POSIX ACLs
Created: August 03, 2019 (Updated: August 06, 2020)
getfacl
getfacl FILE
setfacl
setfacl OPTIONS {g|m|o|u}:NAME:[r][w][x] FILE
Examples
| Description | Command |
|---|---|
| Add a user-orientated ACL | setfacl -m u:USERNAME:rwx FILE |
| Add a group-orientated ACL recursively | setfacl -R -m g:GROUP:rwx FILE |
| Remove a user-orientated ACL | setfacl -x u:USERNAME FILE |
| Remove all ACLs | setfacl -b FILE |
| Set default ACLs | setfacl -d -m u:USERNAME:rwx DIRECTORY |
| Set a mask | setfacl -m m:rwx FILE |
| Set a default mask | setfacl -d -m m:rwx FILE |
| Copy ACLs from FILE1 to FILE2 | getfacl FILE1 | setfacl --set=FILE2 |
Remove default ACLs:
setfacl -k
setfacl --remove-default
Default deny everyone in the current directory except the owner:
setfacl -k # remove all the defaults
setfacl -d -m g::--- .
setfacl -d -m o::--- .
Notes
- Files will not get executable permissions unless explicitly granted by chmod.
- Use masks as the final step in a sequence to ensure an upper permission limit on complex ACLs.
- Masks are of limited use because they are overriden and re-calculated when chmod is called.