🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Home » Learn » Linux Commands » getfacl

getfacl Command

Advanced Permissions & Ownership man(1)

Get file access control lists

👁 9 views 📅 Updated: Mar 15, 2026
SYNTAX
getfacl [OPTION]... FILE...

What Does getfacl Do?

getfacl displays Access Control Lists (ACLs) for files and directories. ACLs provide fine-grained permissions beyond the basic owner/group/other model, allowing permissions for specific users and groups.

getfacl shows both the standard permissions and any extended ACL entries. ACLs are useful when the basic permission model is insufficient — for example, granting access to one specific user without changing group membership.

ACLs require filesystem support (ext4, xfs, btrfs support ACLs). The filesystem must be mounted with ACL support (usually default on modern systems).

Options & Flags

OptionDescriptionExample
-R Recursive getfacl -R /shared/
-t Tabular format getfacl -t file.txt
-p No path stripping getfacl -p /path/to/file
-d Show default ACLs only getfacl -d /shared/

Practical Examples

#1 View file ACLs

Shows all permissions including ACL entries.
$ getfacl document.txt
Output: # file: document.txt # owner: admin # group: staff user::rw- user:alice:rw- group::r-- group:developers:rw- mask::rw- other::r--

#2 View directory ACLs

Shows directory permissions and default ACLs for new files.
$ getfacl /shared/project/

#3 Default ACLs

Shows only the default ACL entries that new files will inherit.
$ getfacl -d /shared/

#4 Recursive ACL listing

Saves all ACLs recursively for backup.
$ getfacl -R /var/www/ > acl_backup.txt

#5 Check for ACLs

The + sign in ls -l output indicates ACLs are set.
$ ls -la | grep "+"
Output: -rw-rw-r--+ 1 admin staff 1234 file.txt

Tips & Best Practices

+ in ls output: ls -l shows + at the end of permissions (drwxrwxr-x+) when ACLs are set. Use getfacl to see the details.
Backup and restore ACLs: getfacl -R /dir > backup.acl saves all ACLs. setfacl --restore=backup.acl restores them.
ACLs and cp/rsync: Regular cp does not preserve ACLs. Use cp -a or rsync -A to preserve ACL entries during copy.

Frequently Asked Questions

How do I check file ACLs?
getfacl filename shows all permissions including ACL entries for specific users and groups.
How do I know if a file has ACLs?
ls -l shows a + sign at the end of permissions. Then use getfacl to see the ACL details.
How do I backup ACLs?
getfacl -R directory/ > acl_backup.txt saves all ACLs. Restore with setfacl --restore=acl_backup.txt.

Related Commands

chmod

Change file and directory permissions

 chown

Change file owner and group

 ls

List directory contents and file information

 setfacl

Set file access control lists for fine-grained permissions

 stat

Display detailed file or filesystem status

More Permissions & Ownership Commands

chgrp

Change group ownership of files

 chmod

Change file and directory permissions

 chown

Change file owner and group

 setfacl

Set file access control lists for fine-grained permissions

 umask

Set default file creation permissions
fuser Command 📋 All Commands gpg Command →

Master Linux with Professional eBooks

Curated IT eBooks covering Linux, DevOps, Cloud, and more

Browse Books →