Just adding a clarification here. If using the recursive option, you will want to make sure to include executable permission as well, or it will result in some odd permissions errors (such as "ls -l" showing question marks instead of the normal permissions, and the user won't actually be able to read the files). From the manpage: The perms field is a combination of characters that indicate the read (r), write (w), execute (x) permissions. Dash characters in the perms field (-) are ignored. The character X stands for the execute permission if the file is a directory or already has execute permission for some user. Note the difference in behaviours between "x" and "X". The amended command, to achieve the desired result, would be: setfacl -R -m u:splunk:rX /var/log I have tested and confirmed this works as expected on my personal environment (mix of Debian and CentOS servers).
... View more