File System Access Control List (FACL)

Sec+ Glossary 📖 • Authentication & Authorization 🔐 • Security Operations 🛡️ • Difficulty: premium

What is File System Access Control List (FACL)?

A File System Access Control List is a set of permission rules attached to a file or folder that specifies which users or groups are allowed or denied actions such as read, write, modify, or execute. It is a common way operating systems enforce access control for stored data.

Examples

A shared finance folder grants the Finance group read and write access, while all other users are denied access.
A Linux file uses an extended ACL so one specific contractor can read a file without being added to the main group.

Discover 🔎

When you store data on a computer or file server, the system needs rules for who can access it. File System Access Control Lists are those rules. They are the reason one user can open a file and another user gets an access denied message. ACLs are a foundational part of access control because they translate policy into enforceable, system-level permissions.

Remember: An ACL is the rule list. The operating system checks the ACL every time someone tries to access the file or folder.

Summary 📝

A File System Access Control List defines who can access a file or folder and what actions they can perform. Operating systems consult ACLs during every access attempt, often applying inherited permissions from parent folders. Safe use of ACLs relies on least privilege, group-based design, controlled inheritance, regular reviews, and auditing for sensitive data.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.