[ About | Licence | Contacts ]
Written by Oleksandr Gavenko (AKA gavenkoa), compiled on 2017-01-30 from rev ccaa2f364422+.


Managing ACL permissions.

Set permission:

$ sudo setfacl -m u:nobody:rwx ~/tmp/dir
$ sudo setfacl -m g:nogroup:rwx ~/tmp/dir

Review permissions:

$ sudo getfacl ~/tmp/dir

Remove specific permissions:

$ sudo setfacl -x u:test ~/tmp/dir


setfacl with -x key can't remove specific permission (like read/write/executable bit), you should remove corresponding user or group and set new or explicitly specify desired permission for user or group with -m option.

Remove all ACL permissions:

$ sudo setfacl -b ~/tmp/dir

Remove default ACL:

$ sudo setfacl -k ~/tmp/dir

Backup and restore ACL:

$ sudo getfacl ~/tmp/dir >~/tmp/backup.acl
$ sudo setfacl --restore=~/tmp/backup.acl

Add default ACL to directory to make ACL permission inheritance:

$ sudo setfacl -d -m u:nobody:rwx /srv/www
$ sudo setfacl -m u:nobody:rwx /srv/www

or by single command:

$ sudo setfacl -m u:nobody:rwx,d:u:nobody:rwx /srv/www

To apply permission recursively add -R option:

$ sudo setfacl -R -d -m u:nobody:rwx /srv/www
$ sudo setfacl -R -m u:nobody:rwx /srv/www


default ACL is set only on directories and is applied only to directory children. So you should explicitly add permission to directory itself!