#acl #access #control


Manipulate file system access control lists (ACL) on macOS, Linux, and FreeBSD

5 releases (3 breaking)

0.4.0 Jan 14, 2021
0.3.0 Jan 3, 2021
0.2.0 Dec 22, 2020
0.1.1 Dec 8, 2020
0.1.0 Dec 7, 2020

#3 in #control

26 downloads per month

MIT license



Rust library to manipulate file system access control lists (ACL) on macOS, Linux, and FreeBSD.


use exacl::{getfacl, setfacl, AclEntry, Perm};

// Get the ACL from "./tmp/foo".
let mut acl = getfacl("./tmp/foo", None)?;

// Print the contents of the ACL.
for entry in &acl {
    println!("{}", entry);

// Add an ACL entry to the end.
acl.push(AclEntry::allow_user("some_user", Perm::READ, None));

// Set the ACL for "./tmp/foo".
setfacl(&["./tmp/foo"], &acl, None)?;

High Level API

This module provides two high level functions, getfacl and setfacl.

  • getfacl retrieves the ACL for a file or directory.
  • setfacl sets the ACL for files or directories.

On Linux and FreeBSD, the ACL contains entries for the default ACL, if present.

Both getfacl and setfacl work with a Vec<AclEntry>. The AclEntry structure contains five fields:

  • kind : AclEntryKind - the kind of entry (User, Group, Other, Mask, or Unknown).
  • name : String - name of the principal being given access. You can use a user/group name, decimal uid/gid, or UUID (on macOS).
  • perms : Perm - permission bits for the entry.
  • flags : Flag - flags indicating whether an entry is inherited, etc.
  • allow : bool - true if entry is allowed; false means deny. Linux only supports allow=true.

Low Level API

Use the Acl class if you need finer grained control over the ACL.

  • Manipulate the access ACL and default ACL independently on Linux.
  • Manipulate the ACL's own flags on macOS.
  • Use the platform specific text formats.