How to remove ACL from a file in Linux?

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article.  You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

Table of Contents

Cloud VPS S

$5.50 Monthly
  • 4 vCPU Cores | 8GB RAM


$15.50 Monthly
  • 6 vCPU Cores | 16GB RAM


$17.50 Monthly
  • 8 vCPU Cores | 24GB RAM

Access Control Lists (ACLs) in Linux provide a way to define additional permissions for files and directories beyond the traditional owner, group, and others. Sometimes, there may be a need to remove ACLs from a file for various reasons. In this article, we will explore the steps to remove ACL from a file in Linux, accompanied by command examples.

Checking ACL Status

Before proceeding with the removal of ACLs, it’s essential to check whether a file has any existing ACLs. The getfacl command is useful for displaying the ACL information of a file.

getfacl filename

Replace “filename” with the actual name of the file you want to inspect. This command will show the current ACL settings for the specified file.

Removing ACL from a File

To remove ACL from a file, we use the setfacl command with the -b option. This option clears all ACL entries for the specified file.

setfacl -b filename

Executing this command will remove all ACLs associated with the specified file.

Verifying ACL Removal

To ensure that the ACL has been successfully removed, you can again use the getfacl command to check the ACL status of the file.

getfacl filename

If the file no longer has any ACL entries, the command output should confirm the removal.

Bulk Removal for Multiple Files

In scenarios where you need to remove ACLs from multiple files simultaneously, the find command in combination with setfacl can be handy.

find /path/to/directory -type f -exec setfacl -b {} \;

This command recursively removes ACLs from all files within the specified directory and its subdirectories. Adjust the /path/to/directory accordingly.

Caution: Backup Before Execution

It’s crucial to exercise caution when removing ACLs, especially from multiple files. Before executing such commands, consider backing up important data or creating a snapshot to avoid accidental data loss.

Downgrading ACL Rules

Downgrading ACL rules involves modifying the existing permissions. The setfacl command allows us to adjust individual ACL entries. To downgrade a specific permission, use the -m option along with the desired modification.

Example: Removing Write Permission for a User

Suppose you want to remove write permission for a specific user from a file. The following command accomplishes this:

setfacl -m u:username:-w filename

Replace “username” with the actual username and “filename” with the file name. This command modifies the ACL, downgrading the permissions by removing write access for the specified user.

Example: Downgrading Default ACLs

Default ACLs apply to newly created files and directories within a directory. To downgrade default ACL rules, use the setfacl command with the -d option.

setfacl -m d:u:username:-rwx /path/to/directory

This command modifies the default ACLs for the specified directory, downgrading the permissions by removing read, write, and execute access for the specified user.

Verifying ACL Downgrade

After applying the modifications, it’s essential to verify the changes. Use the getfacl command again to check the updated ACL settings.

getfacl filename

Ensure that the ACL entries reflect the desired downgrades, confirming that the changes have been successfully applied.


Removing ACL from a file in Linux involves using the setfacl command with the appropriate options. Whether you’re dealing with a single file or multiple files in a directory, the commands provided here offer a straightforward way to manage ACLs on your Linux system. Always double-check the ACL status after removal to ensure the desired changes have been applied successfully.


Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

  • Website migration, troubleshooting, and maintenance.
  • Server & application deployment, scaling, troubleshooting, and maintenance
  • Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx,  OpenVPN, cPanel, WHMCS, WordPress, and more
  • Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.