Apply precise per-user and per-group file permissions using setfacl for flexible access control. 15.11.2025 | reading time: 2 min When owner/group/other bits are too coarse, `setfacl` lets the administrator grant precise per-user and per-group permissions on files and directories; this guide shows how to apply, inspect, modify, and remove ACLs with real commands. Hands-on demo Follow this live example to see `setfacl` in action: ```bash mkdir -p /tmp/acl-demo cd /tmp/acl-demo echo "Hello" > file1.txt ls -l file1.txt getfacl file1.txt setfacl -m u:alice:rw file1.txt getfacl file1.txt setfacl -m d:u:alice:rwx /tmp/acl-demo setfacl -R -m g:dev:rx /tmp/acl-demo getfacl /tmp/acl-demo setfacl -x u:alice file1.txt getfacl file1.txt ``` Example outputs to expect after the first `getfacl` and after adding `alice`: ``` # file: file1.txt # owner: root # group: root user::rw- group::r-- other::r-- # file: file1.txt # owner: root # group: root user::rw- user:alice:rw- group::r-- mask::rw- other::r-- ``` Key behaviors to watch ACL entries coexist with traditional permission bits and the mask governs maximum group and named-user permissions, default ACLs inherit on new files within a directory, `-R` applies changes recursively, `-b` removes all ACLs and `-k` removes only default entries, and remember that the filesystem and mount options must support POSIX ACLs for `setfacl` to take effect. Complementary commands Use `getfacl` to inspect ACLs, `chmod` to affect basic rwx bits (which interact with the ACL mask), and `chown` to change ownership which can alter how ACLs are evaluated; these tools work together when shaping access control policies. Final note and next step Start practicing on a disposable directory and experiment with default ACLs and the mask to understand effective permissions; to deepen system knowledge and prepare for certification consider focused study and intensive exam preparation at bitsandbytes.academy for CompTIA Linux+ or LPIC-1. Join Bits & Bytes Academy First class LINUX exam preparation. filesystem utilities security
