# getfacl `getfacl` is a command-line utility used to retrieve extended file attributes (ACLs) from files and directories on Unix-like systems. It is essential for auditing and managing access controls that go beyond traditional Unix file permissions. ## Overview * **Purpose**:\ Retrieves and displays the ACL information attached to files or directories, allowing administrators to review detailed access permissions. * **Usage Context**:\ Commonly used on filesystems that support extended attributes (such as ext4, XFS, or Btrfs) to inspect the ACLs applied to files, ensuring proper security configurations. ## Basic Syntax ```bash getfattr [OPTIONS] FILE... ``` * **FILE...**: One or more files or directories to query. * **OPTIONS**: Command-line flags to control the output. ## Common Options * **`-d` or `--dump`**:\ Dump all extended attributes in a human-readable format. ```bash getfattr -d filename.txt ``` * **`-n `**:\ Retrieve the value of a specific attribute. ```bash getfattr -n user.comment filename.txt ``` * **`-m `**:\ Only display attributes that match the specified regular expression. ```bash getfattr -m "user.*" filename.txt ``` * **`-R` or `--recursive`**:\ Recursively retrieve attributes from directories and subdirectories. ```bash getfattr -R -d /path/to/directory ``` * **`-q` or `--quiet`**:\ Suppress warnings for files without extended attributes. ```bash getfattr -q filename.txt ``` ## Example Usage 1. **Dump All ACLs for a File**: ```bash getfattr -d document.txt ``` This command displays all extended attributes (including ACLs) for `document.txt`. 2. **Retrieve a Specific Attribute**: ```bash getfattr -n user.comment document.txt ``` This retrieves the `user.comment` attribute from `document.txt`. 3. **Recursively Retrieve ACLs for a Directory**: ```bash getfattr -R -d /shared/documents ``` This command dumps extended attributes for all files and subdirectories within `/shared/documents`. ## Best Practices * **Auditing and Reporting**:\ Incorporate `getfattr` in scripts to periodically audit ACL settings on sensitive files or directories. * **Combine with setfacl**:\ Use `getfattr` to verify that changes made with `setfacl` have been correctly applied. * **Backup ACL Settings**:\ Save the output of `getfattr` before making significant changes to ensure that you can restore previous ACL configurations if needed. ## Conclusion `getfattr` is an essential tool for retrieving extended file attributes, particularly ACLs, on Unix-like systems. It enables administrators to inspect and audit file permissions, ensuring that security policies are correctly implemented and maintained across the system.