getfacl command is used to get file access control list. In a Linux file system, each file and directories are created with a specific set of file permissions for its access. The different set of file access permissions is given to each user. getfacl displays the owner, file name, group and Access Control List (ACL).  If a directory has a default ACL, getfacl will also display the default ACL and non-directories cannot have default ACL’s.


getfacl [-dRLPvh] file ...getfacl [-dRLPvh] -
getfacl [-dRLPvh] -


--access– Displays the file access control list.

-d, --default  – Displays the default access control list.

-R, --recursive – Lists the ACLs of all files and directories recursively.

--version – Prints the version of getfacl and exit.

--skip-base – Skips the files that have the base ACL entries (owner, group, others).

-e, --all-effective – Prints all effective right comments which are even identical to the rights defined by ACL entry.

-E, --no effective – Does not print effective rights comments.

-n, --numeric – Lists the numeric user and group IDs.

-p, --absolute-names – Does not strip leading slash characters (/).

-c, --omit header – The comment header will not be displayed in the output file.


getfacl test.txt

Output Format for getfacl:

# file: test.txt

# owner: test

# group: test




The command displays the access control list for the file test.txt.

Categorized in:

Tagged in: