GNU Linux/Permissions/POSIX ACLs

From Wiki
< GNU Linux‎ | Permissions
Revision as of 18:55, 27 February 2015 by Deoren (talk | contribs) (Added some scratch notes and some Q/A re how files/directories are treated. Obviously I have a lot of reading to do.)
Jump to: navigation, search


This page will record my efforts to learn how to use POSIX ACLs. I'm familiar with ACLs used on Windows systems and to a lesser extent Mac OS X (GUI-only), but this is my first foray into POSIX ACLs.


Explain this:

 setfacl -d -m group:rwx /path/to/your/dir

It appears to be setting the Default ACL for the owning group to rwx (octal 777) for a specific directory. Presumably this means that inheritance would push those settings down to any newly created files/directories.

  • Q: What about existing files?
  • Q: What about existing directories?


The mask entry further limits the permissions granted by named user, named group, and owning group entries by defining which of the permissions in those entries are effective and which are masked. [1]

  • If permissions exist in one of the mentioned entries as well as the mask, they are effective.
  • Permissions contained only in the mask or only in the actual entry are not effective--meaning the permissions are not granted.
  • All permissions defined in the owner and owning group entries are always effective.

Removing POSIX ACLs

To remove all the permissions for a user, groups, or others, use the following command [2]:

setfacl -x ACL entry type file

For example, to remove all permissions from the user antony:

setfacl -x u:antony /mnt/gluster/data/test-file


Directly used

Queued up