Home > File & Directory Management > getfacl

getfacl: Check File Access Control Lists (ACLs)

The getfacl command is used to view the Access Control Lists (ACLs) set for files and directories. It allows for more granular permission settings than traditional Unix permissions (rwx) and is useful for managing individual access rights for specific users or groups.

Overview

ACLs are a feature that allows fine-grained control over permissions for file system objects, based on users, groups, or other identifiers. getfacl reads these ACL settings and displays the currently applied permission rules.

Key Features

  • View granular permission settings beyond traditional rwx permissions
  • Check individual permissions for specific users or groups
  • Provides functionality to view default ACLs for directories
  • Recursively checks ACLs for sub-files and directories

Key Options

The getfacl command offers various options to control the output format or query specific types of ACLs when retrieving ACL information.

Querying and Output

Generated command:

Try combining the commands.

Description:

`getfacl` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Demonstrates various ways to check ACLs for files and directories using the getfacl command.

Check ACL of a Specific File

getfacl sample.txt

Checks the current ACL settings for the file sample.txt.

Check Default ACL of a Directory

getfacl -d my_directory

Checks the default ACL set for the my_directory directory. This ACL will be applied to new files/directories created within this directory.

Recursively Check ACLs of a Directory and its Contents

getfacl -R data_dir

Recursively checks the ACLs for the data_dir directory and all files and subdirectories within it.

Output ACL Information Without Header

getfacl --omit-header report.log

Prints ACL information for the report.log file concisely without a header. This is useful for parsing in scripts.

Installation

The getfacl command is typically part of the 'acl' package. It is pre-installed on most Linux distributions, but may need to be manually installed in minimal environments.

Debian/Ubuntu

sudo apt update && sudo apt install acl

Installs the 'acl' package using the apt package manager.

RHEL/CentOS/Fedora

sudo dnf install acl
# or
sudo yum install acl

Installs the 'acl' package using the yum or dnf package manager.

Tips & Notes

Tips and notes for effectively using and managing ACLs.

Checking if ACLs are Applied

If ACLs are applied to a file or directory, the 'ls -l' command will display a '+' symbol at the end of the permission string (e.g., -rw-rw-r--+).

  • ls -l Output: Check for '+' at the end of the permission string

Relationship Between ACLs and Traditional Permissions

ACLs work in conjunction with traditional rwx permissions. When ACLs are set, traditional permissions can act as a 'mask' to limit the maximum effective permissions set by the ACL. The 'mask' entry can be seen in the getfacl output.

Integration with setfacl

To set or modify ACLs, you must use the 'setfacl' command. The common workflow is to check the current settings with getfacl and then make changes with setfacl.

File System Support

ACLs are not supported by all file systems. Most modern Linux file systems like ext2/3/4 and XFS support ACLs, but the file system may need to have ACLs enabled via mount options (e.g., mount -o acl).

Same category commands

basename

basename: Extract Filename from Path

basename-u

basename-u: Extracting Filenames (basename command)

basename-w

basename-w: Extract Filename from Path (Virtual)

cd

cd Command Guide: Basics of Directory Navigation

chattr

chattr: Change File Attributes