getrichacl (1) - Linux Man Pages

getrichacl: Get Rich Access Control Lists


getrichacl - Get Rich Access Control Lists


getrichacl [option]... [file]...


For each file, getrichacl displays the file name and the file's Rich Access Control List (RichACL).

The output format of getrichacl is as follows:

 1:  file:
 2:      flags:a
 3:      owner:rwp-------------::mask
 4:      group:r-p-------------::mask
 5:      other:r---------------::mask
 6:     owner@:rwp-------------::allow
 7:   user:foo:r-p-------------::allow
 8:     group@:r-p-------------::allow
 9:  group:bar:r-p-------------::allow
10:  everyone@:r---------------::allow

Line 1 contains the file name, followed by a colon.

Line 2 contains the ACL flags. This line is omitted if no flags are set.

Lines 3--5 indicate the owner, group, and other file masks, which are only shown if the --raw option is specified.

Lines 6--10 indicate different ACL entries for the file owner (owner@), user foo, the owning group (group@), group bar, and for everyone (everyone@).

A blank line follows at the end.

The default output format uses the single-letter forms of flags and permissions, identifiers of ACL entries are right justified, permissions are vertically aligned, and permissions which are always granted (read_attributes, read_acl, synchronize) are omitted. See the richacl(7) manual page for the defined flags and permissions.

By default, getrichacl displays the effective permissions remaining after applying the file masks to the ACL. The file masks and underlying NFSv4 ACL can be displayed with the --raw option.

When getrichacl is used on a file that does not have a RichACL or on a filesystem that does not support RichACLs, it displays the access permissions defined by the traditional file permission bits as a RichACL. When getrichacl is used on a file that has a POSIX ACL (see acl(5)), it prints an error message.


--long, -l
Display access masks and flags in their long form.
Also show permissions which are always implicitly allowed.
Show ACLs as stored on the file system, including the file masks. Implies --full.
Do not align ACL entries or pad missing permissions with "-".
Display numeric user and group IDs instead of names.
--access [=user[:group:...]}, -a[user[:group:...]}
Instead of showing the ACL, show which permissions the user running the command has for the specified file(s). When user is specified, show which permissions the specified user has instead. If user is followed by a colon and a (possibly empty) list of groups, assume that user is a member in the specified groups; otherwise, getgrouplist(3) is used to determine the groups user is a member of.
--version, -v
Display the version of getrichacl and exit.
--help, -h
Display command-line usage help text.


Written by Andreas Gr├╝nbacher <agruenba [at]>.

Please send your bug reports, suggested features and comments to the above address.


Rich Access Control Lists are Linux-specific.


setrichacl(1), richacl(7), richaclex(7)