To remove a specific user completely from ACL permissions, use setfacl -x.
Remove a user ACL from a file
setfacl -x u:username filename
Example:
setfacl -x u:john report.txt
Check:
getfacl report.txt
Remove a user ACL from a directory
setfacl -x u:username directoryname
Example:
setfacl -x u:john projectdir
If the directory has default ACLs too
For directories, a user may have:
- Access ACL — applies to the directory itself
- Default ACL — automatically inherited by new files/subdirectories created inside
Remove both:
setfacl -x u:john projectdir
setfacl -x d:u:john projectdir
Or in one command:
setfacl -x u:john,d:u:john projectdir
Remove user ACL recursively
To remove that user from a directory and everything inside it:
setfacl -R -x u:john projectdir
To remove both access ACL and default ACL recursively:
setfacl -R -x u:john,d:u:john projectdir
Important note
This removes the user from the ACL, but it does not delete the Linux user account.
Also, if that user is the owner of the file, removing ACL will not remove owner permissions. You would need chown or chmod for that.
Example:
chown otheruser report.txt
chmod 640 report.txt
Remove all ACL entries from a file
To remove all extended ACLs, not just one user:
setfacl -b filename
Example:
setfacl -b report.txt
Use this carefully because it removes all extra ACL users/groups.
REF: AI Tools/ChatGPT
