ACL Commands Reference
This page provides a quick reference for common Access Control List (ACL) commands in Linux, utilizing getfacl to view ACLs and setfacl to modify them. ACLs offer a more granular control over file and directory permissions than traditional Unix permissions.
Viewing File ACLs
Use the getfacl command to display the ACLs for a given file or directory.
# Get ACL
getfacl <file>Modifying File ACLs
The setfacl command is used to add, modify, or remove ACL entries. You can specify permissions for specific users, groups, or others.
# Add or modify ACL on file for a specific user
setfacl -m u:username:rX <file>
# Add or modify ACL on file for a specific group
setfacl -m g:groupname:rw <file>
# Remove all permissions for others
setfacl -m o::- <file>
# Provide all permissions at once for user, group, and others
setfacl -m u::rwx,g:groupname:rX,o::- <file>Copying ACLs
You can copy ACLs from one file to another using a combination of getfacl and setfacl.
# Copy ACL from file-A to file-B
getfacl file-A | setfacl -M - file-BRecursive ACL Operations
Apply ACL changes recursively to all files and subdirectories within a directory.
# Apply ACL recursively to directory
setfacl -R -m u:username:rX <directory>Deleting ACL Entries
Remove specific ACL entries for users or groups.
# Delete ACL for a specific user and group
setfacl -x u:username,g:groupname <file>
# Delete all ACLs on a file, including default ACLs
setfacl -b <file>Default ACLs
Default ACLs are applied to new files and subdirectories created within a directory. They are managed similarly to regular ACLs but with the -d flag.
# Set default ACL for a user on a directory
setfacl -m d:u:username:rx <directory>
# Remove default ACL for a user from a directory
setfacl -x d:u:username <directory>
# Delete only default ACLs from a directory
setfacl -k <directory>