acl_cmp - Linux


acl_cmp compares two files based on their access control lists (ACLs) and returns whether they are identical. It is a useful tool for checking ACL consistency, detecting unauthorized changes, or verifying compliance with access control policies.


acl_cmp [options] file1 file2


  • -H, –help
    Display this help message and exit.

  • -V, –version
    Print version information and exit.

  • -b, –binary
    Perform a binary comparison of the ACLs. This ignores any formatting differences.

  • -c, –compact
    Display a compact summary of the comparison results.

  • -d, –debug
    Enable debugging output.

  • -f, –fix
    Fix minor differences in the ACLs. This option is only effective when -b is also specified.


Simple comparison:

acl_cmp file1 file2

Binary comparison, ignoring formatting:

acl_cmp -b file1 file2

Compact summary of differences:

acl_cmp -c file1 file2

Fix minor differences and display debugging output:

acl_cmp -fb -d file1 file2

Common Issues

  • Insufficient permissions: Ensure that you have sufficient permissions to read the ACLs of the specified files.

  • Incorrect ACL format: The ACLs of the files must be in a valid format for the comparison to be successful.

  • File not found: Verify that the specified files exist and are accessible.


Combining with other commands:

  • Use find to compare ACLs of multiple files recursively:

    find . -type f -exec acl_cmp -c {} /reference_file \;
  • Pipe the output of acl_cmp to other commands for further processing:

    acl_cmp file1 file2 | grep -E '(different|invalid)'

Related Commands

  • getfacl
  • setfacl
  • restorecon

ACLs on Linux