Back to Commands

setfacl

file managementLinux
The setfacl command is one of the most frequently used commands in Linux/Unix-like operating systems. setfacl Set file access control lists (ACLs)
See ExamplesView Syntax

Quick Reference

Command Name:

setfacl

Category:

file management

Platform:

Linux

Basic Usage:

setfacl [options] [arguments]

Common Use Cases

    Syntax

    setfacl [options] acl_spec file...

    Options

    Option Description
    -m, --modify=acl Modify the ACL of file(s)
    -x, --remove=acl Remove entries from the ACL of file(s)
    -b, --remove-all Remove all extended ACL entries
    -k, --remove-default Remove the default ACL
    --set=acl Set the ACL, replacing the current ACL
    --set-file=file Set the ACL using entries from a file
    --mask Recalculate the effective rights mask
    -n, --no-mask Don't recalculate the effective rights mask
    -d, --default Operations apply to the default ACL
    -R, --recursive Apply operations recursively to all files and directories
    -L, --logical Follow symbolic links in recursive mode
    -P, --physical Don't follow symbolic links in recursive mode
    --restore=file Restore ACLs from a file created by getfacl
    --test Test mode: show the operations that would be performed
    --version Display version information and exit
    --help Display help information and exit

    Examples

    How to Use These Examples

    The examples below show common ways to use the setfacl command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    setfacl -m u:user1:rwx file.txt
    Grant read, write, and execute permissions to user1 for file.txt.
    setfacl -m g:developers:rw file.txt
    Grant read and write permissions to the developers group for file.txt.
    setfacl -x u:user1 file.txt
    Remove the ACL entry for user1 from file.txt. # Advanced Examples Advanced setfacl -m d:u:user1:rx directory/ Set a default ACL for user1 with read and execute permissions for a directory. setfacl -R -m g:developers:rwx directory/ Recursively grant read, write, and execute permissions to the developers group for a directory and its contents. setfacl -b file.txt Remove all ACL entries from file.txt. setfacl --test -m u:user1:rwx file.txt Test what would happen without making any changes. setfacl -m u:user1:rwx,g:developers:r-x,o::--- file.txt Set multiple ACL entries in a single command. setfacl --restore=acl_backup.txt Restore ACLs from a backup file. getfacl file1.txt | setfacl --set-file=- file2.txt Copy ACLs from file1.txt to file2.txt. setfacl -d -m g:developers:rwx directory/ Set default ACL for new files created in a directory. setfacl -m m::r-- file.txt Set the effective rights mask to read-only. find /data -type f -exec setfacl -m u:user1:r {} \; Grant read permission to user1 for all files under /data.

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The `setfacl` command is a powerful utility in Linux systems that allows administrators and users to set, modify, or remove Access Control Lists (ACLs) for files and directories. ACLs extend the traditional Unix permission model, providing more granular control over file access beyond the basic user/group/other permissions. ACLs allow you to grant specific permissions to individual users or groups without changing the file's ownership or basic permissions. This makes them especially useful in collaborative environments, shared directories, or any situation requiring precise access control. Key concepts in ACL management with `setfacl` include: 1. ACL Entries: Each ACL entry consists of a type (user, group, other, mask), an optional qualifier (specific user or group name), and permissions (read, write, execute). 2. Syntax for ACL Specifications: - `u:username:permissions` - User ACL entry - `g:groupname:permissions` - Group ACL entry - `o:permissions` - Other ACL entry - `m:permissions` - Mask entry (limits maximum permissions) - `d:entrytype:qualifier:permissions` - Default ACL entry (applies to new files) 3. Permission Notations: - `r` - Read permission - `w` - Write permission - `x` - Execute permission - `-` - No permission 4. Default ACLs: These are applied to new files and directories created within a directory that has default ACLs set. They provide an inheritance mechanism for permissions. 5. Effective Permissions: The actual permissions granted to a user are calculated based on the intersection of the ACL entry and the mask. The `setfacl` command offers various operational modes: - Modify mode (`-m`): Add or modify ACL entries - Remove mode (`-x`): Remove specific ACL entries - Remove-all mode (`-b`): Remove all extended ACL entries - Set mode (`--set`): Replace the entire ACL with new entries - Restore mode (`--restore`): Restore ACLs from a backup file Additional important features include: - Recursive application of ACLs to directory trees - Testing modifications without applying them - Following or not following symbolic links - Backup and restoration of ACLs To view existing ACLs, the companion command `getfacl` is used. Together, these commands provide a comprehensive system for ACL management in Linux. It's important to note that ACL support must be enabled in the filesystem (most modern Linux filesystems support ACLs), and the filesystem must be mounted with the `acl` option if it's not enabled by default.

    Related Commands

    These commands are frequently used alongside setfacl or serve similar purposes:

    getfacl
    chmod
    chown
    chgrp
    ls
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the setfacl command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ setfacl
    View All Commands