Thank you for visiting this page, this page has been update in another link ACL on Linux -- getfacl
This is an article in addition to ACL on Linux -- POSIX Access control list on linux getfacl - get file access control listsTogether with setfacl, chacl, they are a tool set to manage POSIX Access Control list on linux # rpm -ql acl-2.2.39-8.el5.x86_64/usr/bin/chacl/usr/bin/getfacl/usr/bin/setfaclDescription For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL. Non-directories cannot have default ACLs. If getfacl is used on a file system that does not support ACLs, getfacl displays the access permissions defined by the traditional file mode permission bits. The output format of getfacl is as follows, it has three sections Head section-- file/dir ownership and groupship info 1: # file: somedir/ 2: # owner: lisa 3: # group: staff 4: user::rwx 5: user:joe:rwx #effective:r-x 6: group::rwx #effective:r-x 7: group:cool:r-x 8: mask:r-x 9: other:r-x 10: default:user::rwx 11: default:user:joe:rwx #effective:r-x 12: default:group::r-x 13: default:mask:r-x 14: default:other:---Lines 4, 6 and 9 correspond to the user, group and other fields of the file mode permission bits. These three are called the base ACL entries. Lines 5 and 7 are named user and named group entries. Line 8 is the effective rights mask. This entry limits the effective rights granted to all groups and to named users. (The file owner and others permissions are not affected by the effective rights mask; all other entries are.) Lines 10--14 display the default ACL associated with this directory. Directories may have a default ACL. Reg- ular files never have a default ACL. The default behavior for getfacl is to display both the ACL and the default ACL, and to include an effective rights comment for lines where the rights of the entry differ from the effective rights. Example 1. display only one section $ getfacl --access acltest# file: acltest# owner: john# group: test1user::rwxuser:john:rwxuser:Tim:rwxgroup::r-xmask::rwxother::r-x[john@ ]$ getfacl --access --omit-head acltestuser::rwxuser:john:rwxuser:Tim:rwxgroup::r-xmask::rwxother::r-x[john@ ]$ getfacl --default --omit-head acltestuser::rwxuser:john:rwxuser:Tim:rwxgroup::r-xmask::rwxother::r-xIn above examples: --access Display the file access control list. -d, --default Display the default access control list. --omit-header Do not display the comment header (the first three lines of each file’s output).Example 2: effective$ getfacl --all-effective --omit-head --access acltestuser::rwxuser:john:rwx #effective:rwxuser:Tim:rwx #effective:rwxgroup::r-x #effective:r-xmask::rwxother::r-x --all-effective Print all effective rights comments, even if identical to the rights defined by the ACL entry. --no-effective Do not print effective rights comments.Example 3: -R, --recursive List the ACLs of all files and directories recursively.$ getfacl --all-effective --access -R acltest# file: acltest# owner: john# group: test1user::rwxuser:john:rwx #effective:rwxuser:Tim:rwx #effective:rwxgroup::r-x #effective:r-xmask::rwxother::r-x# file: acltest/johntest# owner: john# group: test1user::rwxuser:john:rwx #effective:rwxuser:Tim:rwx #effective:rwxgroup::r-x #effective:r-xmask::rwxother::r-xExample 4: --skipt-base Skip files that only have the base ACL entries (owner, group, others).$ getfacl --skip-base --default --numeric * |