test: check supplementary groups and ACLs for -r/-w/-x permissions.

jefft · jefft · commit a7881d783a2c · 2025-12-29T16:11:10.000+11:00
Replace manual permission checking logic with platform-specific libc functions that properly handle supplementary groups and ACLs: - Linux, Hurd, Redox, Cygwin, Solaris, Illumos: euidaccess() - FreeBSD: eaccess() - macOS, iOS, NetBSD, OpenBSD, DragonFly: faccessat() with AT_EACCESS - Android: faccessat() - Other OSes: fall back to libc:access() These functions delegate permission checks to the kernel, which correctly evaluates all of the user's group memberships (both primary and supplementary), as well as ACLs and other advanced permission features. Fixes #8960 Fixes #9147
diff --git a/.vscode/cspell.dictionaries/workspace.wordlist.txt b/.vscode/cspell.dictionaries/workspace.wordlist.txt
@@ -152,7 +152,9 @@ vmsplice
 
 # * vars/libc
 COMFOLLOW
+EACCESS
 EXDEV
+FDCWD
 FILENO
 FTSENT
 HOSTSIZE
@@ -196,7 +198,10 @@ blocksize
 canonname
 chroot
 dlsym
+eaccess
+euidaccess
 execvp
+faccessat
 fdatasync
 freeaddrinfo
 getaddrinfo
diff --git a/src/uu/test/src/test.rs b/src/uu/test/src/test.rs
@@ -258,26 +258,71 @@ enum PathCondition {
 
 #[cfg(not(windows))]
 fn path(path: &OsStr, condition: &PathCondition) -> bool {
-    use std::fs::Metadata;
+    use std::ffi::CString;
+    use std::os::unix::ffi::OsStrExt;
     use std::os::unix::fs::FileTypeExt;
 
     const S_ISUID: u32 = 0o4000;
     const S_ISGID: u32 = 0o2000;
     const S_ISVTX: u32 = 0o1000;
 
-    enum Permission {
-        Read = 0o4,
-        Write = 0o2,
-        Execute = 0o1,
-    }
+    // Helper function to check file access permissions.
+    // Uses platform-specific access functions that properly handle supplementary groups
+    // and ACLs.
+    let check_access = |path: &OsStr, mode: i32| -> bool {
+        let path_bytes = path.as_bytes();
+        let Ok(c_path) = CString::new(path_bytes) else {
+            return false; // Path contains null byte
+        };
 
-    let perm = |metadata: Metadata, p: Permission| {
-        if geteuid() == metadata.uid() {
-            metadata.mode() & ((p as u32) << 6) != 0
-        } else if getegid() == metadata.gid() {
-            metadata.mode() & ((p as u32) << 3) != 0
-        } else {
-            metadata.mode() & (p as u32) != 0
+        unsafe {
+            #[cfg(any(
+                target_os = "linux",
+                target_os = "hurd",
+                target_os = "redox",
+                target_os = "cygwin",
+                target_os = "solaris",
+                target_os = "illumos"
+            ))]
+            {
+                libc::euidaccess(c_path.as_ptr(), mode) == 0
+            }
+
+            #[cfg(target_os = "freebsd")]
+            {
+                libc::eaccess(c_path.as_ptr(), mode) == 0
+            }
+
+            #[cfg(any(
+                target_os = "macos",
+                target_os = "ios",
+                target_os = "netbsd",
+                target_os = "openbsd",
+                target_os = "dragonfly"
+            ))]
+            {
+                libc::faccessat(libc::AT_FDCWD, c_path.as_ptr(), mode, libc::AT_EACCESS) == 0
+            }
+
+            // Fallback for other OSes
+            #[cfg(not(any(
+                target_os = "linux",
+                target_os = "hurd",
+                target_os = "redox",
+                target_os = "cygwin",
+                target_os = "solaris",
+                target_os = "illumos",
+                target_os = "freebsd",
+                target_os = "macos",
+                target_os = "ios",
+                target_os = "netbsd",
+                target_os = "openbsd",
+                target_os = "dragonfly"
+            )))]
+            {
+                // fallback: use regular access()
+                libc::access(c_path.as_ptr(), mode) == 0
+            }
         }
     };
 
@@ -308,12 +353,12 @@ fn path(path: &OsStr, condition: &PathCondition) -> bool {
         PathCondition::Sticky => metadata.mode() & S_ISVTX != 0,
         PathCondition::UserOwns => metadata.uid() == geteuid(),
         PathCondition::Fifo => file_type.is_fifo(),
-        PathCondition::Readable => perm(metadata, Permission::Read),
+        PathCondition::Readable => check_access(path, libc::R_OK),
         PathCondition::Socket => file_type.is_socket(),
         PathCondition::NonEmpty => metadata.size() > 0,
         PathCondition::UserIdFlag => metadata.mode() & S_ISUID != 0,
-        PathCondition::Writable => perm(metadata, Permission::Write),
-        PathCondition::Executable => perm(metadata, Permission::Execute),
+        PathCondition::Writable => check_access(path, libc::W_OK),
+        PathCondition::Executable => check_access(path, libc::X_OK),
     }
 }
 
diff --git a/tests/by-util/test_test.rs b/tests/by-util/test_test.rs
@@ -1028,8 +1028,22 @@ fn test_string_lt_gt_operator() {
         .no_output();
 }
 
-#[test]
-#[cfg(unix)]
+// Only test platforms supporting euidaccess(), eaccess() or faccessat() in src/uu/test/src/test.rs::path
+#[test]
+#[cfg(any(
+    target_os = "linux",
+    target_os = "hurd",
+    target_os = "redox",
+    target_os = "cygwin",
+    target_os = "solaris",
+    target_os = "illumos",
+    target_os = "freebsd",
+    target_os = "macos",
+    target_os = "ios",
+    target_os = "netbsd",
+    target_os = "openbsd",
+    target_os = "dragonfly"
+))]
 fn test_permission_with_supplementary_group() {
     // Test that permission checks (-r, -w, -x) correctly consider supplementary groups,
     // not just the primary group (egid). See #9147
@@ -1048,13 +1062,12 @@ fn test_permission_with_supplementary_group() {
     }
 
     // Get user's supplementary groups
-    let groups_output = match Command::new("id").arg("-nG").output() {
-        Ok(output) => output,
-        Err(_) => return,
+    let Ok(groups_output) = Command::new("id").arg("-nG").output() else {
+        return;
     };
 
     let groups_str = String::from_utf8_lossy(&groups_output.stdout);
-    let groups: Vec<&str> = groups_str.trim().split_whitespace().collect();
+    let groups: Vec<&str> = groups_str.split_whitespace().collect();
 
     // Need at least 2 groups (primary + at least one supplementary)
     if groups.len() < 2 {
@@ -1104,7 +1117,17 @@ fn test_permission_with_supplementary_group() {
 }
 
 #[test]
-#[cfg(unix)]
+#[cfg(any(
+    target_os = "linux",
+    target_os = "redox",
+    target_os = "cygwin",
+    target_os = "solaris",
+    target_os = "illumos",
+    target_os = "freebsd",
+    target_os = "netbsd",
+    target_os = "openbsd",
+    target_os = "dragonfly"
+))]
 fn test_permission_with_acl() {
     // Test that permission checks (-r, -w, -x) correctly handle ACL (Access Control List)
     // permissions, not just traditional Unix permissions. This requires using euidaccess()
@@ -1129,9 +1152,8 @@ fn test_permission_with_acl() {
     }
 
     // Get current username for ACL
-    let username_output = match Command::new("whoami").output() {
-        Ok(output) => output,
-        Err(_) => return,
+    let Ok(username_output) = Command::new("whoami").output() else {
+        return;
     };
     let username = String::from_utf8_lossy(&username_output.stdout)
         .trim()
@@ -1170,7 +1192,7 @@ fn test_permission_with_acl() {
             "--non-interactive",
             "setfacl",
             "-m",
-            &format!("u:{}:rx", username),
+            &format!("u:{username}:rx"),
             test_path_str,
         ])
         .run();
