Resources | Resources |



Specifying ACLs in a CIF

An application can specify ACLs in its CIF using the FS_ACL_GRANT primitive. Each grant represents permissions for one path. If an application needs to specify ACLs for multiple paths, its CIF should contain an FS_ACL_GRANT for each path. The paths specified in the CIF are relative to the module directory.

FS_ACL_GRANT has the following syntax:

FS_ACL_Grant { 
      groups = {},  
      perms = "r/rw" 
   path = "/" 


  • groups specifies the ClassID or Privilege ID being assigned privileges by this primitive.
  • perms specifies the privileges for the path, followed by a "/" and the privileges for the subtree of the path.

    r indicates read access for files and enumerate for directories. w indicates create, write, or delete for a file and create or delete for a directory. Empty perms indicates no access.

  • path specifies the path to the file or directory for which privileges are being granted. ("/" specifies the application's home directory.)


  • Paths must start with a forward slash (/). No match with any Brew MP file path will succeed without it.
  • Names need not be directories, though when they are not, the subtreeperms field is irrelevant.
  • An application acquires privileges by the following methods:
    • Each application has access to its module directory.
    • The application is granted with a privilege ID.
    • A dependency ClassID is assigned to the application via the Dependencies CIF primitive.

For more information on the FS_ACL_GRANT primitive, See the Resource File and Markup Reference in

For examples of FS_ACL_GRANT use, see: