Access Control Lists or ACLs provide an additional security measure beyond permissions to files and directories. In order to use ACLs on a filesystem, the filesystem must be mounted with the acl option:

mount -o acl /home

To set ACLs for a user, group or directory, use the setfacl -m command.

To set an ACL for a user, use the following:

setfacl -m u:[user name]:[permissions] /directory/file

Example:
setfacl -m u:ray:rx /home/foo.txt

This gives the user ray read and execute access to the /home/foo.txt file.

To set an ACL for a group, use the following:

setfacl -m g:[group name]:[permissions] /directory/file

Example:
setfacl -m g:accounting:rwx /finance/foo.txt

This gives the group accounting read, write, and execute access to /finance/foo.txt.

To set an ACL for a directory (and any future contents in it), use the following:

setfacl -m d:u:[directory name]:[permissions] /directory

Example:
setfacl -m d:u:marketing:rwx /brochures

This gives the users of marketing group read, write, and execute access to the brochures directory.

To remove an ACL, use the following:

setfacl -x u:[user name]:[permissions] /directory/file

Example:
setfacl -x u:ray:rx /home/foo.txt

This removes the user ray's read and execute permissions from the /home/foo.txt file.

To check the ACLs associated with a particular group, use the following:

getfacl /directory/file

Example:
getfacl /home/foo.txt

This will get the ACL information about /home/foo.txt. The output will look something like this:

# getfacl /home/foo.txt

getfacl: Removing leading '/' from absolute path names
# file: home/foo.txt
# owner: root
# group: root
user::rw-
user:ray:rx
group::r--
group:marketing:rwx
mask::rwx
other::r--

More information about Access Control Lists can be found on the setfacl and getfacl man pages.