Also known as: Access Control List
ACLs (Access Control Lists) extend the classic Unix permission model by allowing fine-grained per-user and per-group access rules on a file or directory. The traditional owner/group/other bits are too coarse when you want to give read access to one specific user without opening it to a whole group; ACLs fill that gap.
getfacl file.txt # show ACL
setfacl -m u:bob:r file.txt # give bob read
setfacl -m g:developers:rwX dir/ # group ACL
setfacl -m d:u:alice:rwx project/ # default (inherited)
setfacl -x u:bob file.txt # remove an entry
setfacl -b file.txt # remove all ACLs
Files with ACLs show a + at the end of their permission string in ls -l. ACLs are a standard feature of ext4, XFS, btrfs, and most other Linux filesystems, usually mounted with the acl option by default.
ACLs are extremely useful for shared directories with complex access requirements, but they come at a cost of complexity: permission audits and backups become harder, and tools that ignore ACLs (older archivers, some network filesystems) will silently drop them. For typical systems, thoughtful use of primary groups, setgid directories, and supplementary groups is usually simpler; ACLs are the tool of last resort.
Related terms: chmod, /etc/group
Also defined in: Textbook of Linux