Table of Contents
Introduction to chacl command
In Linux, files and directories have permissions for the owner of the file, the group associated with the file, and other users of the system. But these permissions have limitations as different permissions cannot be configured for different users. For example, you might need to provide read/write access to user A and read-only permission to user B and user C. Therefore, Access Control Lists (ACLs) were implemented. ACL provides a more flexible permission mechanism for the file system.
You can use setfacl command to set access control lists (ACLs) of files and directories and getfacl command to get file access control lists.
For more information : 15+ setfacl & getfacl command examples in Linux [Cheat Sheet]
In this article, you will learn to use chacl command in Linux. chacl command is used to change the access control list (ACL) of a file or directory.
Syntax to use chacl command
The syntax for chacl command is as follows:
$ chacl [option] acl pathname
Some important options in chacl command are:
- -b: Indicates that there are two ACLs to change, the file access ACL and the directory default ACL
- -d: Set only the default ACL of a directory
- -R: Remove the file access ACL only
- -D: Remove directory default ACL only
- -B: Remove all ACLs
- -l: Lists the access ACL and the default ACL of the specified files or directories
- -r: Set the access ACL recursively
Understanding ACL Entry
Each ACL entry includes comma-separated clauses in the form of
tag can be:
u: indicates that the entry is a user ACL entry.
g: indicates that the entry is a group ACL entry.
o: indicates that the entry is other ACL entry.
m: indicates that the entry is a mask ACL entry. It indicates the maximum permissions allowed for users (other than the owner) and for groups. For example, the mask entry
m:r--indicates that users and groups can have only read permission, even if they are given write/execute permissions.
name is a string which is the user or group name for the ACL entry. A null name in a user or group ACL entry indicates the file's owner or file's group.
perm is the string
rwx where each of the entries can be replaced by a
- indicating no access of that type. For example, you have to use
r-x for read and execute,
--x for execute-only,
rw- for read and write, etc.
The following is an example of a minimum ACL entry where the file's owner will have
rwx (read, write, execute), file's group will have
r-x (read and execute), and others have read-only access to the file.
An ACL entry which is not a minimum specifies a user or group other than the file's owner or owner's group. Such entries must contain a mask entry.
Different examples to use chacl command
1. Change the ACL of a file
You can view the current ACL of a file using the
The first three lines indicate the file name, owner, and owning group. The file user has
rwx permission, the group has
r-x permisision, and others have
Now, let's change the ACL of a file
Employment_Rate.csv. The following command changes the ACL of a
Employment_Rate.csv, such that the file user will have
rw- access. the group will have
r-- access, and others will have
$ chacl u::rw-,g::r--,o::--- Employment_Rate.csv
In the following example, the file user will have
rwx access but the user
deepak will have
r-- access only. The filegroup will have
r-x access but the group
computer will have
r-- access only.
$ chacl u::rwx,g::r-x,o::r--,u:deepak:r--,g:computer:r--,m::r-x Employment_Rate.csv
2. Remove the ACL of a file
-R option can be used to remove the ACL of a file only.
$ chack -R file
3. Change the ACL of a directory
You can change the ACL of a directory by specifying the directory instead of a file.
$ chacl u::rw-,g::r--,o::--- directory
4. Set the default ACL of a directory
You can set the default ACL of a directory using the
$ chacl -d u::rwx,g::rw-,o::r-- Documents
5. Remove the default ACL of a directory
You can remove the default ACL of a directory using the
$ chacl -D Documents
6. List the ACL of a file or directory
You can list the access ACL of a file or directory using the
-l option. It also displays the default ACL of the specified files or directories.
$ chacl -l file
6. Remove all ACLs of a file or directory
-B option removes all ACLs of a file or directory.
$ chacl -B file
7. Set the access ACL recursively
-r option changes the access ACL of a directory recursively. It means that the content of the directory will also have the same ACL.
$ chacl -r u::rwx,g::rw-,o::r-- directory
As you can see, the ACL of a file and sub-directory inside the directory is also changed.
8. Change two ACLs
-b option indicates that there are two ACLs to change. The first is the file access ACL and the second is the directory default ACL.
$ chacl -b acl dacl directory
We hope this tutorial helps you to understand how to change ACLs of a file or directory using the chacl command on Linux. If you have any confusion on the chacl command, please let us know in the comment section below.