setfacl

Set read/write access for a user

$ setfacl -m u:username:rw path/to/file

$ setfacl -d -m u::rw path/to/directory

$ setfacl -x u:username path/to/file

$ setfacl -b path/to/file

$ setfacl -R -m u:username:rx path/to/directory

$ getfacl file1 | setfacl --set-file=- file2

setfacl [-bkndRLPvh] [{-m|-x} aclspec] [{-M|-X} aclfile] file...

setfacl sets Access Control Lists (ACLs) of files and directories. ACLs provide fine-grained access control beyond the traditional Unix owner/group/other permission model, allowing specific permissions for individual users and groups.

-m, --modify

Modify the ACL with the specified entries

Remove specified ACL entries

Read ACL entries to modify from a file

Read ACL entries to remove from a file

Remove all extended ACL entries

Remove the default ACL

Apply operations to the default ACL

Do not recalculate the effective rights mask

Force recalculation of the effective rights mask

Apply operations recursively

Follow symbolic links to directories (with -R)

Do not follow symbolic links (with -R)

Restore permissions from a getfacl backup

Test mode - list resulting ACLs without modifying

u[ser]:uid:perms: Named user or owner permissions
g[roup]:gid:perms: Named group or owning group permissions
m[ask]:perms: Effective rights mask
o[ther]:perms: Permissions for others
Permissions: r (read), w (write), x (execute), or numeric (4, 2, 1).

The effective rights mask limits permissions granted to named users/groups. Some filesystems do not support ACLs. Use getfacl to backup ACLs before modifying.

setfacl is part of the acl package implementing POSIX Access Control Lists. ACLs extend the standard Unix permission model.

getfacl(1), chmod(1), umask(1), acl(5)