8.4. Retrieving ACLs

To determine the existing ACLs for a file or directory, use the getfacl command:

getfacl <filename>

It returns output similar to the following:

# file: file
# owner: tfox
# group: tfox
user::rw-
user:smoore:r--
group::r--
mask::r--
other::r--

If a directory is specified, and it has a default ACL, the default ACL is also displayed such as:

# file: file
# owner: tfox
# group: tfox
user::rw-
user:smoore:r--
group::r--
mask::r--
other::r--
default:user::rwx
default:user:tfox:rwx
default:group::r-x
default:mask::rwx
default:other::r-x