Set the access control list (ACL) for files or directories
setfacl [-bn] [-m entry[,entry...]] [-M acl_file] [-x entry[,entry...]] [-X acl_file] [path ...]
QNX Neutrino
The setfacl utility modifies the access control list for files or directories. ACLs extend the traditional permissions as set with chmod, giving you finer control over who has access to what. The classes of permissions are:
For an overview of ACLs, see Access Control Lists (ACLs) in the QNX Neutrino User's Guide.
If you're using the -M or -m option, each entry is in one of the following forms:
Entry type | Form |
---|---|
Owner | user::permissions |
Named user (identified by name or by ID) | user:user_name:permissions |
Owning group | group::permissions |
Named group (identified by name or ID) | group:group_name:permissions |
The upper bound on permissions for the group class. | mask::permissions |
Others | other::permissions |
If you wish, you can specify just the first letter of user, group, mask, and other. The permissions are a combination of r (read), w (write), x (execute), and - (no permission). You can put these characters in any order and omit any no permission hyphens. If the entry already exists in the ACL, the existing permissions are replaced by the new ones.
If you're using the -X or -x option, the permissions are ignored, and all permissions are removed for the specified mask, named user, or named group. You can't remove the entries for the owner, owning group, or others.
Add read-only permission for a specific user:
# setfacl -m user:frank:r my_file # getfacl my_file # file: my_file # owner: mabel # group: docs user::rw- user:frank:r-- group::rw- mask::rw- other::r--
Remove the permissions specified in my_acl from a file:
# cat my_acl user:frank: # setfacl -X my_acl my_file