Banner of Manage File Permissions with setfacl and getfacl: A Beginner's Guide

How to Use setfacl and getfacl: A Step-by-Step Guide

Category: Linux

Date: 58 days ago
Views: 170

Introduction to ACLs

Access Control Lists (ACLs) are used to provide more fine-grained permissions for files and directories than the traditional Unix permissions (read, write, execute). They allow you to specify permissions for individual users or groups.

setfacl and getfacl

  • setfacl is used to set ACLs on files and directories.

  • getfacl is used to retrieve ACLs from files and directories.

Basic Syntax


setfacl [options] acl_spec file...


getfacl [options] file...

Setting ACLs with setfacl

Basic Usage

To add an ACL entry:

setfacl -m u:username:permissions file

  • -m: Modify the ACL.

  • u:username:permissions: Specify the user (u), the username, and the permissions (r, w, x).


setfacl -m u:john:rwx myfile

This grants user john read, write, and execute permissions on myfile.

Setting ACLs for Groups

setfacl -m g:groupname:permissions file


setfacl -m g:admins:rw myfile

This grants the group admins read and write permissions on myfile.

Setting Default ACLs on Directories

setfacl -d -m u:username:permissions directory


setfacl -d -m u:john:rwx mydir

This sets default permissions for john on the directory mydir.

Removing ACL Entries

To remove an ACL entry:

setfacl -x u:username file


setfacl -x u:john myfile

This removes the ACL entry for user john on myfile.

To remove all ACL entries:

setfacl -b file


setfacl -b myfile

This removes all ACL entries from myfile.

Viewing ACLs with getfacl

To view the ACLs on a file or directory:

getfacl file


getfacl myfile

This outputs the ACLs for myfile.

Example Output

# file: myfile
# owner: root
# group: root

  • user::rw- - Permissions for the file owner.

  • user:john:rwx - Specific permissions for user john.

  • group::r-- - Permissions for the owning group.

  • mask::rwx - The effective rights mask.

  • other::r-- - Permissions for others.

Recursive ACLs

To apply ACLs recursively to all files and directories within a directory:

setfacl -R -m u:username:permissions directory


setfacl -R -m u:john:rwx mydir

This applies the ACL for john recursively within mydir.

Preserving Existing ACLs

To add or modify ACL entries without affecting existing ones, use the -n option with setfacl.

setfacl -n -m u:username:permissions file


setfacl -n -m u:john:rwx myfile


ACLs provide a powerful way to manage permissions on a more granular level than standard Unix permissions. Using setfacl, you can set and modify ACLs, while getfacl allows you to view them. This capability is especially useful in environments where multiple users or groups need specific access to files and directories.


Previous Article Next Article

0 Comments, latest

No comments.