Is selftest the best framework for writing permissions and Privileges regression tests?

Jelmer Vernooij jelmer at
Tue Mar 6 15:06:30 MST 2012

On 03/06/2012 10:13 PM, Richard Sharpe wrote:
> Hi folks,
> At Metze's urging, I am thinking of a bunch of regression tests for
> ACLS, permissions and Privileges.
> These tests should be able to:
> 1. Create files and apply SDs that specify owner SID and any sort of
> ACL (ie, a bunch of ACEs etc with ALLOW and DENY entries and empty
> DACLs etc)
> 2. Try to access these files as various users specified in the DACL
> (or eventually the SACL and even handle Mandatory stuff) and ensure
> that the correct access is allowed
> 3. Grant privileges to certain users and then try to access files
> where access would be denied to ensure that the granted privileges
> allow that access.
> Now, my questions are:
> a. Is selftest the best place for these tests?
selftest is merely the infrastructure that takes care of running our
tests against our own code, including setting up our server side code so
that this can be done easily.

It invokes various kinds of tests, whether they are part of smbtorture,
written in python, shell or another sort of executable (e.g. masktest,

If you're adding tests that apply to Samba itself, they should really be
added to selftest.

> b. Does the Python infrastructure have the ability to allow me to
> create SDs, apply them, grant privilege etc?
Assuming you want to do this over SMB (rather than testing our local
code that can write these to xattrs, etc) you should have a look at the
"samba.smb" module. You might have to extend it to expose all the
functionality you need, though.



More information about the samba-technical mailing list