diff -r 21274e5950af -r a1f4cb076d2f src/server/daemon/acl.c
--- a/src/server/daemon/acl.c	Tue Aug 13 22:14:32 2019 +0200
+++ b/src/server/daemon/acl.c	Sat Sep 24 16:26:10 2022 +0200
@@ -100,6 +100,7 @@
 }
 
 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list) {
+    // TODO: cache result #50
     if(!sn || !rq || !list) {
         return NULL;
     }
@@ -178,7 +179,7 @@
     ACLList *acl = acl_evallist(list, user, access_mask, NULL);
     if(acl) {
         acl_set_error_status(sn, rq, acl, user);
-        // TODO: don't free the user here
+        // TODO: don't free the user here #51
         if(user) {
             user->free(user);
         }
@@ -316,7 +317,7 @@
         uid_t owner,
         gid_t owninggroup);
 
-int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
+int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
     sstr_t p;
     if(path[0] != '/') {
         size_t n = 128;
@@ -331,11 +332,11 @@
             }
         }
         sstr_t wd = sstr(cwd);
-        sstr_t pp = sstr(path);
+        sstr_t pp = sstr((char*)path);
 
         p = sstrcat(3, wd, sstrn("/", 1), pp);
     } else {
-        p = sstrdup(sstr(path));
+        p = sstrdup(sstr((char*)path));
     }
     if(p.ptr[p.length-1] == '/') {
         p.ptr[p.length-1] = 0;
@@ -461,6 +462,11 @@
     return 1;
 }
 
+int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
+    // TODO:
+    return 1;
+}
+
 int solaris_acl_check(
         char *path,
         struct stat *s,
@@ -571,6 +577,10 @@
     return 1;
 }
 
+int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
+    return 1;
+}
+
 void fs_acl_finish() {
 
 }
@@ -579,7 +589,11 @@
 
 #ifdef BSD
 
-int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
+int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
+    return 1;
+}
+
+int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
     return 1;
 }
 
@@ -594,7 +608,7 @@
 
 #include <sys/fsuid.h>
 
-int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
+int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
     struct passwd *ws_pw = conf_getglobals()->Vuserpw;
     if(!ws_pw) {
         log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid");
@@ -638,6 +652,11 @@
     return 1;
 }
 
+int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
+    // TODO
+    return 1;
+}
+
 void fs_acl_finish() {
     struct passwd *pw = conf_getglobals()->Vuserpw;
     if(!pw) {