8 chacl command examples in Linux [Cheat Sheet]

Introduction to chacl command

In Linux, files and directories have permissions for the owner of the file, the group associated with the file, and other users of the system. But these permissions have limitations as different permissions cannot be configured for different users. For example, you might need to provide read/write access to user A and read-only permission to user B and user C. Therefore, Access Control Lists (ACLs) were implemented. ACL provides a more flexible permission mechanism for the file system.

You can use setfacl command to set access control lists (ACLs) of files and directories and getfacl command to get file access control lists.

Advertisement

For more information : 15+ setfacl & getfacl command examples in Linux [Cheat Sheet]

 

In this article, you will learn to use chacl command in Linux. chacl command is used to change the access control list (ACL) of a file or directory.

 

Syntax to use chacl command

The syntax for chacl command is as follows:

$ chacl [option] acl pathname

Some important options in chacl command are:

  • -b: Indicates that there are two ACLs to change, the file access ACL and the directory default ACL
  • -d: Set only the default ACL of a directory
  • -R: Remove the file access ACL only
  • -D: Remove directory default ACL only
  • -B: Remove all ACLs
  • -l: Lists the access ACL and the default ACL of the specified files or directories
  • -r: Set the access ACL recursively

 

Understanding ACL Entry

Each ACL entry includes comma-separated clauses in the form of tag:name:perm.

tag can be:

Advertisement
  • user or u: indicates that the entry is a user ACL entry.
  • group or g: indicates that the entry is a group ACL entry.
  • other or o: indicates that the entry is other ACL entry.
  • mask or m: indicates that the entry is a mask ACL entry. It indicates the maximum permissions allowed for users (other than the owner) and for groups. For example, the mask entry m:r-- indicates that users and groups can have only read permission, even if they are given write/execute permissions.

name is a string which is the user or group name for the ACL entry. A null name in a user or group ACL entry indicates the file's owner or file's group.

perm is the string rwx where each of the entries can be replaced by a - indicating no access of that type. For example, you have to use r-x for read and execute, --x for execute-only, rw- for read and write, etc.

The following is an example of a minimum ACL entry where the file's owner will have rwx (read, write, execute), file's group will have r-x (read and execute), and others have read-only access to the file.

u::rwx,g::r-x,o::r--

An ACL entry which is not a minimum specifies a user or group other than the file's owner or owner's group. Such entries must contain a mask entry.

u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x

 

Different examples to use chacl command

1. Change the ACL of a file

You can view the current ACL of a file using the getfacl command.

The first three lines indicate the file name, owner, and owning group. The file user has rwx permission, the group has r-x permisision, and others have r-- permission.

Advertisement

getfacl command to display access control lists

Now, let's change the ACL of a file Employment_Rate.csv. The following command changes the ACL of a Employment_Rate.csv, such that the file user will have rw- access. the group will have r-- access, and others will have --- access.

$ chacl u::rw-,g::r--,o::--- Employment_Rate.csv

Sample Output:

chacl command to change the ACL of a file

In the following example, the file user will have rwx access but the user deepak will have r-- access only. The filegroup will have r-x access but the group computer will have r-- access only.

$ chacl u::rwx,g::r-x,o::r--,u:deepak:r--,g:computer:r--,m::r-x Employment_Rate.csv

Sample Output:

chacl command change the ACL of a file

 

2. Remove the ACL of a file

The -R option can be used to remove the ACL of a file only.

$ chack -R file

Sample Output:

Advertisement

chacl command to remove the ACL of a file only

 

3. Change the ACL of a directory

You can change the ACL of a directory by specifying the directory instead of a file.

$ chacl u::rw-,g::r--,o::--- directory

Sample Output:

chacl command to change the ACL of a directory

 

4. Set the default ACL of a directory

You can set the default ACL of a directory using the -d option.

$ chacl -d u::rwx,g::rw-,o::r-- Documents

Sample Output:

chacl command to change the default ACL of a directory

 

5. Remove the default ACL of a directory

You can remove the default ACL of a directory using the -D option.

$ chacl -D Documents

Sample Output:

Advertisement

chacl command to remove the default ACL of a directory

 

6. List the ACL of a file or directory

You can list the access ACL of a file or directory using the -l option. It also displays the default ACL of the specified files or directories.

$ chacl -l file

Sample Output:

chacl command to list the ACL

 

6. Remove all ACLs of a file or directory

The -B option removes all ACLs of a file or directory.

$ chacl -B file

 

7. Set the access ACL recursively

The -r option changes the access ACL of a directory recursively. It means that the content of the directory will also have the same ACL.

$ chacl -r u::rwx,g::rw-,o::r-- directory

Sample Output:

As you can see, the ACL of a file and sub-directory inside the directory is also changed.

Advertisement

chacl command to set the ACL recursively

 

8. Change two ACLs

The -b option indicates that there are two ACLs to change. The first is the file access ACL and the second is the directory default ACL.

$ chacl -b acl dacl directory

Sample Output:

chacl command to change two acls

 

Conclusion

We hope this tutorial helps you to understand how to change ACLs of a file or directory using the chacl command on Linux. If you have any confusion on the chacl command, please let us know in the comment section below.

 

What’s Next

15+ setfacl & getfacl command examples in Linux [Cheat Sheet]
Know impacts of chmod 777 command [Be Cautious]

 

Further Reading

man page for chacl command

 

Didn't find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Leave a Comment

X