System Administration Guide: Security Services

How to Modify ACL Entries on a File

  1. Modify ACL entries on a file by using the setfacl command.

    % setfacl -m acl-entry-list filename ... 

    Modifies the existing ACL entry. 


    Specifies the list of one or more ACL entries to modify on the file or directory. You can also modify default ACL entries on a directory. Table 4–8 and Table 4–9 show the valid ACL entries.

    filename ...

    Specifies one or more files or directories, separated by a space. 

  2. Verify that the ACL entries were modified on the file by using the getfacl command.

    % getfacl filename

Examples—Modifying ACL Entries on a File

In the following example, the permissions for the user george are modified to read and write.

% setfacl -m user:george:6 ch3.doc
% getfacl ch3.doc
# file: ch3.doc
# owner: nathan
# group: staff
user::george:rw-         #effective:r--
group::r-                #effective:r--

In the following example, the default permissions for the group staff are modified to read and the default ACL mask permissions are modified to read and write on the book directory.

% setfacl -m default:group:staff:4,default:mask:6 book