# What is the ZFS ACl limit?



## littlesandra88 (Dec 5, 2012)

Hello =)

Does anyone know how many user ACL's ZFS can handle?

With other words: for how many users can I set ACL's like this one for the same directory?

`# setfacl -m user:test1:rwxpDdaARWcCos:fd----:allow /mnt/project1`


----------



## Remington (Dec 5, 2012)

better use group...

`# setfacl -m group:test1:rwxpDdaARWcCos:fd----:allow /mnt/project1`


----------



## mamalos (Dec 6, 2012)

I've done a quick check on my FreeBSD9-STABLE (built on March 2012, though) and created a script that added a system user and along with him it added an ACL on a ZFS folder. The total count of ACL entries after which the system stopped, was 127. The error given was:


```
acl_set_file() failed: No space left on device>
```

I'll check for UFS limits as well.

*EDIT*: UFS limit of POSIX.1e ACLs in an old FreeBSD-9-CURRENT was 35, and the error message was:


```
acl_set_file() failed: Invalid argument
```


----------



## littlesandra88 (Dec 6, 2012)

@mamalos

Great idea to just do the test. I get 121 with


```
setfacl -b /tank/project1

i=0
for u in $(ypcat passwd|awk -F':' '{print $1}'); do
    setfacl -m user:$u:rwxpDdaARWcCos:fd----:allow /tank/project1
    let i=i+1
    echo $i $u
done
```

on FreeBSD 9.


----------



## littlesandra88 (Dec 6, 2012)

@mamalos

and that limit is not just for /tank/project1. Running


```
mkdir /tank/project1/test

i=0
for u in $(ypcat passwd|awk -F':' '{print $1}'); do
    setfacl -m user:$u:rwxpDdaARWcCos:fd----:allow /tank/project1/test
    let i=i+1
    echo $i $u
done
```

gives me 

```
setfacl: /tank/project1/test: acl_set_file() failed: No space left on device
```
on the first iteration.

So the ACL limits is on the entire tree it seams.

I can however still copy files to /tank/project1.


----------



## littlesandra88 (Dec 7, 2012)

According to the ZFS source code the limit is 1024

`# #define	MAX_ACL_ENTRIES		(1024)	/* max entries of each type */`

http://svn.freebsd.org/base/user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h

Does anyone know how to use DTrace, to figure out why FreeBSD stops after 121-127 pr inode? =)


----------



## mamalos (Dec 7, 2012)

Search the sources where MAX_ACL_ENTRIES is used in a conditional statement, and see if you can find the block of code that prints the aforementioned message. Moreover, you can patch the code at any point to print whatever variable you like at any time.


----------



## littlesandra88 (Dec 10, 2012)

121 is not a bug =)

ZFS ACL limit is 1024.
FreeBSD ACL limit is 254.
FreeBSD NFSv4 ACL limit is about half of 254.

See the comment in

http://gitorious.org/freebsd/freebsd/blobs/HEAD/sys/sys/acl.h


----------

