{ "mode": "man", "parameter": "getfacl", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/getfacl/1/json", "generated": "2026-05-30T06:06:27Z", "synopsis": "getfacl [-aceEsRLPtpndvh] file ...\ngetfacl [-aceEsRLPtpndvh] -", "sections": { "NAME": { "content": "getfacl - get file access control lists\n", "subsections": [] }, "SYNOPSIS": { "content": "getfacl [-aceEsRLPtpndvh] file ...\n\ngetfacl [-aceEsRLPtpndvh] -\n\n", "subsections": [] }, "DESCRIPTION": { "content": "For each file, getfacl displays the file name, owner, the group, and the Access Control List\n(ACL). If a directory has a default ACL, getfacl also displays the default ACL. Non-directo‐\nries cannot have default ACLs.\n\nIf getfacl is used on a file system that does not support ACLs, getfacl displays the access\npermissions defined by the traditional file mode permission bits.\n\nThe output format of getfacl is as follows:\n1: # file: somedir/\n2: # owner: lisa\n3: # group: staff\n4: # flags: -s-\n5: user::rwx\n6: user:joe:rwx #effective:r-x\n7: group::rwx #effective:r-x\n8: group:cool:r-x\n9: mask::r-x\n10: other::r-x\n11: default:user::rwx\n12: default:user:joe:rwx #effective:r-x\n13: default:group::r-x\n14: default:mask::r-x\n15: default:other::---\n\n\nLines 1--3 indicate the file name, owner, and owning group.\n\nLine 4 indicates the setuid (s), setgid (s), and sticky (t) bits: either the letter repre‐\nsenting the bit, or else a dash (-). This line is included if any of those bits is set and\nleft out otherwise, so it will not be shown for most files. (See CONFORMANCE TO POSIX 1003.1e\nDRAFT STANDARD 17 below.)\n\nLines 5, 7 and 10 correspond to the user, group and other fields of the file mode permission\nbits. These three are called the base ACL entries. Lines 6 and 8 are named user and named\ngroup entries. Line 9 is the effective rights mask. This entry limits the effective rights\ngranted to all groups and to named users. (The file owner and others permissions are not af‐\nfected by the effective rights mask; all other entries are.) Lines 11--15 display the de‐\nfault ACL associated with this directory. Directories may have a default ACL. Regular files\nnever have a default ACL.\n\nThe default behavior for getfacl is to display both the ACL and the default ACL, and to in‐\nclude an effective rights comment for lines where the rights of the entry differ from the ef‐\nfective rights.\n\nIf output is to a terminal, the effective rights comment is aligned to column 40. Otherwise,\na single tab character separates the ACL entry and the effective rights comment.\n\nThe ACL listings of multiple files are separated by blank lines. The output of getfacl can\nalso be used as input to setfacl.\n\n\nPERMISSIONS\nProcess with search access to a file (i.e., processes with read access to the containing di‐\nrectory of a file) are also granted read access to the file's ACLs. This is analogous to the\npermissions required for accessing the file mode.\n\n", "subsections": [] }, "OPTIONS": { "content": "-a, --access\nDisplay the file access control list.\n\n-d, --default\nDisplay the default access control list.\n\n-c, --omit-header\nDo not display the comment header (the first three lines of each file's output).\n\n-e, --all-effective\nPrint all effective rights comments, even if identical to the rights defined by the ACL\nentry.\n\n-E, --no-effective\nDo not print effective rights comments.\n\n-s, --skip-base\nSkip files that only have the base ACL entries (owner, group, others).\n\n-R, --recursive\nList the ACLs of all files and directories recursively.\n\n-L, --logical\nLogical walk, follow symbolic links to directories. The default behavior is to follow\nsymbolic link arguments, and skip symbolic links encountered in subdirectories. Only ef‐\nfective in combination with -R.\n\n-P, --physical\nPhysical walk, do not follow symbolic links to directories. This also skips symbolic link\narguments. Only effective in combination with -R.\n\n-t, --tabular\nUse an alternative tabular output format. The ACL and the default ACL are displayed side\nby side. Permissions that are ineffective due to the ACL mask entry are displayed capi‐\ntalized. The entry tag names for the ACLUSEROBJ and ACLGROUPOBJ entries are also dis‐\nplayed in capital letters, which helps in spotting those entries.\n\n-p, --absolute-names\nDo not strip leading slash characters (`/'). The default behavior is to strip leading\nslash characters.\n\n-n, --numeric\nList numeric user and group IDs\n\n-v, --version\nPrint the version of getfacl and exit.\n\n-h, --help\nPrint help explaining the command line options.\n\n-- End of command line options. All remaining parameters are interpreted as file names, even\nif they start with a dash character.\n\n- If the file name parameter is a single dash character, getfacl reads a list of files from\nstandard input.\n\n", "subsections": [ { "name": "CONFORMANCE TO POSIX 1003.1e DRAFT STANDARD 17", "content": "If the environment variable POSIXLYCORRECT is defined, the default behavior of getfacl\nchanges in the following ways: Unless otherwise specified, only the ACL is printed. The de‐\nfault ACL is only printed if the -d option is given. If no command line parameter is given,\ngetfacl behaves as if it was invoked as ``getfacl -''. No flags comments indicating the se‐\ntuid, setgid, and sticky bits are generated.\n" } ] }, "AUTHOR": { "content": "Andreas Gruenbacher, .\n\nPlease send your bug reports and comments to the above address.\n", "subsections": [] }, "SEE ALSO": { "content": "setfacl(1), acl(5)\n\n\n\nMay 2000 ACL File Utilities GETFACL(1)", "subsections": [] } }, "summary": "getfacl - get file access control lists", "flags": [], "examples": [], "see_also": [ { "name": "setfacl", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/setfacl/1/json" }, { "name": "acl", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/acl/5/json" } ] }