Access Control Lists (ACLs) in Linux provide a way to define additional permissions for files and directories beyond the traditional owner, group, and others. Sometimes, there may be a need to remove ACLs from a file for various reasons. In this article, we will explore the steps to remove ACL from a file in Linux, accompanied by command examples.

Checking ACL Status

Before proceeding with the removal of ACLs, it’s essential to check whether a file has any existing ACLs. The getfacl command is useful for displaying the ACL information of a file.

getfacl filename

Replace “filename” with the actual name of the file you want to inspect. This command will show the current ACL settings for the specified file.

Removing ACL from a File

To remove ACL from a file, we use the setfacl command with the -b option. This option clears all ACL entries for the specified file.

setfacl -b filename

Executing this command will remove all ACLs associated with the specified file.

Verifying ACL Removal

To ensure that the ACL has been successfully removed, you can again use the getfacl command to check the ACL status of the file.

getfacl filename

If the file no longer has any ACL entries, the command output should confirm the removal.

Bulk Removal for Multiple Files

In scenarios where you need to remove ACLs from multiple files simultaneously, the find command in combination with setfacl can be handy.

find /path/to/directory -type f -exec setfacl -b {} \;

This command recursively removes ACLs from all files within the specified directory and its subdirectories. Adjust the /path/to/directory accordingly.

Caution: Backup Before Execution

It’s crucial to exercise caution when removing ACLs, especially from multiple files. Before executing such commands, consider backing up important data or creating a snapshot to avoid accidental data loss.

Downgrading ACL Rules

Downgrading ACL rules involves modifying the existing permissions. The setfacl command allows us to adjust individual ACL entries. To downgrade a specific permission, use the -m option along with the desired modification.

Example: Removing Write Permission for a User

Suppose you want to remove write permission for a specific user from a file. The following command accomplishes this:

setfacl -m u:username:-w filename

Replace “username” with the actual username and “filename” with the file name. This command modifies the ACL, downgrading the permissions by removing write access for the specified user.

Example: Downgrading Default ACLs

Default ACLs apply to newly created files and directories within a directory. To downgrade default ACL rules, use the setfacl command with the -d option.

setfacl -m d:u:username:-rwx /path/to/directory

This command modifies the default ACLs for the specified directory, downgrading the permissions by removing read, write, and execute access for the specified user.

Verifying ACL Downgrade

After applying the modifications, it’s essential to verify the changes. Use the getfacl command again to check the updated ACL settings.

getfacl filename

Ensure that the ACL entries reflect the desired downgrades, confirming that the changes have been successfully applied.

Conclusion

Removing ACL from a file in Linux involves using the setfacl command with the appropriate options. Whether you’re dealing with a single file or multiple files in a directory, the commands provided here offer a straightforward way to manage ACLs on your Linux system. Always double-check the ACL status after removal to ensure the desired changes have been applied successfully.

RECOMMENDED READING:

• How to view ACL permissions on a file in Linux?
• Difference between Traditional Linux permissions and ACL
• How to set up Access Control Lists (ACL) in Linux