Newer
Older
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disk resource.
```
### Examples
Set all permissions for user John to file named abc:
```code
# setfacl -m "u:John:rwx" abc
```
# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
```
Change permissions for user John:
```code
# setfacl -m "u:John:r-x" abc
```
# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
group::r--
other::r--
You will notice that there is an ACL for a given file because it will exhibit `+` after its Unix permissions in the output of `ls -l`.
```code
$ ls -l /dev/audio
crw-rw----+ 1 root audio 14, 4 nov. 9 12:49 /dev/audio
$ getfacl /dev/audio
getfacl: Removing leading '/' from absolute path names
# file: dev/audio
# owner: root
# group: audio
user::rw-
user:solstice:rw-
group::rw-
mask::rw-
other::---
The ACL can be modified using the `setfacl` command.
You can list file/directory permission changes without modifying the permissions (i.e. dry-run) by appending the `--test` flag.
To apply operations to all files and directories recursively, append the `-R/--recursive` argument.
To set permissions for a user (user is either the user name or ID):
# setfacl -m "u:user:permissions" <file/dir>
To set permissions for a group (group is either the group name or ID):
# setfacl -m "g:group:permissions" <file/dir>
To allow all newly created files or directories to inherit entries from the parent directory (this will not affect files which will be copied into the directory):
To remove all entries (entries of the owner, group and others are retained):
[1]: https://wiki.archlinux.org/title/Access_Control_Lists