Use POSIX ACLs to give single users precise access without changing ownership or group. 02.05.2026 | reading time: 2 min Meet `setfacl`: the command to alter POSIX ACLs and give specific users or groups tailored rights without changing owner or group; it is the tool to solve permission needs that exceed the classic owner/group/other model. A shared project folder Hands on: imagine a shared project directory where alice needs full access but must not become owner; here are the commands and expected output to set and verify ACLs: ```bash mkdir -p /tmp/proj touch /tmp/proj/README.md setfacl -m u:alice:rwx,d:u:alice:rwx /tmp/proj getfacl /tmp/proj ``` Expected `getfacl` output: ```text # file: /tmp/proj # owner: root # group: root user::rwx user:alice:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:alice:rwx default:group::r-x default:mask::rwx default:other::r-x ``` Options that matter Do this and that: use `-m` to modify or add entries, `-x` to remove specific entries, `-b` to strip all extended ACLs and `-R` for recursion; remember default ACLs (prefix `d:`) apply to newly created files, and the ACL mask can limit effective rights for named users and groups so he must check `getfacl` after changes. Where ACLs change behavior Practical caveats: ACLs interact with the classic permission bits so `chmod` and the umask still matter, some filesystems or mount options may need ACL support enabled, and backup/transfer tools require special flags (for example `cp -a` or `tar --acls`) to preserve ACLs across systems. Related utilities to try Inspect ACLs with `getfacl`, manage classic bits with `chmod`, and preserve ACLs with archivers like `tar` when moving data; combine these tools in scripts to automate permission setups for new projects or user lifecycles. A short outlook Mastering `setfacl` lets him solve many shared-permission headaches quickly and safely; take this capability into scripting and system design to avoid brittle group hacks and accidental data exposure, and consider formal study to deepen the skill set. Join Bits & Bytes Academy First class LINUX exam preparation. filesystem security utilities
