ACL’s using setfacl

What is ACL?


Due to the limitations of permission/ownership setup with the files/folder in Linux (for example we cannot setup different permission for different users to access the same file). To overcome this problem ACL (Access Control Lists) are introduced. We can use the setfacl & getfacl command to setup the acl for folder and files.


Setting up ACL’s using setfacl


In the below example, i have created two separate users called user1 and user2 and i am going to setup full access and partial access  to the /root directory for this two users (which is the home directory for root). The first user user1 will have full access and the second user2 have only the read and execute permissions.


  • # setfacl -m u:user1:rwx /root
    # setfacl -m u:user2:rx /root

You can verify the permission setup using the getfacl command (you will also see a special + sign at the end of the folder permission which shows the ACL has been setup for the directory).


drwxrwx—+ 4 root root  4096 May  4 00:19 root


Screen-caps below.



Output of Getfacl


Removing ACL’s using setfacl


We can also remove the ACL using the setfacl. For example.


  • # setfacl -x u:user1 /root
    # setfacl -x u:user2 /root


Will remove all the acls for both the users (user1 & user2) on the /root directory. You can also verify it using the getfacl /root command.


Setfacl Man page :