Provided by: acl_2.2.53-6_amd64 bug


       getfacl - get file access control lists


       getfacl [-aceEsRLPtpndvh] file ...

       getfacl [-aceEsRLPtpndvh] -


       For  each  file,  getfacl displays the file name, owner, the group, and the Access Control
       List (ACL). If a directory has a default ACL, getfacl also displays the default ACL.  Non-
       directories cannot have default ACLs.

       If  getfacl  is  used  on  a  file system that does not support ACLs, getfacl displays the
       access permissions defined by the traditional file mode permission bits.

       The output format of getfacl is as follows:
               1:  # file: somedir/
               2:  # owner: lisa
               3:  # group: staff
               4:  # flags: -s-
               5:  user::rwx
               6:  user:joe:rwx               #effective:r-x
               7:  group::rwx                 #effective:r-x
               8:  group:cool:r-x
               9:  mask::r-x
              10:  other::r-x
              11:  default:user::rwx
              12:  default:user:joe:rwx       #effective:r-x
              13:  default:group::r-x
              14:  default:mask::r-x
              15:  default:other::---

       Lines 1--3 indicate the file name, owner, and owning group.

       Line 4 indicates the setuid (s), setgid (s),  and  sticky  (t)  bits:  either  the  letter
       representing  the  bit,  or else a dash (-). This line is included if any of those bits is
       set and left out otherwise, so it will not be shown for most files.  (See  CONFORMANCE  TO
       POSIX 1003.1e DRAFT STANDARD 17 below.)

       Lines  5,  7  and  10  correspond  to  the  user,  group and other fields of the file mode
       permission bits. These three are called the base ACL entries. Lines 6 and 8 are named user
       and  named  group  entries.  Line  9  is  the effective rights mask. This entry limits the
       effective rights granted to all groups and to named users.  (The  file  owner  and  others
       permissions  are not affected by the effective rights mask; all other entries are.)  Lines
       11--15 display the default ACL associated with this  directory.  Directories  may  have  a
       default ACL. Regular files never have a default ACL.

       The  default  behavior  for getfacl is to display both the ACL and the default ACL, and to
       include an effective rights comment for lines where the rights of the  entry  differ  from
       the effective rights.

       If  output  is  to  a  terminal,  the  effective  rights  comment is aligned to column 40.
       Otherwise, a single tab character  separates  the  ACL  entry  and  the  effective  rights

       The  ACL  listings  of multiple files are separated by blank lines.  The output of getfacl
       can also be used as input to setfacl.

       Process with search access to a file (i.e., processes with read access to  the  containing
       directory  of  a file) are also granted read access to the file's ACLs.  This is analogous
       to the permissions required for accessing the file mode.


       -a, --access
           Display the file access control list.

       -d, --default
           Display the default access control list.

       -c, --omit-header
           Do not display the comment header (the first three lines of each file's output).

       -e, --all-effective
           Print all effective rights comments, even if identical to the rights  defined  by  the
           ACL entry.

       -E, --no-effective
           Do not print effective rights comments.

       -s, --skip-base
           Skip files that only have the base ACL entries (owner, group, others).

       -R, --recursive
           List the ACLs of all files and directories recursively.

       -L, --logical
           Logical  walk, follow symbolic links to directories. The default behavior is to follow
           symbolic link arguments, and skip symbolic links encountered in subdirectories.   Only
           effective in combination with -R.

       -P, --physical
           Physical  walk,  do not follow symbolic links to directories. This also skips symbolic
           link arguments.  Only effective in combination with -R.

       -t, --tabular
           Use an alternative tabular output format. The ACL and the default  ACL  are  displayed
           side by side. Permissions that are ineffective due to the ACL mask entry are displayed
           capitalized. The entry tag names for the ACL_USER_OBJ and  ACL_GROUP_OBJ  entries  are
           also displayed in capital letters, which helps in spotting those entries.

       -p, --absolute-names
           Do  not strip leading slash characters (`/'). The default behavior is to strip leading
           slash characters.

       -n, --numeric
           List numeric user and group IDs

       -v, --version
           Print the version of getfacl and exit.

       -h, --help
           Print help explaining the command line options.

       --  End of command line options. All remaining parameters are interpreted as  file  names,
           even if they start with a dash character.

       -   If  the  file name parameter is a single dash character, getfacl reads a list of files
           from standard input.


       If the environment variable POSIXLY_CORRECT is defined, the default  behavior  of  getfacl
       changes  in  the  following ways: Unless otherwise specified, only the ACL is printed. The
       default ACL is only printed if the -d option is given. If no  command  line  parameter  is
       given,  getfacl  behaves  as  if  it  was  invoked  as  ``getfacl  -''.  No flags comments
       indicating the setuid, setgid, and sticky bits are generated.


       Andreas Gruenbacher, <>.

       Please send your bug reports and comments to the above address.


       setfacl(1), acl(5)