chacl is an IRIX-compatibility command, and is maintained for those
users who are familiar with its use from either XFS or IRIX. Refer
to the SEE ALSO section below for a description of tools which
conform more closely to the (withdrawn draft) POSIX 1003.1e standard
which describes Access Control Lists (ACLs).
chacl changes the ACL(s) for a file or directory. The ACL(s)
specified are applied to each file in the pathnamearguments.
Each ACL is a string which is interpreted using the acl_from_text(3)
routine. These strings are made up of comma separated clauses each
of which is of the form, tag:name:perm. Where tagcan be:
"user" (or "u")
indicating that the entry is a user ACL entry.
"group" (or "g")
indicating that the entry is a group ACL entry.
"other" (or "o")
indicating that the entry is an other ACL entry.
"mask" (or "m")
indicating that the entry is a mask ACL entry.
nameis a string which is the user or group name for the ACL entry.
A null namein a user or group ACL entry indicates the file's owner
or file's group. permis the string "rwx" where each of the entries
may be replaced by a "-" indicating no access of that type, e.g.
"r-x", "--x", "---".
-b Indicates that there are two ACLs to change, the first is the
file access ACL and the second the directory default ACL.
-d Used to set only the default ACL of a directory.
-R Removes the file access ACL only.
-D Removes directory default ACL only.
-B Remove all ACLs.
-l Lists the access ACL and possibly the default ACL associated
with the specified files or directories. This option was
added during the Linux port of XFS, and is not IRIX
-r Set the access ACL recursively for each subtree rooted at
pathname(s). This option was also added during the Linux port
of XFS, and is not compatible with IRIX.
A minimum ACL:
chacl u::rwx,g::r-x,o::r-- file
The file ACL is set so that the file's owner has "rwx", the file's
group has read and execute, and others have read only access to the
An ACL that is not a minimum ACL, that is, one that specifies a user
or group other than the file's owner or owner's group, must contain a
chacl u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x file1 file2
To set the default and access ACLs on newdirto be the same as on
olddir, you could type:
chacl -b `chacl -l olddir | \sed -e 's/.*\[//' -e 's#/# #' -e 's/]$//'` newdir
chacl can replace the existing ACL. To add or delete entries, you
must first do chacl -lto get the existing ACL, and use the output to
form the arguments to chacl.
Changing the permission bits of a file will change the file access
ACL settings (see chmod(1)). However, file creation mode masks (see
umask(1)) will not affect the access ACL settings of files created
using directory default ACLs.
ACLs are filesystem extended attributes and hence are not typically
archived or restored using the conventional archiving utilities. See
attr(5) for more information about extended attributes and see
xfsdump(8) for a method of backing them up under XFS.
This page is part of the acl (manipulating access control lists)
project. Information about the project can be found at
⟨http://savannah.nongnu.org/projects/acl⟩. If you have a bug report
for this manual page, see
⟨http://savannah.nongnu.org/bugs/?group=acl⟩. This page was obtained
from the project's upstream Git repository
⟨git://git.savannah.nongnu.org/acl.git⟩ on 2017-03-13. If you dis‐
cover any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page, or
you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
September 2001 ACL File Utilities CHACL(1)