This page provides a quick reference for common Access Control List (ACL) commands in Linux, utilizing getfacl to view ACLs and setfacl to modify them. ACLs offer a more granular control over file and directory permissions than traditional Unix permissions.

Viewing File ACLs

Use the getfacl command to display the ACLs for a given file or directory.

# Get ACL
getfacl <file>

Modifying File ACLs

The setfacl command is used to add, modify, or remove ACL entries. You can specify permissions for specific users, groups, or others.

# Add or modify ACL on file for a specific user
setfacl -m u:username:rX <file>

# Add or modify ACL on file for a specific group
setfacl -m g:groupname:rw <file>

# Remove all permissions for others
setfacl -m o::- <file>

# Provide all permissions at once for user, group, and others
setfacl -m u::rwx,g:groupname:rX,o::- <file>

Copying ACLs

You can copy ACLs from one file to another using a combination of getfacl and setfacl.

# Copy ACL from file-A to file-B
getfacl file-A | setfacl -M - file-B

Recursive ACL Operations

Apply ACL changes recursively to all files and subdirectories within a directory.

# Apply ACL recursively to directory
setfacl -R -m u:username:rX <directory>

Deleting ACL Entries

Remove specific ACL entries for users or groups.

# Delete ACL for a specific user and group
setfacl -x u:username,g:groupname <file>

# Delete all ACLs on a file, including default ACLs
setfacl -b <file>

Default ACLs

Default ACLs are applied to new files and subdirectories created within a directory. They are managed similarly to regular ACLs but with the -d flag.

# Set default ACL for a user on a directory
setfacl -m d:u:username:rx <directory>

# Remove default ACL for a user from a directory
setfacl -x d:u:username <directory>

# Delete only default ACLs from a directory
setfacl -k <directory>

Further Reading

• getfacl man page
• setfacl man page
• ArchWiki: Access Control Lists