Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Dec 2012 15:32:40 GMT
From:      Sandra <littlesandra88@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/174264: ZFS can only set 121 ACL's instead of 1024
Message-ID:  <201212071532.qB7FWe1B071744@red.freebsd.org>
Resent-Message-ID: <201212071540.qB7Fe0kV033498@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         174264
>Category:       misc
>Synopsis:       ZFS can only set 121 ACL's instead of 1024
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 07 15:40:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Sandra
>Release:        9
>Organization:
>Environment:
>Description:
According to the ZFS source[1] code[2], ZFS should be able to have 1024 ACL's pr inode. It can only set 121 ACL's.

It works on Solaris with 1024 ACL's. See script and output in "How to repeat the problem".


[1] #define	MAX_ACL_ENTRIES		(1024)	/* max entries of each type */

[2] http://svn.freebsd.org/base/user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h
>How-To-Repeat:
setfacl -b /tank/project1

i=0
for u in $(ypcat passwd|awk -F':' '{print $1}'); do
    setfacl -m user:$u:rwxpDdaARWcCos:fd----:allow /tank/project1
    let i=i+1
    echo $i $u
done

-----------------
On Solaris 1024 ACL's work.

# cat maxacl
#!/bin/ksh

touch file
i=1
while true; do
  for u in $(getent passwd | nawk -F: '{print $1}'); do
    chmod A+user:$u:read_data:allow file || break 2
    printf "%d %s\n" $i $u
    i=$((i+1))
  done
  ls -v file | head
  ls -v file | wc -l
done

# ls -v file | head
-rw-r--r--+  1 root     root           0 déc   6 13:05 file
     0:user:utku3:read_data:allow
     1:user:utku2:read_data:allow
     2:user:utku1:read_data:allow
     3:user:utku0:read_data:allow
     4:user:utwww:read_data:allow
     5:user:jlliagre:read_data:allow
     6:user:nobody4:read_data:allow
     7:user:noaccess:read_data:allow
     8:user:nobody:read_data:allow
# ls -v file | tail
     1017:user:root:read_data:allow
     1018:owner@:execute:deny
     1019:owner@:read_data/write_data/append_data/write_xattr/write_attributes
         /write_acl/write_owner:allow
     1020:group@:write_data/append_data/execute:deny
     1021:group@:read_data:allow
     1022:everyone@:write_data/append_data/write_xattr/execute/write_attributes
         /write_acl/write_owner:deny
     1023:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
         :allow





>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212071532.qB7FWe1B071744>