The acl_set_file() function associates an access ACL with a file or
directory, or associates a default ACL with a directory. The
pathname for the file or directory is pointed to by the argument
The effective user ID of the process must match the owner of the
file or directory or the process must have the CAP_FOWNER
capability for the request to succeed.
The value of the argument type is used to indicate whether the
access ACL or the default ACL associated with path_p is being set.
If the type parameter is ACL_TYPE_ACCESS, the access ACL of path_p
shall be set. If the type parameter is ACL_TYPE_DEFAULT, the
default ACL of path_p shall be set. If the argument type specifies
a type of ACL that cannot be associated with path_p, then the
The acl parameter must reference a valid ACL according to the rules
described on the acl_valid(3) manual page if the type parameter is
ACL_TYPE_ACCESS, and must either reference a valid ACL or an ACL
with zero ACL entries if the type parameter is ACL_TYPE_DEFAULT. If
the acl parameter references an empty ACL, then the acl_set_file()
function removes any default ACL associated with the directory
referred to by the path_p parameter.
If any of the following conditions occur, the acl_set_file()
function returns -1 and sets errno to the corresponding value:
[EACCES] Search permission is denied for a component of
the path prefix or the object exists and the
process does not have appropriate access rights.
Argument type specifies a type of ACL that
cannot be associated with path_p.
[EINVAL] The argument acl does not point to a valid ACL.
The ACL has more entries than the file referred
to by path_p can obtain.
The type parameter is not ACL_TYPE_ACCESS or
The type parameter is ACL_TYPE_DEFAULT, but the
file referred to by path_p is not a directory.
[ENAMETOOLONG] The length of the argument path_p is too long.
[ENOENT] The named object does not exist or the argument
path_p points to an empty string.
[ENOSPC] The directory or file system that would contain
the new ACL cannot be extended or the file
system is out of file allocation resources.
[ENOTDIR] A component of the path prefix is not a
[ENOTSUP] The file identified by path_p cannot be
associated with the ACL because the file system
on which the file is located does not support
[EPERM] The process does not have appropriate privilege
to perform the operation to set the ACL.
[EROFS] This function requires modification of a file
system which is currently read-only.
IEEE Std 1003.1e draft 17 (“POSIX.1e”, abandoned)
The behavior of acl_set_file() when the acl parameter refers to an
empty ACL and the type parameter is ACL_TYPE_DEFAULT is an
extension in the Linux implementation, in order that all values
returned by acl_get_file() can be passed to acl_set_file(). The
POSIX.1e function for removing a default ACL is
This page is part of the acl (manipulating access control lists)
project. Information about the project can be found at
http://savannah.nongnu.org/projects/acl. If you have a bug report
for this manual page, see
⟨http://savannah.nongnu.org/bugs/?group=acl⟩. This page was
obtained from the project's upstream Git repository
⟨git://git.savannah.nongnu.org/acl.git⟩ on 2023-06-23. (At that
time, the date of the most recent commit that was found in the
repository was 2022-12-30.) If you discover any rendering problems
in this HTML version of the page, or you believe there is a better
or more up-to-date source for the page, or you have corrections or
improvements to the information in this COLOPHON (which is not part
of the original manual page), send a mail to email@example.com
Linux ACL March 23, 2002 Linux ACL