Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Traveller''s Lunchbox

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 73 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       setfacl [-bkndRLPvh] [{-m|-x} acl_spec] [{-M|-X} acl_file]
       file ...

       setfacl --restore=file


       This utility sets Access Control Lists (ACLs) of files and
       directories.   On the command line, a sequence of commands
       is followed by a sequence of files (which in turn  can  be
       followed by another sequence of commands, ...).

       The  options -m, and -x expect an ACL on the command line.
       Multiple ACL entries are  separated  by  comma  characters
       (`,').  The  options -M, and -X read an ACL from a file or
       from standard input. The ACL entry format is described  in
       Section ACL ENTRIES.

       The  --set and --set-file options set the ACL of a file or
       a directory. The previous ACL is  replaced.   ACL  entries
       for this operation must include permissions.

       The  -m  (--modify)  and -M (--modify-file) options modify
       the ACL of a file or  directory.   ACL  entries  for  this
       operation must include permissions.

       The  -x  (--remove)  and -X (--remove-file) options remove
       ACL enries. Only ACL entries without the perms  field  are
       accepted as parameters, unless POSIXLY_CORRECT is defined.

       When reading from files using the -M, and -X options, set­
       facl  accepts  the  output  getfacl produces.  There is at
       most one ACL entry per line. After  a  Pound  sign  (`#'),
       everything  up to the end of the line is treated as a com­

       If setfacl is used on a file system which does not support
       ACLs,  setfacl  operates on the file mode permission bits.
       If the ACL does not fit completely in the permission bits,
       setfacl  modifies the file mode permission bits to reflect
       the ACL as closely as possible, writes an error message to
       standard  error,  and  returns with an exit status greater
       than 0.

       The file owner and processes  capable  of  CAP_FOWNER  are
       granted the right to modify ACLs of a file. This is analo­
       gous to the permissions required for  accessing  the  file
       mode.  (On  current  Linux  systems, root is the only user
       with the CAP_FOWNER capability.)
           mask entry, unless a mask entry was explicitly  given.
           The  mask entry is set to the union of all permissions
           of the owning group, and  all  named  user  and  group
           entries.  (These  are  exactly the entries affected by
           the mask entry).

           Do recalculate the effective rights mask, even  if  an
           ACL  mask  entry  was  explicitly  given.  (See the -n

       -d, --default
           All operations apply to the Default ACL.  Regular  ACL
           entries  in  the input set are promoted to Default ACL
           entries. Default ACL entries in the input set are dis­
           carded. (A warning is issued if that happens).

           Restore a permission backup created by `getfacl -R' or
           similar. All permissions of a complete directory  sub­
           tree  are  restored using this mechanism. If the input
           contains owner comments or group comments, and setfacl
           is  run  by  root,  the  owner and owning group of all
           files are restored as  well.  This  option  cannot  be
           mixed with other options except `--test'.

           Test  mode. Instead of changing the ACLs of any files,
           the resulting ACLs are listed.

       -R, --recursive
           Apply operations to all files and  directories  recur­
           sively.  This option cannot be mixed with `--restore'.

       -L, --logical
           Logical  walk,  follow  symbolic  links.  The  default
           behavior  is to follow symbolic link arguments, and to
           skip symbolic  links  encountered  in  subdirectories.
           This option cannot be mixed with `--restore'.

       -P, --physical
           Physical  walk,  skip  all  symbolic  links. This also
           skips symbolic link arguments.  This option cannot  be
           mixed with `--restore'.

           Print the version of setfacl and exit.

           Print help explaining the command line options.

       --  End  of command line options. All remaining parameters
              file owner if uid is empty.

       [d[efault]:] g[roup]:gid [:perms]
              Permissions of a named group.  Permissions  of  the
              owning group if gid is empty.

       [d[efault]:] m[ask][:] [:perms]
              Effective rights mask

       [d[efault]:] o[ther][:] [:perms]
              Permissions of others.

       Whitespace  between delimiter characters and non-delimiter
       characters is ignored.

       Proper ACL entries including permissions are used in  mod­
       ify  and set operations. (options -m, -M, --set and --set-
       file).  Entries without the perms field are used for dele­
       tion of entries (options -x and -X).

       For uid and gid you can specify either a name or a number.

       The perms field is a combination of characters that  indi­
       cate  the  permissions:  read (r), write (w), execute (x),
       execute only if the file is a  directory  or  already  has
       execute  permission for some user (X).  Alternatively, the
       perms field can be an octal digit (0-7).

       Initially, files and directories contain  only  the  three
       base  ACL  entries  for  the owner, the group, and others.
       There are some rules that need to be  satisfied  in  order
       for an ACL to be valid:

       *   The  three  base entries cannot be removed. There must
           be exactly one entry  of  each  of  these  base  entry

       *   Whenever  an  ACL contains named user entries or named
           group objects,  it  must  also  contain  an  effective
           rights mask.

       *   Whenever  an ACL contains any Default ACL entries, the
           three Default ACL base entries (default owner, default
           group, and default others) must also exist.

       *   Whenever  a Default ACL contains named user entries or
           named group objects, it must also  contain  a  default
           effective rights mask.

           copy  of  the ACL owner, owning group, or others entry
           is added to the Default ACL.

       *   If a Default ACL contains named user entries or  named
           group  entries, and no mask entry exists, a mask entry
           containing the same permissions as the default Default
           ACL's  group  entry  is added. Unless the -n option is
           given, the permissions of the mask entry  are  further
           adjusted  to  inclu  de  the  union of all permissions
           affected  by  the  mask  entry.  (See  the  -n  option


       Granting an additional user read access
              setfacl -m u:lisa:r file

       Revoking  write access from all groups and all named users
       (using the effective rights mask)
              setfacl -m m::rx file

       Removing a named group entry from a file's ACL
              setfacl -x g:staff file

       Copying the ACL of one file to another
              getfacl file1 | setfacl --set-file=- file2

       Copying the access ACL into the Default ACL
              getfacl -a dir | setfacl -d -M- dir


       If the environment variable  POSIXLY_CORRECT  is  defined,
       the  default  behavior  of setfacl changes as follows: All
       non-standard options are disabled.  The ``default:''  pre­
       fix  is  disabled.  The -x and -X options also accept per­
       mission fields (and ignore them).


       Andreas Gruenbacher, <a.gruenbacher@computer.org>.

       Please send your bug reports, suggested features and  com­
       ments to the above address.


       getfacl(1), chmod(1), umask(1), acl(5)

May 2000                ACL File Utilities             SETFACL(1)
Help us cut cost by not downloading the whole site!
Use of automated download sofware ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and therefore is expressedly prohibited. For more details on this, take a look here



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can help in many different ways.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds