ACLs are a way to increase the flexibility of the UGO/RWX system. Using setfacl (set file acl) and getfacl (get file acl), you can set additional permissions for files and directories. So, for example, using ACLs, you could say that, while the /root/ directory is normally only accessible by the root user, it could also be read by the reader user. The other way to accomplish this, which is by adding the reader user to the root group, also gives the reader user many other privileges on the system (anything that has permissions on the root group has then been granted to the reader user!). While ACLs are not often used in practice in our experience, for edge cases they can be the difference between a complex solution ...