setfacl – Set file Access Control list

The setfacl command is used to set Access Control Lists (ACLs) for files and directories in Linux. ACLs are used to provide more granular control over file and directory permissions beyond the traditional owner, group, and other permissions.


The setfacl command allows you to set ACLs for files and directories. The syntax for the command is as follows:

setfacl [options] file/dir

Here, file/dir specifies the file or directory for which you want to set the ACLs.


Setting default ACLs for a directory

setfacl -d -m u::rwx,g::r-x,o::r-x /path/to/dir

This command sets the default ACLs for the directory /path/to/dir. The -d option specifies that these are default ACLs, which will be applied to any new files or directories created within this directory. The -m option specifies that we are modifying the ACLs, and the u::rwx,g::r-x,o::r-x specifies the actual ACLs. Here, u refers to the user owner, g refers to the group owner, and o refers to other users. rwx specifies read, write, and execute permissions, while r-x specifies read and execute permissions.

Setting ACLs for a file

setfacl -m u:john:rwx,g:admins:r-x,o::r-- /path/to/file

This command sets the ACLs for the file /path/to/file. Here, we are granting the user john read, write, and execute permissions, and the group admins read and execute permissions. Other users are not granted any permissions.


The following table lists the available options for the setfacl command:

Option Description
-m Modify the ACLs for a file or directory
-x Remove the specified ACLs from a file or directory
-b Remove all ACLs from a file or directory
-k Remove default ACLs from a directory
-R Apply the command recursively to all files and directories in a directory
-d Set default ACLs for a directory

Troubleshooting tips

  • If you receive an error message stating that the setfacl command is not found, you may need to install the acl package on your system.
  • If you are having trouble setting ACLs for a file or directory, make sure that the file system on which the file or directory resides supports ACLs. You can check this by running the mount command and looking for the acl option in the output.


  • ACLs are only supported on certain file systems, such as ext3, ext4, and XFS.
  • Be careful when setting ACLs, as they can be more complex than traditional file permissions and can potentially lead to security vulnerabilities if not set properly.