acl
Master ACL commands with setfacl and getfacl. Learn to manage file permissions, add, modify, copy, and delete ACLs for users and groups efficiently.
ACL Commands Reference
This page provides a quick reference for common Access Control List (ACL) commands in Linux, utilizing getfacl
to view ACLs and setfacl
to modify them. ACLs offer a more granular control over file and directory permissions than traditional Unix permissions.
Viewing File ACLs
Use the getfacl
command to display the ACLs for a given file or directory.
# Get ACL
getfacl <file>
Modifying File ACLs
The setfacl
command is used to add, modify, or remove ACL entries. You can specify permissions for specific users, groups, or others.
# Add or modify ACL on file for a specific user
setfacl -m u:username:rX <file>
# Add or modify ACL on file for a specific group
setfacl -m g:groupname:rw <file>
# Remove all permissions for others
setfacl -m o::- <file>
# Provide all permissions at once for user, group, and others
setfacl -m u::rwx,g:groupname:rX,o::- <file>
Copying ACLs
You can copy ACLs from one file to another using a combination of getfacl
and setfacl
.
# Copy ACL from file-A to file-B
getfacl file-A | setfacl -M - file-B
Recursive ACL Operations
Apply ACL changes recursively to all files and subdirectories within a directory.
# Apply ACL recursively to directory
setfacl -R -m u:username:rX <directory>
Deleting ACL Entries
Remove specific ACL entries for users or groups.
# Delete ACL for a specific user and group
setfacl -x u:username,g:groupname <file>
# Delete all ACLs on a file, including default ACLs
setfacl -b <file>
Default ACLs
Default ACLs are applied to new files and subdirectories created within a directory. They are managed similarly to regular ACLs but with the -d
flag.
# Set default ACL for a user on a directory
setfacl -m d:u:username:rx <directory>
# Remove default ACL for a user from a directory
setfacl -x d:u:username <directory>
# Delete only default ACLs from a directory
setfacl -k <directory>