When manipulating ACLs using the setfacl and getfacl commands (described in a moment) or certain ACL library functions, we specify textual representations of the ACL entries. Two formats are permitted for these textual representations:
Long text form ACLs contain one ACL entry per line, and may include comments, which are started by a # character and continue to the end-of-line. The getfacl command displays ACLs in long text form. The setfacl -M acl-file option, which takes an ACL specification from a file, expects the specification to be in long text form.
Short text form ACLs consist of a sequence of ACL entries separated by commas.
In both forms, each ACL entry consists of three parts separated by colons:
tag-type:[tag-qualifier]: permissions
The tag-type is one of the values shown in the first column of Table 17-1. The tag-type may optionally be followed by a tag-qualifier, which identifies a user or group, either by name or numeric identifier. The tag-qualifier is present only for ACL_USER and ACL_GROUP entries.
The following are all short text form ACLs corresponding to a traditional permissions mask of 0650:
u::rw-,g::r-x,o::--- u::rw,g::rx,o::- user::rw,group::rx,other::-
The following short text form ACL includes two named users, a named group, and a mask entry:
u::rw,u:paulh:rw,u:annabel:rw,g::r,g:teach:rw,m::rwx,o::-