Skip to content
Tauri

File System

Access the file system.

Supported Platforms

  • Windows
  • Linux
  • macOS

Setup

This plugin requires a Rust version of at least 1.75

Install the fs plugin to get started.

Use your project’s package manager to add the dependency:

npm run tauri add fs

Usage

The fs plugin is available in both JavaScript and Rust.

import { exists, BaseDirectory } from '@tauri-apps/plugin-fs';
// Check if the `$APPDATA/avatar.png` file exists
await exists('avatar.png', { baseDir: BaseDirectory.AppData });

Security

This module prevents path traversal, not allowing absolute paths or parent dir components (i.e. /usr/path/to/file or ../path/to/file paths are not allowed). Paths accessed with this API must be relative to one of the base directories so if you need access to arbitrary file system paths, you must write such logic on the core layer instead.

See @tauri-apps/plugin-fs - Security for more information.

Permissions

By default all plugin commands are blocked and cannot be accessed. You must define a list of permissions in your capabilities configuration.

See Permissions Overview for more information.

src-tauri/capabilities/main.json
{
"$schema": "../gen/schemas/desktop-schema.json",
"identifier": "main-capability",
"description": "Capability for the main window",
"windows": ["main"],
"permissions": [
"fs:default",
{
"identifier": "fs:allow-exists",
"allow": [{ "path": "$APPDATA/*" }]
}
]
}

Default Permissions

This configuration file defines the default permissions granted to the filesystem.

Granted Permissions

This default permission set enables all read-related commands and allows access to the $APP folder and sub directories created in it. The location of the $APP folder depends on the operating system, where the application is run.

In general the $APP folder needs to be manually created by the application at runtime, before accessing files or folders in it is possible.

Denied Permissions

This default permission set prevents access to critical components of the Tauri application by default. On Windows the webview data folder access is denied.

PermissionDescription
fs:default
fs:deny-defaultThis denies access to dangerous Tauri relevant files and folders by default.

Scope Permissions

PermissionDescription
fs:allow-app-read-recursiveThis allows full recursive read access to the complete $APP folder, files and subdirectories.
fs:allow-app-write-recursiveThis allows full recusrive write access to the complete $APP folder, files and subdirectories.
fs:allow-app-readThis allows non-recursive read access to the $APP folder.
fs:allow-app-writeThis allows non-recursive write access to the $APP folder.
fs:allow-app-meta-recursiveThis allows read access to metadata of the $APP folder, including file listing and statistics.
fs:allow-app-metaThis allows read access to metadata of the $APP folder, including file listing and statistics.
fs:scope-app-recursiveThis scope recursive access to the complete $APP folder, including sub directories and files.
fs:scope-appThis scope permits access to all files and list content of top level directories in the $APPfolder.
fs:scope-app-indexThis scope permits to list all files and folders in the $APPfolder.
fs:allow-appcache-read-recursiveThis allows full recursive read access to the complete $APPCACHE folder, files and subdirectories.
fs:allow-appcache-write-recursiveThis allows full recusrive write access to the complete $APPCACHE folder, files and subdirectories.
fs:allow-appcache-readThis allows non-recursive read access to the $APPCACHE folder.
fs:allow-appcache-writeThis allows non-recursive write access to the $APPCACHE folder.
fs:allow-appcache-meta-recursiveThis allows read access to metadata of the $APPCACHE folder, including file listing and statistics.
fs:allow-appcache-metaThis allows read access to metadata of the $APPCACHE folder, including file listing and statistics.
fs:scope-appcache-recursiveThis scope recursive access to the complete $APPCACHE folder, including sub directories and files.
fs:scope-appcacheThis scope permits access to all files and list content of top level directories in the $APPCACHEfolder.
fs:scope-appcache-indexThis scope permits to list all files and folders in the $APPCACHEfolder.
fs:allow-appconfig-read-recursiveThis allows full recursive read access to the complete $APPCONFIG folder, files and subdirectories.
fs:allow-appconfig-write-recursiveThis allows full recusrive write access to the complete $APPCONFIG folder, files and subdirectories.
fs:allow-appconfig-readThis allows non-recursive read access to the $APPCONFIG folder.
fs:allow-appconfig-writeThis allows non-recursive write access to the $APPCONFIG folder.
fs:allow-appconfig-meta-recursiveThis allows read access to metadata of the $APPCONFIG folder, including file listing and statistics.
fs:allow-appconfig-metaThis allows read access to metadata of the $APPCONFIG folder, including file listing and statistics.
fs:scope-appconfig-recursiveThis scope recursive access to the complete $APPCONFIG folder, including sub directories and files.
fs:scope-appconfigThis scope permits access to all files and list content of top level directories in the $APPCONFIGfolder.
fs:scope-appconfig-indexThis scope permits to list all files and folders in the $APPCONFIGfolder.
fs:allow-appdata-read-recursiveThis allows full recursive read access to the complete $APPDATA folder, files and subdirectories.
fs:allow-appdata-write-recursiveThis allows full recusrive write access to the complete $APPDATA folder, files and subdirectories.
fs:allow-appdata-readThis allows non-recursive read access to the $APPDATA folder.
fs:allow-appdata-writeThis allows non-recursive write access to the $APPDATA folder.
fs:allow-appdata-meta-recursiveThis allows read access to metadata of the $APPDATA folder, including file listing and statistics.
fs:allow-appdata-metaThis allows read access to metadata of the $APPDATA folder, including file listing and statistics.
fs:scope-appdata-recursiveThis scope recursive access to the complete $APPDATA folder, including sub directories and files.
fs:scope-appdataThis scope permits access to all files and list content of top level directories in the $APPDATAfolder.
fs:scope-appdata-indexThis scope permits to list all files and folders in the $APPDATAfolder.
fs:allow-applocaldata-read-recursiveThis allows full recursive read access to the complete $APPLOCALDATA folder, files and subdirectories.
fs:allow-applocaldata-write-recursiveThis allows full recusrive write access to the complete $APPLOCALDATA folder, files and subdirectories.
fs:allow-applocaldata-readThis allows non-recursive read access to the $APPLOCALDATA folder.
fs:allow-applocaldata-writeThis allows non-recursive write access to the $APPLOCALDATA folder.
fs:allow-applocaldata-meta-recursiveThis allows read access to metadata of the $APPLOCALDATA folder, including file listing and statistics.
fs:allow-applocaldata-metaThis allows read access to metadata of the $APPLOCALDATA folder, including file listing and statistics.
fs:scope-applocaldata-recursiveThis scope recursive access to the complete $APPLOCALDATA folder, including sub directories and files.
fs:scope-applocaldataThis scope permits access to all files and list content of top level directories in the $APPLOCALDATAfolder.
fs:scope-applocaldata-indexThis scope permits to list all files and folders in the $APPLOCALDATAfolder.
fs:allow-applog-read-recursiveThis allows full recursive read access to the complete $APPLOG folder, files and subdirectories.
fs:allow-applog-write-recursiveThis allows full recusrive write access to the complete $APPLOG folder, files and subdirectories.
fs:allow-applog-readThis allows non-recursive read access to the $APPLOG folder.
fs:allow-applog-writeThis allows non-recursive write access to the $APPLOG folder.
fs:allow-applog-meta-recursiveThis allows read access to metadata of the $APPLOG folder, including file listing and statistics.
fs:allow-applog-metaThis allows read access to metadata of the $APPLOG folder, including file listing and statistics.
fs:scope-applog-recursiveThis scope recursive access to the complete $APPLOG folder, including sub directories and files.
fs:scope-applogThis scope permits access to all files and list content of top level directories in the $APPLOGfolder.
fs:scope-applog-indexThis scope permits to list all files and folders in the $APPLOGfolder.
fs:allow-audio-read-recursiveThis allows full recursive read access to the complete $AUDIO folder, files and subdirectories.
fs:allow-audio-write-recursiveThis allows full recusrive write access to the complete $AUDIO folder, files and subdirectories.
fs:allow-audio-readThis allows non-recursive read access to the $AUDIO folder.
fs:allow-audio-writeThis allows non-recursive write access to the $AUDIO folder.
fs:allow-audio-meta-recursiveThis allows read access to metadata of the $AUDIO folder, including file listing and statistics.
fs:allow-audio-metaThis allows read access to metadata of the $AUDIO folder, including file listing and statistics.
fs:scope-audio-recursiveThis scope recursive access to the complete $AUDIO folder, including sub directories and files.
fs:scope-audioThis scope permits access to all files and list content of top level directories in the $AUDIOfolder.
fs:scope-audio-indexThis scope permits to list all files and folders in the $AUDIOfolder.
fs:allow-cache-read-recursiveThis allows full recursive read access to the complete $CACHE folder, files and subdirectories.
fs:allow-cache-write-recursiveThis allows full recusrive write access to the complete $CACHE folder, files and subdirectories.
fs:allow-cache-readThis allows non-recursive read access to the $CACHE folder.
fs:allow-cache-writeThis allows non-recursive write access to the $CACHE folder.
fs:allow-cache-meta-recursiveThis allows read access to metadata of the $CACHE folder, including file listing and statistics.
fs:allow-cache-metaThis allows read access to metadata of the $CACHE folder, including file listing and statistics.
fs:scope-cache-recursiveThis scope recursive access to the complete $CACHE folder, including sub directories and files.
fs:scope-cacheThis scope permits access to all files and list content of top level directories in the $CACHEfolder.
fs:scope-cache-indexThis scope permits to list all files and folders in the $CACHEfolder.
fs:allow-config-read-recursiveThis allows full recursive read access to the complete $CONFIG folder, files and subdirectories.
fs:allow-config-write-recursiveThis allows full recusrive write access to the complete $CONFIG folder, files and subdirectories.
fs:allow-config-readThis allows non-recursive read access to the $CONFIG folder.
fs:allow-config-writeThis allows non-recursive write access to the $CONFIG folder.
fs:allow-config-meta-recursiveThis allows read access to metadata of the $CONFIG folder, including file listing and statistics.
fs:allow-config-metaThis allows read access to metadata of the $CONFIG folder, including file listing and statistics.
fs:scope-config-recursiveThis scope recursive access to the complete $CONFIG folder, including sub directories and files.
fs:scope-configThis scope permits access to all files and list content of top level directories in the $CONFIGfolder.
fs:scope-config-indexThis scope permits to list all files and folders in the $CONFIGfolder.
fs:allow-data-read-recursiveThis allows full recursive read access to the complete $DATA folder, files and subdirectories.
fs:allow-data-write-recursiveThis allows full recusrive write access to the complete $DATA folder, files and subdirectories.
fs:allow-data-readThis allows non-recursive read access to the $DATA folder.
fs:allow-data-writeThis allows non-recursive write access to the $DATA folder.
fs:allow-data-meta-recursiveThis allows read access to metadata of the $DATA folder, including file listing and statistics.
fs:allow-data-metaThis allows read access to metadata of the $DATA folder, including file listing and statistics.
fs:scope-data-recursiveThis scope recursive access to the complete $DATA folder, including sub directories and files.
fs:scope-dataThis scope permits access to all files and list content of top level directories in the $DATAfolder.
fs:scope-data-indexThis scope permits to list all files and folders in the $DATAfolder.
fs:allow-desktop-read-recursiveThis allows full recursive read access to the complete $DESKTOP folder, files and subdirectories.
fs:allow-desktop-write-recursiveThis allows full recusrive write access to the complete $DESKTOP folder, files and subdirectories.
fs:allow-desktop-readThis allows non-recursive read access to the $DESKTOP folder.
fs:allow-desktop-writeThis allows non-recursive write access to the $DESKTOP folder.
fs:allow-desktop-meta-recursiveThis allows read access to metadata of the $DESKTOP folder, including file listing and statistics.
fs:allow-desktop-metaThis allows read access to metadata of the $DESKTOP folder, including file listing and statistics.
fs:scope-desktop-recursiveThis scope recursive access to the complete $DESKTOP folder, including sub directories and files.
fs:scope-desktopThis scope permits access to all files and list content of top level directories in the $DESKTOPfolder.
fs:scope-desktop-indexThis scope permits to list all files and folders in the $DESKTOPfolder.
fs:allow-document-read-recursiveThis allows full recursive read access to the complete $DOCUMENT folder, files and subdirectories.
fs:allow-document-write-recursiveThis allows full recusrive write access to the complete $DOCUMENT folder, files and subdirectories.
fs:allow-document-readThis allows non-recursive read access to the $DOCUMENT folder.
fs:allow-document-writeThis allows non-recursive write access to the $DOCUMENT folder.
fs:allow-document-meta-recursiveThis allows read access to metadata of the $DOCUMENT folder, including file listing and statistics.
fs:allow-document-metaThis allows read access to metadata of the $DOCUMENT folder, including file listing and statistics.
fs:scope-document-recursiveThis scope recursive access to the complete $DOCUMENT folder, including sub directories and files.
fs:scope-documentThis scope permits access to all files and list content of top level directories in the $DOCUMENTfolder.
fs:scope-document-indexThis scope permits to list all files and folders in the $DOCUMENTfolder.
fs:allow-download-read-recursiveThis allows full recursive read access to the complete $DOWNLOAD folder, files and subdirectories.
fs:allow-download-write-recursiveThis allows full recusrive write access to the complete $DOWNLOAD folder, files and subdirectories.
fs:allow-download-readThis allows non-recursive read access to the $DOWNLOAD folder.
fs:allow-download-writeThis allows non-recursive write access to the $DOWNLOAD folder.
fs:allow-download-meta-recursiveThis allows read access to metadata of the $DOWNLOAD folder, including file listing and statistics.
fs:allow-download-metaThis allows read access to metadata of the $DOWNLOAD folder, including file listing and statistics.
fs:scope-download-recursiveThis scope recursive access to the complete $DOWNLOAD folder, including sub directories and files.
fs:scope-downloadThis scope permits access to all files and list content of top level directories in the $DOWNLOADfolder.
fs:scope-download-indexThis scope permits to list all files and folders in the $DOWNLOADfolder.
fs:allow-exe-read-recursiveThis allows full recursive read access to the complete $EXE folder, files and subdirectories.
fs:allow-exe-write-recursiveThis allows full recusrive write access to the complete $EXE folder, files and subdirectories.
fs:allow-exe-readThis allows non-recursive read access to the $EXE folder.
fs:allow-exe-writeThis allows non-recursive write access to the $EXE folder.
fs:allow-exe-meta-recursiveThis allows read access to metadata of the $EXE folder, including file listing and statistics.
fs:allow-exe-metaThis allows read access to metadata of the $EXE folder, including file listing and statistics.
fs:scope-exe-recursiveThis scope recursive access to the complete $EXE folder, including sub directories and files.
fs:scope-exeThis scope permits access to all files and list content of top level directories in the $EXEfolder.
fs:scope-exe-indexThis scope permits to list all files and folders in the $EXEfolder.
fs:allow-font-read-recursiveThis allows full recursive read access to the complete $FONT folder, files and subdirectories.
fs:allow-font-write-recursiveThis allows full recusrive write access to the complete $FONT folder, files and subdirectories.
fs:allow-font-readThis allows non-recursive read access to the $FONT folder.
fs:allow-font-writeThis allows non-recursive write access to the $FONT folder.
fs:allow-font-meta-recursiveThis allows read access to metadata of the $FONT folder, including file listing and statistics.
fs:allow-font-metaThis allows read access to metadata of the $FONT folder, including file listing and statistics.
fs:scope-font-recursiveThis scope recursive access to the complete $FONT folder, including sub directories and files.
fs:scope-fontThis scope permits access to all files and list content of top level directories in the $FONTfolder.
fs:scope-font-indexThis scope permits to list all files and folders in the $FONTfolder.
fs:allow-home-read-recursiveThis allows full recursive read access to the complete $HOME folder, files and subdirectories.
fs:allow-home-write-recursiveThis allows full recusrive write access to the complete $HOME folder, files and subdirectories.
fs:allow-home-readThis allows non-recursive read access to the $HOME folder.
fs:allow-home-writeThis allows non-recursive write access to the $HOME folder.
fs:allow-home-meta-recursiveThis allows read access to metadata of the $HOME folder, including file listing and statistics.
fs:allow-home-metaThis allows read access to metadata of the $HOME folder, including file listing and statistics.
fs:scope-home-recursiveThis scope recursive access to the complete $HOME folder, including sub directories and files.
fs:scope-homeThis scope permits access to all files and list content of top level directories in the $HOMEfolder.
fs:scope-home-indexThis scope permits to list all files and folders in the $HOMEfolder.
fs:allow-localdata-read-recursiveThis allows full recursive read access to the complete $LOCALDATA folder, files and subdirectories.
fs:allow-localdata-write-recursiveThis allows full recusrive write access to the complete $LOCALDATA folder, files and subdirectories.
fs:allow-localdata-readThis allows non-recursive read access to the $LOCALDATA folder.
fs:allow-localdata-writeThis allows non-recursive write access to the $LOCALDATA folder.
fs:allow-localdata-meta-recursiveThis allows read access to metadata of the $LOCALDATA folder, including file listing and statistics.
fs:allow-localdata-metaThis allows read access to metadata of the $LOCALDATA folder, including file listing and statistics.
fs:scope-localdata-recursiveThis scope recursive access to the complete $LOCALDATA folder, including sub directories and files.
fs:scope-localdataThis scope permits access to all files and list content of top level directories in the $LOCALDATAfolder.
fs:scope-localdata-indexThis scope permits to list all files and folders in the $LOCALDATAfolder.
fs:allow-log-read-recursiveThis allows full recursive read access to the complete $LOG folder, files and subdirectories.
fs:allow-log-write-recursiveThis allows full recusrive write access to the complete $LOG folder, files and subdirectories.
fs:allow-log-readThis allows non-recursive read access to the $LOG folder.
fs:allow-log-writeThis allows non-recursive write access to the $LOG folder.
fs:allow-log-meta-recursiveThis allows read access to metadata of the $LOG folder, including file listing and statistics.
fs:allow-log-metaThis allows read access to metadata of the $LOG folder, including file listing and statistics.
fs:scope-log-recursiveThis scope recursive access to the complete $LOG folder, including sub directories and files.
fs:scope-logThis scope permits access to all files and list content of top level directories in the $LOGfolder.
fs:scope-log-indexThis scope permits to list all files and folders in the $LOGfolder.
fs:allow-picture-read-recursiveThis allows full recursive read access to the complete $PICTURE folder, files and subdirectories.
fs:allow-picture-write-recursiveThis allows full recusrive write access to the complete $PICTURE folder, files and subdirectories.
fs:allow-picture-readThis allows non-recursive read access to the $PICTURE folder.
fs:allow-picture-writeThis allows non-recursive write access to the $PICTURE folder.
fs:allow-picture-meta-recursiveThis allows read access to metadata of the $PICTURE folder, including file listing and statistics.
fs:allow-picture-metaThis allows read access to metadata of the $PICTURE folder, including file listing and statistics.
fs:scope-picture-recursiveThis scope recursive access to the complete $PICTURE folder, including sub directories and files.
fs:scope-pictureThis scope permits access to all files and list content of top level directories in the $PICTUREfolder.
fs:scope-picture-indexThis scope permits to list all files and folders in the $PICTUREfolder.
fs:allow-public-read-recursiveThis allows full recursive read access to the complete $PUBLIC folder, files and subdirectories.
fs:allow-public-write-recursiveThis allows full recusrive write access to the complete $PUBLIC folder, files and subdirectories.
fs:allow-public-readThis allows non-recursive read access to the $PUBLIC folder.
fs:allow-public-writeThis allows non-recursive write access to the $PUBLIC folder.
fs:allow-public-meta-recursiveThis allows read access to metadata of the $PUBLIC folder, including file listing and statistics.
fs:allow-public-metaThis allows read access to metadata of the $PUBLIC folder, including file listing and statistics.
fs:scope-public-recursiveThis scope recursive access to the complete $PUBLIC folder, including sub directories and files.
fs:scope-publicThis scope permits access to all files and list content of top level directories in the $PUBLICfolder.
fs:scope-public-indexThis scope permits to list all files and folders in the $PUBLICfolder.
fs:allow-resource-read-recursiveThis allows full recursive read access to the complete $RESOURCE folder, files and subdirectories.
fs:allow-resource-write-recursiveThis allows full recusrive write access to the complete $RESOURCE folder, files and subdirectories.
fs:allow-resource-readThis allows non-recursive read access to the $RESOURCE folder.
fs:allow-resource-writeThis allows non-recursive write access to the $RESOURCE folder.
fs:allow-resource-meta-recursiveThis allows read access to metadata of the $RESOURCE folder, including file listing and statistics.
fs:allow-resource-metaThis allows read access to metadata of the $RESOURCE folder, including file listing and statistics.
fs:scope-resource-recursiveThis scope recursive access to the complete $RESOURCE folder, including sub directories and files.
fs:scope-resourceThis scope permits access to all files and list content of top level directories in the $RESOURCEfolder.
fs:scope-resource-indexThis scope permits to list all files and folders in the $RESOURCEfolder.
fs:allow-runtime-read-recursiveThis allows full recursive read access to the complete $RUNTIME folder, files and subdirectories.
fs:allow-runtime-write-recursiveThis allows full recusrive write access to the complete $RUNTIME folder, files and subdirectories.
fs:allow-runtime-readThis allows non-recursive read access to the $RUNTIME folder.
fs:allow-runtime-writeThis allows non-recursive write access to the $RUNTIME folder.
fs:allow-runtime-meta-recursiveThis allows read access to metadata of the $RUNTIME folder, including file listing and statistics.
fs:allow-runtime-metaThis allows read access to metadata of the $RUNTIME folder, including file listing and statistics.
fs:scope-runtime-recursiveThis scope recursive access to the complete $RUNTIME folder, including sub directories and files.
fs:scope-runtimeThis scope permits access to all files and list content of top level directories in the $RUNTIMEfolder.
fs:scope-runtime-indexThis scope permits to list all files and folders in the $RUNTIMEfolder.
fs:allow-temp-read-recursiveThis allows full recursive read access to the complete $TEMP folder, files and subdirectories.
fs:allow-temp-write-recursiveThis allows full recusrive write access to the complete $TEMP folder, files and subdirectories.
fs:allow-temp-readThis allows non-recursive read access to the $TEMP folder.
fs:allow-temp-writeThis allows non-recursive write access to the $TEMP folder.
fs:allow-temp-meta-recursiveThis allows read access to metadata of the $TEMP folder, including file listing and statistics.
fs:allow-temp-metaThis allows read access to metadata of the $TEMP folder, including file listing and statistics.
fs:scope-temp-recursiveThis scope recursive access to the complete $TEMP folder, including sub directories and files.
fs:scope-tempThis scope permits access to all files and list content of top level directories in the $TEMPfolder.
fs:scope-temp-indexThis scope permits to list all files and folders in the $TEMPfolder.
fs:allow-template-read-recursiveThis allows full recursive read access to the complete $TEMPLATE folder, files and subdirectories.
fs:allow-template-write-recursiveThis allows full recusrive write access to the complete $TEMPLATE folder, files and subdirectories.
fs:allow-template-readThis allows non-recursive read access to the $TEMPLATE folder.
fs:allow-template-writeThis allows non-recursive write access to the $TEMPLATE folder.
fs:allow-template-meta-recursiveThis allows read access to metadata of the $TEMPLATE folder, including file listing and statistics.
fs:allow-template-metaThis allows read access to metadata of the $TEMPLATE folder, including file listing and statistics.
fs:scope-template-recursiveThis scope recursive access to the complete $TEMPLATE folder, including sub directories and files.
fs:scope-templateThis scope permits access to all files and list content of top level directories in the $TEMPLATEfolder.
fs:scope-template-indexThis scope permits to list all files and folders in the $TEMPLATEfolder.
fs:allow-video-read-recursiveThis allows full recursive read access to the complete $VIDEO folder, files and subdirectories.
fs:allow-video-write-recursiveThis allows full recusrive write access to the complete $VIDEO folder, files and subdirectories.
fs:allow-video-readThis allows non-recursive read access to the $VIDEO folder.
fs:allow-video-writeThis allows non-recursive write access to the $VIDEO folder.
fs:allow-video-meta-recursiveThis allows read access to metadata of the $VIDEO folder, including file listing and statistics.
fs:allow-video-metaThis allows read access to metadata of the $VIDEO folder, including file listing and statistics.
fs:scope-video-recursiveThis scope recursive access to the complete $VIDEO folder, including sub directories and files.
fs:scope-videoThis scope permits access to all files and list content of top level directories in the $VIDEOfolder.
fs:scope-video-indexThis scope permits to list all files and folders in the $VIDEOfolder.
fs:deny-webview-data-linuxThis denies read access to the $APPLOCALDATA folder on linux as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.
fs:deny-webview-data-windowsThis denies read access to the $APPLOCALDATA/EBWebView folder on windows as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.

Command Permissions

PermissionDescription
fs:allow-copy-fileEnables the copy_file command without any pre-configured scope.
fs:deny-copy-fileDenies the copy_file command without any pre-configured scope.
fs:allow-createEnables the create command without any pre-configured scope.
fs:deny-createDenies the create command without any pre-configured scope.
fs:allow-existsEnables the exists command without any pre-configured scope.
fs:deny-existsDenies the exists command without any pre-configured scope.
fs:allow-fstatEnables the fstat command without any pre-configured scope.
fs:deny-fstatDenies the fstat command without any pre-configured scope.
fs:allow-ftruncateEnables the ftruncate command without any pre-configured scope.
fs:deny-ftruncateDenies the ftruncate command without any pre-configured scope.
fs:allow-lstatEnables the lstat command without any pre-configured scope.
fs:deny-lstatDenies the lstat command without any pre-configured scope.
fs:allow-mkdirEnables the mkdir command without any pre-configured scope.
fs:deny-mkdirDenies the mkdir command without any pre-configured scope.
fs:allow-openEnables the open command without any pre-configured scope.
fs:deny-openDenies the open command without any pre-configured scope.
fs:allow-readEnables the read command without any pre-configured scope.
fs:deny-readDenies the read command without any pre-configured scope.
fs:allow-read-dirEnables the read_dir command without any pre-configured scope.
fs:deny-read-dirDenies the read_dir command without any pre-configured scope.
fs:allow-read-fileEnables the read_file command without any pre-configured scope.
fs:deny-read-fileDenies the read_file command without any pre-configured scope.
fs:allow-read-text-fileEnables the read_text_file command without any pre-configured scope.
fs:deny-read-text-fileDenies the read_text_file command without any pre-configured scope.
fs:allow-read-text-file-linesEnables the read_text_file_lines command without any pre-configured scope.
fs:deny-read-text-file-linesDenies the read_text_file_lines command without any pre-configured scope.
fs:allow-read-text-file-lines-nextEnables the read_text_file_lines_next command without any pre-configured scope.
fs:deny-read-text-file-lines-nextDenies the read_text_file_lines_next command without any pre-configured scope.
fs:allow-removeEnables the remove command without any pre-configured scope.
fs:deny-removeDenies the remove command without any pre-configured scope.
fs:allow-renameEnables the rename command without any pre-configured scope.
fs:deny-renameDenies the rename command without any pre-configured scope.
fs:allow-seekEnables the seek command without any pre-configured scope.
fs:deny-seekDenies the seek command without any pre-configured scope.
fs:allow-statEnables the stat command without any pre-configured scope.
fs:deny-statDenies the stat command without any pre-configured scope.
fs:allow-truncateEnables the truncate command without any pre-configured scope.
fs:deny-truncateDenies the truncate command without any pre-configured scope.
fs:allow-unwatchEnables the unwatch command without any pre-configured scope.
fs:deny-unwatchDenies the unwatch command without any pre-configured scope.
fs:allow-watchEnables the watch command without any pre-configured scope.
fs:deny-watchDenies the watch command without any pre-configured scope.
fs:allow-writeEnables the write command without any pre-configured scope.
fs:deny-writeDenies the write command without any pre-configured scope.
fs:allow-write-fileEnables the write_file command without any pre-configured scope.
fs:deny-write-fileDenies the write_file command without any pre-configured scope.
fs:allow-write-text-fileEnables the write_text_file command without any pre-configured scope.
fs:deny-write-text-fileDenies the write_text_file command without any pre-configured scope.
fs:read-allThis enables all read related commands without any pre-configured accessible paths.
fs:read-dirsThis enables directory read and file metadata related commands without any pre-configured accessible paths.
fs:read-filesThis enables file read related commands without any pre-configured accessible paths.
fs:read-metaThis enables all index or metadata related commands without any pre-configured accessible paths.
fs:scopeAn empty permission you can use to modify the global scope.
fs:write-allThis enables all write related commands without any pre-configured accessible paths.
fs:write-filesThis enables all file write related commands without any pre-configured accessible paths.

Scopes

To allow any fs command to access specific scopes:

src-tauri/capabilities/main.json
{
"$schema": "../gen/schemas/desktop-schema.json",
"identifier": "main-capability",
"description": "Capability for the main window",
"windows": ["main"],
"permissions": [
{
"identifier": "fs:scope",
"allow": [{ "path": "$APPDATA" }, { "path": "$APPDATA/**" }]
}
]
}

To allow specific fs command to access specific scopes:

src-tauri/capabilities/main.json
{
"$schema": "../gen/schemas/desktop-schema.json",
"identifier": "main-capability",
"description": "Capability for the main window",
"windows": ["main"],
"permissions": [
{
"identifier": "fs:allow-rename",
"allow": [{ "path": "$HOME/**" }]
},
{
"identifier": "fs:allow-exists",
"allow": [{ "path": "$APPDATA/*" }]
}
]
}

© 2024 Tauri Contributors. CC-BY / MIT