Filesystem/Access Control List Guide

Access Control List (ACL or POSIX ACL) is Article description::an additional security control feature for multiuser systems. POSIX ACL facilitates a more fine-grained control over filesystem permissions than the basic POSIX RWX bits do.

Kernel
Enable POSIX Access Control Lists for each filesystem that is intended to leverage ACLs.

Emerge
Utilities for manipulating ACLs are available in :

Additional software
The package provides a utility improving ACL user experience.

Configuration
Some filesystems, such as ext4, XFS, or Btrfs, enable ACLs by default when mounted. Other filesystems may require extra mount options to enable POSIX ACLs.

For example, in case of ReiserFS there is the  mount option available. It can be used in as:

Usage
The provides, , and  utilities.

Get/read ACL
The utility is used to read ACLs assigned on files and directories.

For example, to get ACLs on :

Set/modify ACL
The utility is used to set ACLs on files and directories.

Examples
To add larry to have read, write and execute permissions on :

To add larry to have +write access on :

To add default user access right to read and write permissions on :

To add groupname to have read, write and execute permissions on :

To add groupname to have recursive +execute permissions on :

To add default group access right to read and write permissions on :

To remove ACLs from :

To remove default ACL from :

Which files/directories leverage ACLs?
The command used with the   option displays a   sign if the listed file uses ACL.

Notice the  sign on both  and.

External resources

 * Linux manual page for setfacl