According to the ZFS source[1] code[2], ZFS should be able to have 1024 ACL's pr inode. It can only set 121 ACL's. It works on Solaris with 1024 ACL's. See script and output in "How to repeat the problem". [1] #define MAX_ACL_ENTRIES (1024) /* max entries of each type */ [2] http://svn.freebsd.org/base/user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h How-To-Repeat: setfacl -b /tank/project1 i=0 for u in $(ypcat passwd|awk -F':' '{print $1}'); do setfacl -m user:$u:rwxpDdaARWcCos:fd----:allow /tank/project1 let i=i+1 echo $i $u done ----------------- On Solaris 1024 ACL's work. # cat maxacl #!/bin/ksh touch file i=1 while true; do for u in $(getent passwd | nawk -F: '{print $1}'); do chmod A+user:$u:read_data:allow file || break 2 printf "%d %s\n" $i $u i=$((i+1)) done ls -v file | head ls -v file | wc -l done # ls -v file | head -rw-r--r--+ 1 root root 0 déc 6 13:05 file 0:user:utku3:read_data:allow 1:user:utku2:read_data:allow 2:user:utku1:read_data:allow 3:user:utku0:read_data:allow 4:user:utwww:read_data:allow 5:user:jlliagre:read_data:allow 6:user:nobody4:read_data:allow 7:user:noaccess:read_data:allow 8:user:nobody:read_data:allow # ls -v file | tail 1017:user:root:read_data:allow 1018:owner@:execute:deny 1019:owner@:read_data/write_data/append_data/write_xattr/write_attributes /write_acl/write_owner:allow 1020:group@:write_data/append_data/execute:deny 1021:group@:read_data:allow 1022:everyone@:write_data/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 1023:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize :allow
Responsible Changed From-To: freebsd-bugs->freebsd-fs Over to maintainer(s).
Responsible Changed From-To: freebsd-fs->trasz I'll take it.
State Changed From-To: open->closed This is not a bug. While the limit for ZFS is indeed 1024, the limit in the ACL framework is smaller; see /sys/sys/acl.h for details.