1 #!/bin/sh -u 2 # 3 # Copyright (C) 2008 CAI Qian <caiqian (at] cclom.cn> 4 # Copyright (c) International Business Machines Corp., 2003 5 # 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; either version 2 of the License, or 9 # (at your option) any later version. 10 # 11 # This program is distributed in the hope that it will be useful, 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 14 # the GNU General Public License for more details. 15 # 16 # You should have received a copy of the GNU General Public License 17 # along with this program. If not, see <http://www.gnu.org/licenses/>. 18 # 19 # FILE: /etc/at.deny 20 # 21 # PURPOSE: Test that /etc/at.deny , does not allow those in the file 22 # to run cron jobs. 23 # 24 # HISTORY: 25 # 04/03 Jerone Young (jyoung5 (at] us.ibm.com) 26 # 27 28 export TCID=at_deny01 29 export TST_TOTAL=1 30 export TST_COUNT=1 31 TMP=${TMP:=/tmp} 32 deny="/etc/at.deny" 33 test_user1="test_user_1" 34 test_user2="test_user_2" 35 test_user1_home="/home/${test_user1}" 36 test_user2_home="/home/${test_user2}" 37 tmpfile="$TMP/at_deny_test" 38 39 if [ "$(id -ru)" = 0 ]; then 40 . cmdlib.sh 41 fi 42 43 #----------------------------------------------------------------------- 44 # FUNCTION: do_setup 45 #----------------------------------------------------------------------- 46 47 do_setup() 48 { 49 # Move any files that may get in the way. 50 rm "${tmpfile}" >/dev/null 2>&1 51 mv "${deny}" "${deny}.old" >/dev/null 2>&1 52 53 # if /etc/at.allow is there, /etc/at.deny will be ignored. So, we 54 # need to remove it first. 55 if [ -f "/etc/at.allow" ]; then 56 mv /etc/at.allow /etc/at.allow.old 57 fi 58 59 # Remove users for clean enviroment. 60 rm -rf "${test_user1_home}" "${test_user2_home}" 61 userdel -r "${test_user1}" >/dev/null 2>&1 62 userdel -r "${test_user2}" >/dev/null 2>&1 63 64 # Create the 1st user. 65 if ! useradd -g users -d "${test_user1_home}" -m "${test_user1}"; then 66 echo "Could not add test user ${test_user1} to system." 67 exit 1 68 fi 69 70 # Create the 2nd user. 71 if ! useradd -g users -d "${test_user2_home}" -m "${test_user2}"; then 72 echo "Could not add test user ${test_user2} to system." 73 exit 1 74 fi 75 76 # This is the workaround for a potential bug. 77 # [Bug 468337] At Refuse to Work with Non-login Shell 78 # https://bugzilla.redhat.com/show_bug.cgi?id=468337 79 # As we are running in non-login shell now, we cannot run the script 80 # by simply given it a relative path. Therefore, we copy it to test 81 # users' home directories, and run it from there. 82 cp "$0" "${test_user1_home}/." && 83 cp "$0" "${test_user2_home}/." && 84 echo "export LTPROOT='$LTPROOT'" > "${test_user1_home}/cached_ltproot" && 85 echo "export LTPROOT='$LTPROOT'" > "${test_user2_home}/cached_ltproot" 86 if [ $? -ne 0 ]; then 87 tst_resm TBROK "Couldn't copy over req'd files for test users" 88 exit 1 89 fi 90 91 restart_daemon atd 92 } 93 94 #----------------------------------------------------------------------- 95 # FUNCTION: do_cleanup 96 #----------------------------------------------------------------------- 97 do_cleanup() 98 { 99 # We forcefully remove those files anyway. Otherwise userdel may 100 # give us bad warnings. 101 rm -rf "${test_user1_home}" "${test_user2_home}" 102 userdel -r "${test_user1}" >/dev/null 2>&1 103 userdel -r "${test_user2}" >/dev/null 2>&1 104 rm "${deny}" 105 mv "${deny}.old" "${deny}" >/dev/null 2>&1 106 rm "${tmpfile}" >/dev/null 2>&1 107 108 if [ -f /etc/at.allow.old ]; then 109 mv /etc/at.allow.old /etc/at.allow 110 fi 111 } 112 113 #----------------------------------------------------------------------- 114 # FUNCTION: run_test 115 #----------------------------------------------------------------------- 116 run_test() 117 { 118 if [ $(whoami) = "${test_user1}" ]; then 119 . "${test_user1_home}/cached_ltproot" || exit 1 120 export PATH="$PATH:$LTPROOT/testcases/bin" 121 122 echo "TEST: ${deny} should deny only those who are not in the file to run jobs." 123 echo "(1) TEST THAT PERSON NOT IN ${deny} IS ABLE TO RUN JOB." 124 echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | 125 if ! at -m now + 1 minutes; then 126 echo "Error while adding job using at for user ${test_user1}." 127 exit 1 128 fi 129 echo " Sleeping for 75 seconds...." 130 sleep 75 131 132 exit_code=1 133 test -e "${tmpfile}" && exit_code=0 134 if [ ${exit_code} -eq 1 ]; then 135 tst_resm TFAIL "At denyed user to execute test job" 136 else 137 tst_resm TPASS "At did not deny user to execute job" 138 fi 139 140 rm -f "${tmpfile}" >/dev/null 2>&1 141 exit ${exit_code} 142 143 elif [ $(whoami) = "${test_user2}" ]; then 144 145 . "${test_user2_home}/cached_ltproot" || exit 1 146 export PATH="$PATH:$LTPROOT/testcases/bin" 147 148 echo "(2) TEST THAT PERSON IN ${deny} IS NOT ABLE TO RUN JOB." 149 150 echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | 151 if ! at -m now + 1 minutes; then 152 echo "Expected error while adding job user at for user ${test_user2}" 153 fi 154 echo "Sleeping for 75 seconds...." 155 sleep 75 156 157 exit_code=1 158 test -e "${tmpfile}" || exit_code=0 159 if [ ${exit_code} -eq 1 ]; then 160 echo "At did not deny user to execute job, TEST FAILED." 161 else 162 echo "At denyed user to execute test job, TEST PASSED." 163 fi 164 165 rm -f "${tmpfile}" >/dev/null 2>&1 166 exit ${exit_code} 167 168 fi 169 } 170 171 #----------------------------------------------------------------------- 172 # FUNCTION: main 173 #----------------------------------------------------------------------- 174 if ! type at > /dev/null; then 175 tst_resm TCONF "at command not found on system" 176 elif [ "$(id -ru)" = 0 ]; then 177 if do_setup ; then 178 if ! echo "${test_user2}" >"${deny}"; then 179 exit_code=1 180 elif ! su "${test_user1}" -lc "${test_user1_home}/${0##*/}"; then 181 exit_code=1 182 elif ! su "${test_user2}" -lc "${test_user2_home}/${0##*/}"; then 183 exit_code=1 184 else 185 exit_code=0 186 fi 187 do_cleanup 188 else 189 exit_code=1 190 fi 191 exit ${exit_code} 192 else 193 run_test 194 exit 0 195 fi 196