Linux : Set Access Control List Using Setfacl And Getfacl Commands

The Linux command setfacl allows users to set extensive Access Control Lists on files and directories. Normally, using chmod command, you will be able to set permissions for the owner/group/others. But, in case you may need to provide file permissions for some other users too, that can’t be done using chmod. setfacl will assist you to get rid of such troubles. You can view the current “acl” set on files and directories using getfacl command.

In order to use setfacl on a file/directory, the residing filesystem should have acl support enabled. If the filesystem doesn’t support acl, you will get “operation not supported” error. In that case, you need to add acl support to the filesystem in “/etc/fstab” as follows and then remount the filesystem.

fstab mount

We can now go through the various usage of “setfacl” command. First, we can create a folder called “test_folder” as root.

Acl Linux

1. Providing ACL for an individual User

Suppose, you want to give full access to the user “test” on the directory “test_folder”. This can be done using setfacl as follows.

setfacl and getfacl commands

Acl Linux

2. Providing ACL for all users of a group

If you want to provide write access for all the users of the group “testg” to the folder “test_folder”, you can do it as follows.

setfacl and getfacl commands

Acl Linux

3. Revoking acl of a user/group

If you want to revoke the permissions that we’ve given for the user test and the group testg, you can use setfacl command as follows.

setfacl and getfacl commands

Acl Linux

4. Copying ACL of one file/directory to another

Suppose, you want to have the same ACL set of test_folder on test_folder1 too, you can set it by copying the ACL as follows.

setfacl and getfacl commands

Acl Linux

Bobbin Zachariah 7:54 pm

About Bobbin Zachariah

Founder of LinOxide, passionate lover of Linux and technology writer. Started his career in Linux / Opensource from 2000. Love traveling, blogging and listening music. Reach Bobbin Zachariah about me page and google plus page.

Author's All Posts
Like to become part of Linoxide Team and contribute tips? Contact us here.


Your email address will not be published. Required fields are marked *

All comments are subject to moderation.


  1. this works great for setting file or directory specific permissions recursively. just change the type option to d for directories.

    ***this example removes acl from all files below the path
    find /path/to/start/from -type f -exec setfacl -b {} +