The command that shows extended ACL (Access Control List) file information is: getfacl

• The getfacl command displays the comment header, base ACL entries, and extended ACL entries for specified files

• It can show detailed ACL information including owner, group, and extended permissions beyond the standard Unix permission bits.
• The -o option with getfacl displays only the extended ACL entries, omitting the base ACL entries

• This command is commonly used on Unix-like systems to view ACLs in a human-readable format.

Additionally, on some systems, the presence of extended ACLs is indicated by a plus sign (+) at the end of the permissions in ls -l output, and getfacl can be used to see the detailed ACL entries behind that indicator

. For example, to display all ACL entries (including extended) for a file named file, you would run:

getfacl file

To display only the extended ACL entries:

getfacl -o file

This command is the standard way to view extended ACLs on Linux and Unix systems and is supported on z/OS UNIX as well

. For Cisco devices managing extended ACLs in network configurations, the list command within the extended ACL configuration mode is used to display entries of an extended ACL, but this applies to network ACLs, not file system ACLs

. Summary:

• Use getfacl to show extended ACL file information on Unix/Linux systems.
• Use getfacl -o to show only extended ACL entries.
• The ls -l command shows a + sign if extended ACLs exist, but getfacl is needed to view details.