Mount a directory to another location and alter permission bits.
bindfs is a FUSE filesystem for mounting a directory to another location, similarly to
mount --bind. The permissions inside the mountpoint can be altered using various rules.
Here are some examples of what bindfs can do for you:
Make a directory read-only for non-root users.
bindfs --perms=a-w somedir somedir
Share a directory with some other users without modifying /etc/group.
bindfs --mirror-only=joe,bob,@wheel ~/some/dir shared
Make all new files uploaded to an FTP share owned by you and seen by everyone.
bindfs --create-for-user=me --create-with-perms=u+rw,a+rD /var/ftp/uploads /var/ftp/uploads
Make your website available to the webserver process read-only.
bindfs --force-user=www --perms=0000:u=rD ~/stuff/website ~/public_html
/home/bob/stuff/website /home/bob/public_html fuse.bindfs force-user=www,perms=0000:u+rD 0 0
bindfs is available through the software repositories of many Linux distributions, as well as MacPorts on OS X. Check there first unless there is a specific new feature that you need.
Download the latest source tarball here: bindfs-1.13.2.tar.gz.
Compile & install:
./configure && make && sudo make install.
There is an extensive HowTo on Ubuntu Forums.
All FUSE filesystems necessarily incur a performance penalty in CPU time and memory consumption. While bindfs is very flexible, it can be quite slow as Guy Paddock’s analysis and benchmark demonstrates. If all you need is to make a directory read-only then
mount --bind -r is more efficient.
bindfs was initially developed in 2006. I consider the program fairly feature-complete but I’ll still gladly fix bugs and add some small features as people suggest them.