ACL (Access Control Lists)

Viewing ACLs

Show the current Access Control List for a file or directory.

getfacl [file]

Show ACLs for all files in a directory recursively.

getfacl -R [directory]

Setting ACLs

User Permissions

Grant a specific user read and write access to a file (overrides standard permissions).

setfacl -m u:[user]:rw [file]

Grant a specific user full access (read, write, execute).

setfacl -m u:[user]:rwx [file]

Remove all permissions for a specific user.

setfacl -m u:[user]:- [file]

Group Permissions

Grant a specific group read access.

setfacl -m g:[group]:r [file]

Advanced & Professional Scenarios

Default ACLs (Inheritance)

Set default ACLs on a directory. New files created inside will inherit these permissions automatically.

setfacl -d -m u:[user]:rwx [directory]

Set default group permissions for inheritance.

setfacl -d -m g:[group]:rw [directory]

Recursive Operations

Apply ACL recursively to all existing files and directories.

setfacl -R -m u:[user]:rw [directory]

Pro Tip: Often you want to set both the current permissions AND the default permissions for future files.

setfacl -R -m u:[user]:rwx,d:u:[user]:rwx [directory]

Removing ACLs

Remove a specific ACL entry for a user.

setfacl -x u:[user] [file]

Remove all ACL entries (reset to standard Linux permissions).

setfacl -b [file]

Remove all default ACL entries from a directory.

setfacl -k [directory]

Masking

Set the effective rights mask. This limits the maximum permissions for all named users and groups.

setfacl -m m::r [file]

Backup and Restore

Backup ACLs to a file.

getfacl -R [directory] > acl_backup.txt

Restore ACLs from a file.

setfacl --restore=acl_backup.txt