acl_cmp - Linux

Overview

acl_cmp compares two files based on their access control lists (ACLs) and returns whether they are identical. It is a useful tool for checking ACL consistency, detecting unauthorized changes, or verifying compliance with access control policies.

Syntax

acl_cmp [options] file1 file2

Options/Flags

• -H, –help
  Display this help message and exit.

• -V, –version
  Print version information and exit.

• -b, –binary
  Perform a binary comparison of the ACLs. This ignores any formatting differences.

• -c, –compact
  Display a compact summary of the comparison results.

• -d, –debug
  Enable debugging output.

• -f, –fix
  Fix minor differences in the ACLs. This option is only effective when -b is also specified.

Examples

Simple comparison:

acl_cmp file1 file2

Binary comparison, ignoring formatting:

acl_cmp -b file1 file2

Compact summary of differences:

acl_cmp -c file1 file2

Fix minor differences and display debugging output:

acl_cmp -fb -d file1 file2

Common Issues

• Insufficient permissions: Ensure that you have sufficient permissions to read the ACLs of the specified files.

• Incorrect ACL format: The ACLs of the files must be in a valid format for the comparison to be successful.

• File not found: Verify that the specified files exist and are accessible.

Integration

Combining with other commands:

• Use find to compare ACLs of multiple files recursively:

  find . -type f -exec acl_cmp -c {} /reference_file \;
  

• Pipe the output of acl_cmp to other commands for further processing:

  acl_cmp file1 file2 | grep -E '(different|invalid)'
  

Related Commands

• getfacl
• setfacl
• restorecon

ACLs on Linux
POSIX ACLs