The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
To add or modify the ACL rules for file, use the setfacl command:
# setfacl -m rules
file
...
The rules take the following forms:
-
[d:]u:
user
[:permissions
] Sets the access ACL for the user specified by name or user ID. The permissions apply to the owner if a user is not specified.
-
[d:]g:
group
[:permissions
] Sets the access ACL for a group specified by name or group ID. The permissions apply to the owning group if a group is not specified.
-
[d:]m[:][:
permissions
] Sets the effective rights mask, which is the union of all permissions of the owning group and all of the user and group entries.
-
[d:]o[:][:
permissions
] Sets the access ACL for other (everyone else to whom no other rule applies).
The permissions are r
, w
,
and x
for read, write, and execute as used
with chmod.
The d: prefix is used to apply the rule to the default ACL for a directory.
To display a file's ACL, use the getfacl command, for example:
# getfacl foofile
# file: foofile
# owner: bob
# group: bob
user::rw-
user::fiona:r--
user::jack:rw-
user::jill:rw-
group::r--
mask::r--
other::r--
If extended ACLs are active on a file, the -l
option to ls displays a plus sign
(+
) after the permissions, for example:
# ls -l foofile
-rw-r--r--+ 1 bob bob 105322 Apr 11 11:02 foofile
The following are examples of how to set and display ACLs for directories and files.
Grant read access to a file or directory by a user.
# setfacl -m u:user
:r file
Display the name, owner, group, and ACL for a file or directory.
# getfacl file
Remove write access to a file for all groups and users by modifying the effective rights mask rather than the ACL.
# setfacl -m m::rx file
The -x option removes rules for a user or group.
Remove the rules for a user from the ACL of a file.
# setfacl -x u:user
file
Remove the rules for a group from the ACL of a file.
# setfacl -x g:group
file
The -b option removes all extended ACL entries from a file or directory.
# setfacl -b file
Copy the ACL of file f1
to file
f2
.
# getfacl f1
| setfacl --set-file=- f2
Set a default ACL of read and execute access for other on a directory:
# setfacl -m d:o:rx directory
Promote the ACL settings of a directory to default ACL settings that can be inherited.
# getfacl --access directory
| setfacl -d -M- directory
The -k option removes the default ACL from a directory.
# setfacl -k directory
For more information, see the acl(5)
,
setfacl(1)
, and getfacl(1)
manual pages.