verify_noperm $dtst $perms $STAFF1
65	if [[ $dtst == $ROOT_TESTFS ]]; then
66		log_must verify_perm $childfs $perms $STAFF1
67	fi
68done
69
70log_must restore_root_datasets
71
72# Verify option '-d + -g' affect group in sub-datasets.
73log_must zfs create $childfs
74for dtst in $DATASETS ; do
75	log_must zfs allow -d -g $STAFF_GROUP $perms $dtst
76	log_must verify_noperm $dtst $perms $STAFF2
77	if [[ $dtst == $ROOT_TESTFS ]]; then
78		log_must verify_perm $childfs $perms $STAFF2
79	fi
80done
81
82log_must restore_root_datasets
83
84# Verify option '-d + -e' affect everyone in sub-datasets.
85log_must zfs create $childfs
86for dtst in $DATASETS ; do
87	log_must zfs allow -d -e $perms $dtst
88	log_must verify_noperm $dtst $perms $OTHER1 $OTHER2
89	if [[ $dtst == $ROOT_TESTFS ]]; then
90		log_must verify_perm $childfs $perms $OTHER1 $OTHER2
91	fi
92done
93
94log_must restore_root_datasets
95
96log_pass "Verify option '-d' allow permission to the descendent datasets pass."
97