| #!/bin/sh -u |
| # |
| # Copyright (C) 2008 CAI Qian <caiqian@cclom.cn> |
| # Copyright (c) International Business Machines Corp., 2003 |
| # |
| # This program is free software; you can redistribute it and/or modify |
| # it under the terms of the GNU General Public License as published by |
| # the Free Software Foundation; either version 2 of the License, or |
| # (at your option) any later version. |
| # |
| # This program is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
| # the GNU General Public License for more details. |
| # |
| # You should have received a copy of the GNU General Public License |
| # along with this program; if not, write to the Free Software |
| # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 |
| # USA |
| # |
| # FILE: /etc/at.deny |
| # |
| # PURPOSE: Test that /etc/at.deny , does not allow those in the file |
| # to run cron jobs. |
| # |
| # HISTORY: |
| # 04/03 Jerone Young (jyoung5@us.ibm.com) |
| # |
| |
| export TCID=at_deny01 |
| export TST_TOTAL=1 |
| export TST_COUNT=1 |
| TMP=${TMP:=/tmp} |
| deny="/etc/at.deny" |
| test_user1="test_user_1" |
| test_user2="test_user_2" |
| test_user1_home="/home/${test_user1}" |
| test_user2_home="/home/${test_user2}" |
| tmpfile="$TMP/at_deny_test" |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: do_setup |
| #----------------------------------------------------------------------- |
| |
| do_setup() |
| { |
| # Move any files that may get in the way. |
| rm "${tmpfile}" >/dev/null 2>&1 |
| mv "${deny}" "${deny}.old" >/dev/null 2>&1 |
| |
| # if /etc/at.allow is there, /etc/at.deny will be ignored. So, we |
| # need to remove it first. |
| if [ -f "/etc/at.allow" ]; then |
| mv /etc/at.allow /etc/at.allow.old |
| fi |
| |
| # Remove users for clean enviroment. |
| rm -rf "${test_user1_home}" "${test_user2_home}" |
| userdel -r "${test_user1}" >/dev/null 2>&1 |
| userdel -r "${test_user2}" >/dev/null 2>&1 |
| |
| # Create the 1st user. |
| if ! useradd -g users -d "${test_user1_home}" -m "${test_user1}"; then |
| echo "Could not add test user ${test_user1} to system." |
| exit 1 |
| fi |
| |
| # Create the 2nd user. |
| if ! useradd -g users -d "${test_user2_home}" -m "${test_user2}"; then |
| echo "Could not add test user ${test_user2} to system." |
| exit 1 |
| fi |
| |
| # This is the workaround for a potential bug. |
| # [Bug 468337] At Refuse to Work with Non-login Shell |
| # https://bugzilla.redhat.com/show_bug.cgi?id=468337 |
| # As we are running in non-login shell now, we cannot run the script |
| # by simply given it a relative path. Therefore, we copy it to test |
| # users' home directories, and run it from there. |
| cp "$0" "${test_user1_home}/." && |
| cp "$0" "${test_user2_home}/." && |
| echo "export LTPROOT='$LTPROOT'" > "${test_user1_home}/cached_ltproot" && |
| echo "export LTPROOT='$LTPROOT'" > "${test_user2_home}/cached_ltproot" |
| if [ $? -ne 0 ]; then |
| tst_resm TBROK "Couldn't copy over req'd files for test users" |
| exit 1 |
| fi |
| |
| # running under systemd? |
| if command -v systemctl >/dev/null 2>&1; then |
| HAVE_SYSTEMCTL=true |
| else |
| HAVE_SYSTEMCTL=false |
| fi |
| |
| # Restart atd daemon. |
| if $HAVE_SYSTEMCTL; then |
| systemctl restart atd.service |
| else |
| /etc/init.d/atd restart |
| fi |
| } |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: do_cleanup |
| #----------------------------------------------------------------------- |
| do_cleanup() |
| { |
| # We forcefully remove those files anyway. Otherwise userdel may |
| # give us bad warnings. |
| rm -rf "${test_user1_home}" "${test_user2_home}" |
| userdel -r "${test_user1}" >/dev/null 2>&1 |
| userdel -r "${test_user2}" >/dev/null 2>&1 |
| rm "${deny}" |
| mv "${deny}.old" "${deny}" >/dev/null 2>&1 |
| rm "${tmpfile}" >/dev/null 2>&1 |
| |
| if [ -f /etc/at.allow.old ]; then |
| mv /etc/at.allow.old /etc/at.allow |
| fi |
| } |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: run_test |
| #----------------------------------------------------------------------- |
| run_test() |
| { |
| if [ $(whoami) = "${test_user1}" ]; then |
| . "${test_user1_home}/cached_ltproot" || exit 1 |
| export PATH="$PATH:$LTPROOT/testcases/bin" |
| |
| echo "TEST: ${deny} should deny only those who are not in the file to run jobs." |
| echo "(1) TEST THAT PERSON NOT IN ${deny} IS ABLE TO RUN JOB." |
| echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | |
| if ! at -m now + 1 minutes; then |
| echo "Error while adding job using at for user ${test_user1}." |
| exit 1 |
| fi |
| echo " Sleeping for 75 seconds...." |
| sleep 75 |
| |
| exit_code=1 |
| test -e "${tmpfile}" && exit_code=0 |
| if [ ${exit_code} -eq 1 ]; then |
| tst_resm TFAIL "At denyed user to execute test job" |
| else |
| tst_resm TPASS "At did not deny user to execute job" |
| fi |
| |
| rm -f "${tmpfile}" >/dev/null 2>&1 |
| exit ${exit_code} |
| |
| elif [ $(whoami) = "${test_user2}" ]; then |
| |
| . "${test_user2_home}/cached_ltproot" || exit 1 |
| export PATH="$PATH:$LTPROOT/testcases/bin" |
| |
| echo "(2) TEST THAT PERSON IN ${deny} IS NOT ABLE TO RUN JOB." |
| |
| echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | |
| if ! at -m now + 1 minutes; then |
| echo "Expected error while adding job user at for user ${test_user2}" |
| fi |
| echo "Sleeping for 75 seconds...." |
| sleep 75 |
| |
| exit_code=1 |
| test -e "${tmpfile}" || exit_code=0 |
| if [ ${exit_code} -eq 1 ]; then |
| echo "At did not deny user to execute job, TEST FAILED." |
| else |
| echo "At denyed user to execute test job, TEST PASSED." |
| fi |
| |
| rm -f "${tmpfile}" >/dev/null 2>&1 |
| exit ${exit_code} |
| |
| fi |
| } |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: main |
| #----------------------------------------------------------------------- |
| if ! type at > /dev/null; then |
| tst_resm TCONF "at command not found on system" |
| elif [ "$(id -ru)" = 0 ]; then |
| if do_setup ; then |
| if ! echo "${test_user2}" >"${deny}"; then |
| exit_code=1 |
| elif ! su "${test_user1}" -lc "${test_user1_home}/${0##*/}"; then |
| exit_code=1 |
| elif ! su "${test_user2}" -lc "${test_user2_home}/${0##*/}"; then |
| exit_code=1 |
| else |
| exit_code=0 |
| fi |
| do_cleanup |
| else |
| exit_code=1 |
| fi |
| exit ${exit_code} |
| else |
| run_test |
| exit 0 |
| fi |