setfacl

Set, modify, and remove Access Control Lists (ACLs) for files and directories

Syntax

setfacl [options] [acl_spec] file...

Basic Usage

Add ACL entry for a user

setfacl -m u:username:rwx filename

Gives read, write, and execute permissions to the specified user.

Add ACL entry for a group

setfacl -m g:groupname:rw filename

Remove ACL entry

setfacl -x u:username filename

Set ACL from file

setfacl --set-file=acl_file target_file

Common Options

  • -m, --modify: Modify ACL entries
  • -x, --remove: Remove ACL entries
  • -b, --remove-all: Remove all ACL entries
  • -k, --remove-default: Remove default ACL entries
  • -d, --default: Apply to default ACL
  • -R, --recursive: Apply recursively to directories
  • -M, --modify-file: Read ACL entries from file
  • -X, --remove-file: Read ACL entries to remove from file
  • -n, --no-mask: Don't recalculate effective rights mask
  • --mask: Do recalculate effective rights mask
  • -v, --version: Print version and exit
  • -h, --help: Print help and exit

ACL Entry Format

ACL Entry Types

  • u:username:permissions: User ACL entry
  • g:groupname:permissions: Group ACL entry
  • o::permissions: Other ACL entry
  • m::permissions: Mask entry (effective rights)

Practical Examples

Give user read and write access

setfacl -m u:john:rw document.txt

Give group read access

setfacl -m g:developers:r source.c

Set default ACL for directory

setfacl -d -m u:john:rwx /shared/directory

Remove all ACLs from file

setfacl -b filename

Apply ACLs recursively

setfacl -R -m u:john:rw /project/

Set multiple ACL entries at once

setfacl -m u:john:rw,g:team:r,o::r file.txt

Create ACL file and apply it

echo "u:john:rw" > acl.txt
echo "g:developers:r" >> acl.txt
setfacl -M acl.txt target_file

Understanding ACLs

ACL vs Traditional Permissions

  • Traditional: owner, group, others (3 sets of permissions)
  • ACLs: Multiple users and groups with specific permissions
  • Flexibility: ACLs provide fine-grained access control
  • Compatibility: ACLs work alongside traditional permissions

Best Practices

When to Use

  • Sharing files with specific users or groups
  • Complex permission requirements
  • Collaborative project directories
  • Web server file access control
  • Database file permissions

Important Notes

  • Filesystem must support ACLs (ext3, ext4, XFS, etc.)
  • ACLs are mounted with acl option
  • Use getfacl to verify ACL settings
  • Default ACLs only apply to directories
  • Mask entry limits effective permissions
  • ACLs can be complex to manage in large environments

See Also

  • getfacl - Display ACLs
  • chmod - Change file permissions
  • chown - Change file owner and group
  • ls - List directory contents