The chacl command is used to modify the ACL for a file. ACLs can be specified to chacl in two distinct forms: as a list of entries or with a chmod-like syntax. By default, chacl adds entries to the current ACL. It also provides a bit more information about how ACLs really work than the shorthand version of the setfacl command.
For example, to add the user alex as someone who can read the file resume.xml, I would use a chacl (change ACL) command like the following:
$ chacl u::rw-,g::r--,o::---,u:alex:r--,m::rw- resume.xml
Using the getfacl command to retrieve the ACL for my resume shows that the user alex has indeed been added to the list of people who have access to the file:
$ getfacl resume.xml # file: resume.xml # owner: wvh # group: wvh user::rwx group::r-- other::--- user:alex:r-- mask::rw-
chacl Command Examples
1. To change the ACL of a file:
# chacl u::r-x,g::r-x,o::r-- file
2. To set default acl for a directory:
# chacl -d u::rwx,g::r-x,o::r-- /anydir/
3. To remove the ACL:
# chacl -R file
4. To remove the directory default ACL:
# chacl -D /anydir/
5. To remove all ACLs:
# chacl -B file
6. To list the ACL for a file/directory:
# chacl -l file
7. To set the access ACL recursively:
# chacl -r u::r-x,g::r-x,o::r-- /tmp/