Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disk resource.
Show ACL
========
To show permissions, use:
# getfacl <file/dir>
Examples
Set all permissions for user johnny to file named abc:
# setfacl -m "u:johnny:rwx" abc
Check permissions:
# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
user:johnny:rwx
group::r--
mask::rwx
other::r--
Change permissions for user johnny:
# setfacl -m "u:johnny:r-x" abc
Check permissions:
# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
user:johnny:r-x
group::r--
mask::r-x
other::r--
Remove all ACL entries:
# setfacl -b abc
Check permissions:
# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
group::r--
other::r--
Output of ls command
You will notice that there is an ACL for a given file because it will exhibit a + (plus sign) after its Unix permissions in the output of ls -l.
You can list file/directory permission changes without modifying the permissions (i.e. dry-run) by appending the --test flag.
To apply operations to all files and directories recursively, append the -R/--recursive argument.
To set permissions for a user (user is either the user name or ID):
# setfacl -m "u:user:permissions" <file/dir>
To set permissions for a group (group is either the group name or ID):
# setfacl -m "g:group:permissions" <file/dir>
To set permissions for others:
# setfacl -m "other:permissions" <file/dir>
To allow all newly created files or directories to inherit entries from the parent directory (this will not affect files which will be copied into the directory):
# setfacl -dm "entry" <dir>
To remove a specific entry:
# setfacl -x "entry" <file/dir>
To remove the default entries:
# setfacl -k <file/dir>
To remove all entries (entries of the owner, group and others are retained):
