Back to Commands

getfacl

file managementLinux/Unix

The getfacl command is one of the most frequently used commands in Linux/Unix-like operating systems. getfacl Display file access control lists

See Examples View Syntax

Quick Reference

Command Name:

getfacl

Category:

file management

Platform:

Linux/Unix

Basic Usage:

getfacl [options] [arguments]

Common Use Cases

Syntax

getfacl [options] file ...

Options

Option	Description
`-a, --access`	Display the file access control list only
`-d, --default`	Display the default access control list only
`-c, --omit-header`	Do not display the comment header
`-e, --all-effective`	Print all effective rights
`-E, --no-effective`	Print no effective rights
`-R, --recursive`	Recursively list ACLs for directories and their contents
`-L, --logical`	Logical walk, follow symbolic links
`-P, --physical`	Physical walk, do not follow symbolic links
`-t, --tabular`	Display ACL in a tabular format
`-n, --numeric`	Display user and group IDs numerically
`-p, --absolute-names`	Don't strip leading slash in pathnames
`--skip-base`	Skip files that only have the base entries (owner, group, other)

Examples

How to Use These Examples

The examples below show common ways to use the getfacl command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

# Basic Examples Basic

getfacl filename

Display the ACL for a single file.

getfacl -t filename

Display ACL in a more readable tabular format.

getfacl dir1/ dir2/

Display ACLs for multiple directories. # Advanced Examples Advanced getfacl -R directory/ Recursively display ACLs for a directory and its contents. getfacl --access filename Display only the access ACL. getfacl --omit-header filename Display ACL without the header comments. getfacl --skip-base filename Skip base ACL entries (owner, group, other). getfacl filename > acl_backup.txt Save ACL information to a file for later restoration.

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

The getfacl command is used to display the Access Control Lists (ACLs) for files and directories, which extend beyond the standard Unix permissions model to provide more granular access control. Key features of getfacl: 1. ACL Inspection: getfacl displays both the standard file permissions (owner, group, others) and extended ACL entries that grant specific permissions to users or groups. 2. Default ACLs: For directories, getfacl can show default ACLs, which are automatically applied to new files created within the directory. 3. Recursive Inspection: With the -R option, getfacl can display ACLs for an entire directory tree, making it useful for security audits. 4. Format Options: The command supports different display formats, including a tabular view (-t) that makes ACL information more readable. 5. Filtering Capabilities: getfacl provides options to display only certain types of ACL entries, such as access ACLs or default ACLs. 6. Output Control: Various options allow controlling how the output is formatted, such as omitting headers or displaying numeric IDs instead of names. 7. Backing Up ACLs: The output of getfacl can be redirected to a file to create a backup of ACL settings that can later be restored with setfacl. getfacl is complementary to the setfacl command, which is used to set or modify ACLs. Together, these commands provide a way to implement and manage fine-grained access control beyond what traditional Unix permissions offer, allowing administrators to grant specific users or groups particular access rights to files and directories.

Related Commands

These commands are frequently used alongside getfacl or serve similar purposes:

Explore All Commands

Use Cases

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the getfacl command works in different scenarios.

See Examples Try Lab Exercises

$ getfacl

View All Commands