# How to find effective nfsv4 acl on files and folders



## zhzgygkz (Jun 19, 2021)

Hey,

I'm using NFSv4 acl on a ZFS with several users and groups and a few allow and deny statements. How can I programmatically find the effective permission set on files and folders?

Thanks in advance!


----------



## ralphbsz (Jun 19, 2021)

What does "programmatically" mean here?

You can start with "man 3 acl", which gives you the C-callable API for manipulating ACLs. For reading ACLs, you want to start with calling acl_get.

If you are in the kernel ... life is significantly harder. There is documentation of the syscall level in "man 9 acl".

On the other hand, if you are in a high-level programming language (shell scripts, perl/python), it is probably easier to use the getfacl command (see "man 1 getfacl"). I know that Python has a specific ACL library (with a non-obvious name, it's not as simple as "import sys.acl"), which can be used to build and decode ACLs. When I was a file system developer I used that for interfacing, but that was ~10 years ago. I just did a quick search, and there are several python libraries, and I don't know which one I used.


----------



## zhzgygkz (Jun 20, 2021)

Thank you for overview. I hoped there was some "read to use" tooling to do the job in userspace. I'm going to look through the man pages and for the python library.


----------

