Access control lists (ACLs), supported in both UFS and NFS, provide greater flexibility in managing file permissions than traditional UNIX file protection. The traditional UNIX file protection provides read, write, and execute permissions for three user classes: owner, group, and other.
Using ACLs allows you to define file permissions for the owner, owner's group, others, specific users and groups, and default permissions for each of those categories. For example, you can set up an ACL that defines read permission to a group of users and write permission to only one user in the group. You could not do this with standard UNIX file permissions.
The setfacl(1) command sets, adds, modifies, and deletes ACL entries, and the getfacl(1) command displays ACL entries.
See System Administration Guide, Volume II for more information about using ACLs.