diff --git a/.vscode/settings.json b/.vscode/settings.json
index 2a8db89..33c6c6d 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -126,6 +126,7 @@
"userspace",
"winget",
"wlan",
+ "xattr",
"zstd"
],
"markdown.extension.toc.levels": "2..6",
diff --git a/knowledge base/acl.md b/knowledge base/acl.md
index eda7495..cb32301 100644
--- a/knowledge base/acl.md
+++ b/knowledge base/acl.md
@@ -4,11 +4,17 @@
1. [TL;DR](#tldr)
1. [Set default permissions for files and directories](#set-default-permissions-for-files-and-directories)
+ 1. [Posix](#posix)
+ 1. [NFSv4](#nfsv4)
1. [Further readings](#further-readings)
## TL;DR
-List of [permission tags][syntax descriptions for setting acls] and [inheritance options][acl inheritance].
+When **setting** permissions, the _execute_ flag can be set to the **uppercase** `X` instead of the **lowercase** `x`.
+The uppercase `X` permission allows execution only if the target is a directory or if the execute permission has already been set for the user or group.
+
+BSD systems use NFSv4 ACLs by default in ZFS.
+List of **NFSv4** [permission tags][syntax descriptions for setting acls] and [inheritance options][acl inheritance].
```sh
# Install the tool.
@@ -16,49 +22,86 @@ apt install 'acl'
dnf install 'acl'
# Show ACLs.
-getfacl 'test/declarations.h'
+getfacl 'path/to/file'
# Set permissions for users.
-setfacl -m 'u:username:rwx' 'test/declarations.h'
+setfacl -m 'u::r-x' 'path/to/file'
+setfacl -m 'u::rwX' 'path/to/dir'
+setfacl -m 'u:username:r-x' 'path/to/file'
+setfacl -m 'u:username:rwX' 'path/to/dir'
# Add permissions for users.
# Position number starts from 0.
-setfacl -a '1' 'u:username:rwx' 'test/declarations.h'
-setfacl -a '5' 'owner@:rw-p-daARWcCos:f------:allow' 'path/to/file'
-setfacl -a '6' 'owner@:rwxpDdaARWcCos:-d-----:allow' 'path/to/dir'
+setfacl -a '1' 'u:username:rwx' 'path/to/file'
+setfacl -a '2' 'u::rwX' 'path/to/dir'
+setfacl -a '5' 'owner@:rw-p-daARWcCos::allow' 'path/to/file'
+setfacl -a '6' 'owner@:rwxpDdaARWcCos::allow' 'path/to/dir'
# Set permissions for groups.
-setfacl -m "g:groupname:r-x" 'test/declarations.h'
+setfacl -m 'g::r-x' 'path/to/file'
+setfacl -m 'g::rw-' 'path/to/dir'
+setfacl -m 'g:username:r-x' 'path/to/file'
+setfacl -m 'g:username:rwX' 'path/to/dir'
# Add permissions for groups.
# Position number starts from 0.
-setfacl -a '2' 'g:groupname:r-x' 'test/declarations.h'
-setfacl -a '7' 'group@:r--p--aAR-c--s:f------:allow' 'path/to/file'
-setfacl -a '8' 'group@:r-xp--aAR-c--s:-d-----:allow' 'path/to/dir'
+setfacl -a '2' 'g:groupname:r-x' 'path/to/file'
+setfacl -a '4' 'g::rw-' 'path/to/dir'
+setfacl -a '7' 'group@:r--p--aAR-c--s::allow' 'path/to/file'
+setfacl -a '8' 'group@:r-xp--aAR-c--s::allow' 'path/to/dir'
# Add permissions for everyone else (others).
# Position number starts from 0.
-setfacl -a '3' 'o::r-x' 'test/declarations.h'
-setfacl -a '9' 'everyone@:r-----a-R-c---:f------:allow' 'path/to/file'
-setfacl -a '10' 'everyone@:r-x---a-R-c---:-d-----:allow' 'path/to/dir'
+setfacl -a '3' 'o::r-x' 'path/to/file'
+setfacl -a '3' 'o::r-X' 'path/to/dir'
+setfacl -a '9' 'everyone@:r-----a-R-c---::allow' 'path/to/file'
+setfacl -a '10' 'everyone@:r-x---a-R-c---::allow' 'path/to/dir'
+
+# Change multiple permissions in one command.
+setfacl -m 'u::rw,g::r' 'path/to/file'
+setfacl -m 'u::rwX,g::rwX,o::rx' 'path/to/dir'
# Make children files and directories inherit acls.
-# A.K.A. sets default ACLs.
-setfacl -d -m 'u:dummy:rw' 'test'
+# A.K.A. set 'default' ACLs.
+setfacl -dm 'u:dummy:rw' 'path/to/file'
+setfacl -m 'default:u::rwX,g::rX,o:r' 'path/to/dir'
+setfacl -a '11' 'group@:r-----a-R-c---:f------:allow' 'path/to/file'
+setfacl -a '12' 'everyone@:r-x---a-R-c---:-d-----:allow' 'path/to/dir'
# Remove specific acls.
setfacl -x 'u:dummy:rw' 'test'
# Remove all ACL entries except for the ones synthesized from the file mode.
# If a 'mask' entry was in them, the resulting ACLs will be set accordingly.
-setfacl -b 'test/declarations.h'
+setfacl -b 'path/to/file'
```
## Set default permissions for files and directories
-Suppose you want a folder to set the default permissions of newly created files and directories to `0664` (`-rw-rw-r--`) and `0775` (`drwxrwxr-x`) respectively.
+Suppose you want a folder to set the default permissions of newly created files and directories to `0664` (`-rw-rw-r--`) and `0775` (`drwxrwxr-x`) respectively.
+The best way to achieve this would be to set up it's ACLs accordingly.
-The best way to achieve this would be to set up it's ACLs accordingly:
+### Posix
+
+| Who | ACL Type | Permissions | Flags | Translated `getfacl` Tags | Resulting Unix Permissions |
+| ----- | -------- | -------------------- | ----------------- | ------------------------- | -------------------------- |
+| user | Allow | Read, Write | File Inherit | `default:user::rw-` | `-rw-------` |
+| user | Allow | Read, Write, Execute | Directory Inherit | `default:user::rwX` | `drwx------` |
+| group | Allow | Read, Write | File Inherit | `default:group::rw-` | `----rw----` |
+| group | Allow | Read, Write, Execute | Directory Inherit | `default:group::rwX` | `d---rwx---` |
+| other | Allow | Read, Write | File Inherit | `default:other::rw-` | `-------rw-` |
+| other | Allow | Read, Write, Execute | Directory Inherit | `default:other::rwX` | `d------rwx` |
+
+```sh
+setfacl -dm 'u::rwX' 'path/to/dir'
+setfacl -dm 'g::rwX' 'path/to/dir'
+setfacl -dm 'o::r-X' 'path/to/dir'
+
+# Or, in one go.
+setfacl -dm 'u::rwX,g::rwX,o::rX' 'path/to/dir'
+```
+
+### NFSv4
| Who | ACL Type | Permissions | Flags | Translated `getfacl` Tags | Resulting Unix Permissions |
| --------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ---------------------------------------- | -------------------------- |
@@ -70,8 +113,6 @@ The best way to achieve this would be to set up it's ACLs accordingly:
| everyone@ | Allow | Read Data
Read Named Attributes
Execute
Read Attributes
Read ACL | Directory Inherit | `everyone@:r-x---a-R-c---:-d-----:allow` | `d------r-x` |
```sh
-# Set default permissions of '0664' for files and '0775' for directories.
-# Includes ACL-type permissions accordingly.
setfacl -m 'owner@:rw-p-daARWcCos:f------:allow' 'path/to/dir'
setfacl -a '1' 'owner@:rwxpDdaARWcCos:-d-----:allow' 'path/to/dir'
setfacl -m 'group@:r--p--aAR-c--s:f------:allow' 'path/to/dir'
diff --git a/knowledge base/diy nas/v1.md b/knowledge base/diy nas/v1.md
index 94c8ae2..64da08a 100644
--- a/knowledge base/diy nas/v1.md
+++ b/knowledge base/diy nas/v1.md
@@ -21,12 +21,17 @@
## Software
-| Component | Choice | Notes |
-| ---------------- | ---------------- | -------------------------------------------------- |
-| Operating system | [OpenMediaVault] | With [OMV-Extras](../openmediavault.md#omv-extras) |
-| Kernel | Default (Debian) | |
-| OS file system | Default (ext4) | |
-| Data file system | ZFS | See [ZFS](../openmediavault.md#zfs) |
+| Component | Choice | Notes |
+| ---------------- | ---------------- | ----------------------------------------------------- |
+| Operating system | [OpenMediaVault] | With [OMV-Extras](../openmediavault.md#omv-extras) |
+| Kernel | Default (Debian) | |
+| OS file system | Default (ext4) | |
+| Data file system | ZFS | See [ZFS on OpenMediaVault](../openmediavault.md#zfs) |
+
+ZFS datasets used as shared folders shall have the following properties:
+- `aclinherit:restricted`;
+- `aclmode:groupmask`;
+- `acltype:posix` + `xattr:sa` until `nfsv4` is supported on Linux.
## Further readings
diff --git a/knowledge base/openmediavault.md b/knowledge base/openmediavault.md
index 79e6304..47dc059 100644
--- a/knowledge base/openmediavault.md
+++ b/knowledge base/openmediavault.md
@@ -171,6 +171,7 @@ Just enable property in the pool or dataset.
- [Proxmox]
- [OMV-Extras]
- [Disks maintenance]
+- [ZFS]
## Sources
@@ -198,6 +199,7 @@ All the references in the [further readings] section, plus the following:
[debian]: debian.md
[disks maintenance]: disks%20maintenance.md
[proxmox]: proxmox.md
+[zfs]: zfs.md
[hdparm]: https://linux.die.net/man/8/hdparm