diff --git a/README.md b/README.md
index 2e578f78..8ae5a2ae 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,6 @@ pip install black bandit pylint flake8  # vscode tooling
 
 roughly sorted by priority
 
-* permissions break for `ed` on `-v /home/ed/vfs:moji:r -v /home/ed/inc:inc:r:aed`
 * http error handling (conn.status or handler-retval)
 * look into android thumbnail cache file format
 * last-modified header
diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index 9b4b7b34..45907a70 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -70,16 +70,19 @@ class VFS(object):
     def can_access(self, vpath, uname):
         """return [readable,writable]"""
         vn, _ = self._find(vpath)
-        return [uname in vn.uread, uname in vn.uwrite]
+        return [
+            uname in vn.uread or "*" in vn.uread,
+            uname in vn.uwrite or "*" in vn.uwrite,
+        ]
 
     def get(self, vpath, uname, will_read, will_write):
         """returns [vfsnode,fs_remainder] if user has the requested permissions"""
         vn, rem = self._find(vpath)
 
-        if will_read and uname not in vn.uread:
+        if will_read and (uname not in vn.uread and "*" not in vn.uread):
             raise Pebkac("you don't have read-access for this location")
 
-        if will_write and uname not in vn.uwrite:
+        if will_write and (uname not in vn.uwrite and "*" not in vn.uwrite):
             raise Pebkac("you don't have write-access for this location")
 
         return vn, rem
@@ -117,8 +120,8 @@ class VFS(object):
 
     def user_tree(self, uname, readable=False, writable=False):
         ret = []
-        opt1 = readable and uname in self.uread
-        opt2 = writable and uname in self.uwrite
+        opt1 = readable and (uname in self.uread or "*" in self.uread)
+        opt2 = writable and (uname in self.uwrite or "*" in self.uwrite)
         if opt1 or opt2:
             ret.append(self.vpath)