getfacl - Linux


The getfacl command in Linux is used for retrieving and displaying the access control lists (ACLs) of files and directories. This tool enables users to view detailed access permissions, which helps in managing sophisticated permission settings beyond the basic file permission model. It is especially useful in environments where permissions management is critical, such as multi-user systems, servers, and complex applications.


The basic syntax of the getfacl command is as follows:

getfacl [options] [file ...]

Where [file ...] represents one or more files or directories for which to display ACLs.


Below are the options/flags that can be used with getfacl:

  • -m: Masks the output to only show the effective rights mask.
  • --omit-header: Omit the comment header in the output that normally includes the file name.
  • --recursive: Recursively display the ACLs for all files and directories within a given directory.
  • -t: Simplify the output by omitting the file type.
  • --absolute-names: Use absolute names in the output, useful for scripting or when working from different directory contexts.
  • -set: Use with caution, as it sets (rather than displays) the access controls of a file.

Each of these options modifies the command’s behavior to be tailored to specific needs, such as scripting or in-depth permission audits.


  • To display the ACLs of a single file:

    getfacl myfile.txt
  • To display ACLs of all files and directories recursively under a given directory:

    getfacl --recursive /path/to/directory
  • To display ACLs without the usual header:

    getfacl --omit-header myfile.txt

Common Issues

  • Permission Denied: If you get a permission denied error, it usually means you do not have the necessary read permissions. Try running with sudo if appropriate.
  • No such file or directory: This error means the specified file or directory does not exist. Check the spelling and path provided.


getfacl can be combined with other tools for powerful scripts and commands. For example:

  • Setting similar permissions to another file:

    getfacl file1.txt | setfacl --set-file=- file2.txt
  • Archiving and preserving ACLs:

    tar --xattrs -cpf archive.tar $(getfacl -t /my/directory)
  • setfacl: Used to modify the ACLs of a file or directory.
  • chacl: Another tool for changing the ACLs on Linux filesystems.
  • ls -l: Useful for displaying basic permissions of files.

For comprehensive detail, consult the getfacl man page.

Understanding and employing getfacl effectively can enhance system security and permission management, making it a valuable tool in the arsenal of any Linux system administrator or power user.