Is selftest the best framework for writing permissions and Privileges regression tests?

Jelmer Vernooij jelmer at
Tue Mar 6 15:23:35 MST 2012

On 03/06/2012 11:06 PM, Jelmer Vernooij wrote:
> On 03/06/2012 10:13 PM, Richard Sharpe wrote:
>> Hi folks,
>> At Metze's urging, I am thinking of a bunch of regression tests for
>> ACLS, permissions and Privileges.
>> These tests should be able to:
>> 1. Create files and apply SDs that specify owner SID and any sort of
>> ACL (ie, a bunch of ACEs etc with ALLOW and DENY entries and empty
>> DACLs etc)
>> 2. Try to access these files as various users specified in the DACL
>> (or eventually the SACL and even handle Mandatory stuff) and ensure
>> that the correct access is allowed
>> 3. Grant privileges to certain users and then try to access files
>> where access would be denied to ensure that the granted privileges
>> allow that access.
>> Now, my questions are:
>> a. Is selftest the best place for these tests?
> selftest is merely the infrastructure that takes care of running our
> tests against our own code, including setting up our server side code so
> that this can be done easily.
> It invokes various kinds of tests, whether they are part of smbtorture,
> written in python, shell or another sort of executable (e.g. masktest,
> etc).
> If you're adding tests that apply to Samba itself, they should really be
> added to selftest.
>> b. Does the Python infrastructure have the ability to allow me to
>> create SDs, apply them, grant privilege etc?
> Assuming you want to do this over SMB (rather than testing our local
> code that can write these to xattrs, etc) you should have a look at the
> "samba.smb" module. You might have to extend it to expose all the
> functionality you need, though.


for the current API documentation.



More information about the samba-technical mailing list