Set permission:
$ sudo setfacl -m u:nobody:rwx ~/tmp/dir $ sudo setfacl -m g:nogroup:rwx ~/tmp/dir
Review permissions:
$ sudo getfacl ~/tmp/dir
Remove specific permissions:
$ sudo setfacl -x u:test ~/tmp/dir
Note
setfacl with -x key can't remove specific permission (like read/write/executable bit), you should remove corresponding user or group and set new or explicitly specify desired permission for user or group with -m option.
Remove all ACL permissions:
$ sudo setfacl -b ~/tmp/dir
Remove default ACL:
$ sudo setfacl -k ~/tmp/dir
Backup and restore ACL:
$ sudo getfacl ~/tmp/dir >~/tmp/backup.acl $ sudo setfacl --restore=~/tmp/backup.acl
Add default ACL to directory to make ACL permission inheritance:
$ sudo setfacl -d -m u:nobody:rwx /srv/www $ sudo setfacl -m u:nobody:rwx /srv/www
or by single command:
$ sudo setfacl -m u:nobody:rwx,d:u:nobody:rwx /srv/www
To apply permission recursively add -R option:
$ sudo setfacl -R -d -m u:nobody:rwx /srv/www $ sudo setfacl -R -m u:nobody:rwx /srv/www
Note
default ACL is set only on directories and is applied only to directory children. So you should explicitly add permission to directory itself!