Is selftest the best framework for writing permissions and Privileges regression tests?
jra at samba.org
Tue Mar 6 15:18:01 MST 2012
On Tue, Mar 06, 2012 at 01:13:29PM -0800, Richard Sharpe wrote:
> Hi folks,
> At Metze's urging, I am thinking of a bunch of regression tests for
> ACLS, permissions and Privileges.
> These tests should be able to:
> 1. Create files and apply SDs that specify owner SID and any sort of
> ACL (ie, a bunch of ACEs etc with ALLOW and DENY entries and empty
> DACLs etc)
> 2. Try to access these files as various users specified in the DACL
> (or eventually the SACL and even handle Mandatory stuff) and ensure
> that the correct access is allowed
> 3. Grant privileges to certain users and then try to access files
> where access would be denied to ensure that the granted privileges
> allow that access.
> Now, my questions are:
> a. Is selftest the best place for these tests?
I think so.
You'll end up with a set of tests that only run as root
though - some of the changing ownership and permissions
can only be done as root on the underlying filesystem.
More information about the samba-technical