#acl #access #control

exacl

Manipulate file system access control lists (ACL) on macOS, Linux, and FreeBSD

5 releases (3 breaking)

0.4.0 Jan 14, 2021
0.3.0 Jan 3, 2021
0.2.0 Dec 22, 2020
0.1.1 Dec 8, 2020
0.1.0 Dec 7, 2020

#3 in #control

26 downloads per month

MIT license

170KB
4K SLoC

Exacl   CRATE API CI BUILD

Rust library to manipulate file system access control lists (ACL) on macOS, Linux, and FreeBSD.

Example

use exacl::{getfacl, setfacl, AclEntry, Perm};

// Get the ACL from "./tmp/foo".
let mut acl = getfacl("./tmp/foo", None)?;

// Print the contents of the ACL.
for entry in &acl {
    println!("{}", entry);
}

// Add an ACL entry to the end.
acl.push(AclEntry::allow_user("some_user", Perm::READ, None));

// Set the ACL for "./tmp/foo".
setfacl(&["./tmp/foo"], &acl, None)?;

High Level API

This module provides two high level functions, getfacl and setfacl.

  • getfacl retrieves the ACL for a file or directory.
  • setfacl sets the ACL for files or directories.

On Linux and FreeBSD, the ACL contains entries for the default ACL, if present.

Both getfacl and setfacl work with a Vec<AclEntry>. The AclEntry structure contains five fields:

  • kind : AclEntryKind - the kind of entry (User, Group, Other, Mask, or Unknown).
  • name : String - name of the principal being given access. You can use a user/group name, decimal uid/gid, or UUID (on macOS).
  • perms : Perm - permission bits for the entry.
  • flags : Flag - flags indicating whether an entry is inherited, etc.
  • allow : bool - true if entry is allowed; false means deny. Linux only supports allow=true.

Low Level API

Use the Acl class if you need finer grained control over the ACL.

  • Manipulate the access ACL and default ACL independently on Linux.
  • Manipulate the ACL's own flags on macOS.
  • Use the platform specific text formats.

Dependencies