Python tests of Access Control Lists and Privileges

Andrew Bartlett abartlet at
Mon Mar 26 03:01:09 MDT 2012

On Sun, 2012-03-25 at 22:12 -0700, Richard Sharpe wrote:
> Hi,
> Here are my thoughts with respect to tests of the Samba ACL handling
> and Privileges.
> It should consist of:
> 1. A set of tests, where each test is a Python function or perhaps a
> class (not sure of the utility of classes here, hmmm, as classes we
> can maintain useful info about each test with some interesting info
> and a standard set of methods).
> Each test should focus on a specific item, eg: Apply a specific set of
> ACEs in an ACL to a file and then try to access the file in ways that
> should be allowed and ways that are not allowed.
> Privilege tests should test that a user who has privileges get the
> access provided by those privileges, even in the presence of DENY
> entries etc.
> Each test return True for pass, False for fail.
> Each test should use normal Python Documentation to document what it
> tests and what a failure indicates.
> 2. A list of those tests.
> 3. A driver that connects to a server, retrieves version information
> etc, and then runs the tests one at a time until they have already
> been run. It should then report the statistics, and in particular list
> all the tests that fail.
> Any other suggestions? Comments.

Nadya has commented on what should be tested, so I'll concentrate on how
it should be tested.  Look closely at the tests, and how it is
built using the TestCase classes, the associated assertions and outputs
subunit.  In short, just do not re-invent our testing wheel.  Create the
users and assign privileges using RPC and LDAP, and then test using

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list