The Linux command setfacl allows users to set extensive Access Control Lists on files and directories. Normally, using chmod command, you will be able to set permissions for the owner/group/others. But, in case you may need to provide file permissions for some other users too, that can’t be done using chmod. setfacl will assist you to get rid of such troubles. You can view the current “acl” set on files and directories using getfacl command.
In order to use setfacl on a file/directory, the residing filesystem should have acl support enabled. If the filesystem doesn’t support acl, you will get “operation not supported” error. In that case, you need to add acl support to the filesystem in “/etc/fstab” as follows and then remount the filesystem.
We can now go through the various usage of “setfacl” command. First, we can create a folder called “test_folder” as root.
1. Providing ACL for an individual User
Suppose, you want to give full access to the user “test” on the directory “test_folder”. This can be done using setfacl as follows.
2. Providing ACL for all users of a group
If you want to provide write access for all the users of the group “testg” to the folder “test_folder”, you can do it as follows.
3. Revoking acl of a user/group
If you want to revoke the permissions that we’ve given for the user test and the group testg, you can use setfacl command as follows.
4. Copying ACL of one file/directory to another
Suppose, you want to have the same ACL set of test_folder on test_folder1 too, you can set it by copying the ACL as follows.