В
The issue was caused by all access control list entries (ACEs) set for the group owner (group@) and normal groups (group:<name>) being delegated to the current user.
For example, access mode 0770 (write allowed only for group members) was treated as 0777 (write allowed for all users). A similar situation was observed with ACLs, for example, the following ACL became equivalent to the rights of 0777, since the group member check for builtin_administrators returns True.
# owner: root
#group: wheel
group:builtin_administrators:rwxpDdaARWcCos:——-:allow
Also, in the FreeBSD port of OpenZFS, another issue has been identified with granting permission to change to a directory (cd), regardless of the state of the execute permission flag for directories. Entry into the directory was possible, including with an explicit prohibition through ACL ("deny - execute")
Source: opennet.ru