Expand description

posix-acl is a Rust library to interact with POSIX file system Access Control Lists (ACL). It wraps the operating system’s C interface with a safe Rust API. The API is deliberately different from the POSIX C API to make it easier to use.

NB! Currently only tested on Linux.

While officially called a “list”, The main struct PosixACL implements a “mapping-like” interface where key is the Qualifier enum and value is u32 containing permission bits. This is without any loss of functionality, as duplicate entries with the same Qualifier are disallowed by POSIX anyway.

For background information about ACL behavior, read POSIX Access Control Lists on Linux.

Usage example

use posix_acl::{PosixACL, Qualifier, ACL_READ, ACL_WRITE};

// Read ACL from file (if there is no ACL yet, the OS will synthesize one)
let mut acl = PosixACL::read_acl("/tmp/posix-acl-testfile").unwrap();

// Get permissions of owning user of the file
let perm = acl.get(Qualifier::UserObj).unwrap();
assert_eq!(perm, ACL_READ | ACL_WRITE);

// Get permissions for user UID 1234
let perm = acl.get(Qualifier::User(1234));

// Grant read access to group GID 1234 (adds new entry or overwrites an existing entry)
acl.set(Qualifier::Group(1234), ACL_READ);

// Remove ACL entry of group GID 1234

// Write ACL back to the file


The ACL of a file.


Error type from ACL operations. To distinguish different causes, use the kind() method.

The subject of a permission grant.


Execute permission

Read permission

All possible permissions combined: ACL_READ | ACL_WRITE | ACL_EXECUTE

Write permission