8 chacl command examples in Linux [Cheat Sheet]


CheatSheet

Reviewer: Deepak Prasad

In Linux, files and directories have permissions for the owner of the file, the group associated with the file, and other users of the system. But these permissions have limitations as different permissions cannot be configured for different users. For example, you might need to provide read/write access to user A and read-only permission to user B and user C. Therefore, Access Control Lists (ACLs) were implemented. ACL provides a more flexible permission mechanism for the file system.

You can use setfacl command to set access control lists (ACLs) of files and directories and getfacl command to get file access control lists.

For more information : 15+ setfacl & getfacl command examples in Linux [Cheat Sheet]

In this article, you will learn to use chacl command in Linux. chacl command is used to change the access control list (ACL) of a file or directory.

 

Syntax to use chacl command

The syntax for chacl command is as follows:

chacl [options] acl_entries file...
  • acl_entries: A string specifying the ACL entries to set.
  • file: The file or directory to which the ACL entries should be applied

Some important options in chacl command are:

  • -b: Remove all ACL entries (both access and default).
  • -d: Remove only default ACL entries.
  • -R: Apply ACL entries recursively to all files and directories.
  • -D: Remove the default ACL entries for all files and directories.
  • -r: Remove the access ACL entries for all files and directories.
  • -l: List the current ACL entries.
  • -P: Preserve the permission bits.
  • -p: Print the current ACL entries in a more human-readable format.

 

Understanding ACL Entry

An ACL entry specifies the permissions for a user, group, or others and includes:

  1. Tag Type: Identifies whether the entry is for a user, group, mask, or other.
  2. Qualifier: Specifies the user or group name (can be omitted for "other" and "mask" entries).
  3. Permissions: Specifies the set of permissions (read, write, execute).

Each ACL entry has a specific format:

User Entry

  • Format: u:name:perm or user:name:perm
  • Example: u:alice:rwx - Grants read, write, and execute permissions to user Alice.

Group Entry

  • Format: g:name:perm or group:name:perm
  • Example: g:developers:r-- - Grants read-only permission to the group Developers.

Mask Entry

  • Format: m:perm or mask:perm
  • Example: m:rwx - Sets the maximum permissions that can be granted to users and groups (excluding the owner).

Other Entry

  • Format: o:perm or other:perm
  • Example: o:--- - Sets permissions for others (users not covered by the user or group entries).

Default ACL Entries

Default ACL entries apply only to directories and are inherited by new files and subdirectories created within them.

  • Default User Entry: d:u:name:perm or default:user:name:perm
  • Default Group Entry: d:g:name:perm or default:group:name:perm
  • Default Mask Entry: d:m:perm or default:mask:perm
  • Default Other Entry: d:o:perm or default:other:perm

Let's understand more using some practical examples

# Add a read permission for user Alice
setfacl -m u:alice:r file.txt

# Add read and write permissions for group Developers
setfacl -m g:developers:rw file.txt

# Remove all permissions for others
setfacl -m o:: file.txt

# Display the ACL of a file
getfacl file.txt

# Remove the ACL entry for user Alice
setfacl -x u:alice file.txt

 

1. Change the ACL of a file

You can view the current ACL of a file using the getfacl command.

The first three lines indicate the file name, owner, and owning group. The file user has rwx permission, the group has r-x permisision, and others have r-- permission.

getfacl command to display access control lists

Now, let's change the ACL of a file Employment_Rate.csv. The following command changes the ACL of a Employment_Rate.csv, such that the file user will have rw- access. the group will have r-- access, and others will have --- access.

$ chacl u::rw-,g::r--,o::--- Employment_Rate.csv

Sample Output:

chacl command to change the ACL of a file

In the following example, the file user will have rwx access but the user deepak will have r-- access only. The filegroup will have r-x access but the group computer will have r-- access only.

$ chacl u::rwx,g::r-x,o::r--,u:deepak:r--,g:computer:r--,m::r-x Employment_Rate.csv

Sample Output:

chacl command change the ACL of a file

 

2. Remove the ACL of a file

The -R option can be used to remove the ACL of a file only.

$ chack -R file

Sample Output:

chacl command to remove the ACL of a file only

 

3. Change the ACL of a directory

You can change the ACL of a directory by specifying the directory instead of a file.

$ chacl u::rw-,g::r--,o::--- directory

Sample Output:

chacl command to change the ACL of a directory

 

4. Set the default ACL of a directory

You can set the default ACL of a directory using the -d option.

$ chacl -d u::rwx,g::rw-,o::r-- Documents

Sample Output:

chacl command to change the default ACL of a directory

 

5. Remove the default ACL of a directory

You can remove the default ACL of a directory using the -D option.

$ chacl -D Documents

Sample Output:

chacl command to remove the default ACL of a directory

 

6. List the ACL of a file or directory

You can list the access ACL of a file or directory using the -l option. It also displays the default ACL of the specified files or directories.

$ chacl -l file

Sample Output:

chacl command to list the ACL

 

6. Remove all ACLs of a file or directory

The -B option removes all ACLs of a file or directory.

$ chacl -B file

 

7. Set the access ACL recursively

The -r option changes the access ACL of a directory recursively. It means that the content of the directory will also have the same ACL.

$ chacl -r u::rwx,g::rw-,o::r-- directory

Sample Output:

As you can see, the ACL of a file and sub-directory inside the directory is also changed.

chacl command to set the ACL recursively

 

8. Change two ACLs

The -b option indicates that there are two ACLs to change. The first is the file access ACL and the second is the directory default ACL.

$ chacl -b acl dacl directory

Sample Output:

chacl command to change two acls

 

Conclusion

We hope this tutorial helps you to understand how to change ACLs of a file or directory using the chacl command on Linux. If you have any confusion on the chacl command, please let us know in the comment section below.

 

What's Next

15+ setfacl & getfacl command examples in Linux [Cheat Sheet]
Know impacts of chmod 777 command [Be Cautious]

 

Further Reading

man page for chacl command

 

Rohan Timalsina

Rohan Timalsina

He is proficient in a wide range of skills, including Page Builder Plugins such as Elementor, Beaver Builder, Visual Composer, and Divi Builder. His expertise extends to Front End Development with HTML5/CSS3, JavaScript, Bootstrap, and React.js. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment