acl_extended_fd - Linux


acl_extended_fd enables the management and modification of extended access control lists (ACLs) for files and directories using a file descriptor. It allows detailed control over file permissions by assigning different access rights to specific users, groups, or other entities. This command is particularly useful in scenarios where fine-grained access control is required beyond the traditional user, group, and other permissions.


acl_extended_fd [-RfFdNqvi] [-e mode] [-E entry-type:user:flags] [-m mask] [-s] [--file] [file descriptor]


  • -R: Recursive mode. Modifies ACLs of all files and directories in the given directory and its subdirectories.
  • -f: Force mode. Overwrites existing ACLs without prompting for confirmation.
  • -F: Follow symbolic links.
  • -d: Display ACL information without modifying it.
  • -N: Dry run mode. Prints the changes that would be made without actually modifying the ACLs.
  • -q: Quiet mode. Suppresses output except for errors.
  • -v: Verbose mode. Prints details about each ACL entry modified.
  • -i: Ignore errors encountered while modifying ACLs.
  • -e mode: Sets the effective rights for the file or directory.
  • -E entry-type:user:flags: Adds or modifies an ACL entry for the specified user or group.
  • -m mask: Sets the ACL mask, which controls the visibility of ACL entries to different users.
  • -s: Simplifies ACLs by removing any duplicate or redundant entries.
  • --file: Specifies that the next argument is a file path instead of a file descriptor.


Add an ACL entry for a user:

acl_extended_fd -E user:username:rwx file.txt

Remove an ACL entry for a group:

acl_extended_fd -E group:groupname:- file.txt

Display ACL information for a file:

acl_extended_fd -d file.txt

Recursively modify ACLs of a directory:

acl_extended_fd -R -E user:username:rwx directory_name

Common Issues

  • Permission denied: Ensure that you have the necessary permissions to modify ACLs.
  • Invalid file descriptor: Verify that the provided file descriptor is valid and refers to a valid file or directory.
  • Invalid ACL entry: Use valid syntax when adding or modifying ACL entries. Double-check the entry type, user/group name, and flags.


With other commands:

find . -type f -exec acl_extended_fd -s {} +  # Simplify ACLs for all files in current directory

With scripts:

# Script to set up ACLs for a shared directory

acl_extended_fd -E group:developers:rwx directory
acl_extended_fd -E user:user1:rw directory

Related Commands

  • setfacl: Similar to acl_extended_fd, but operates on pathnames instead of file descriptors.
  • getfacl: Retrieves ACL information for files or directories.