I would like to define local ACLs to be used over a remotely mounted filesystem.
The filesystem is mounted via autofs and sshfs FUSE.
The idea is that we could set up a jailed user on a jump server with access to read files on other servers in the environment and use standard commands without a lot of exposure and certainly without granting ssh access.
Problem is, sshfs will always run as the same user, so files within the path on the remote system would be exposed regardless of the user that they were exposed for.
I've explored coding the security check right into sshfs, but before I go down that road I'd like to see if any other package can add ACL support to an otherwise read only filesystem.
Edit: @peterph How would you set your ACLs for the NFS share when the remote filesystem is read only?
sshfs was really easy to take apart, so I added the ACL check right into sshfs itself a few days after writing this. Users get jailed on login via OpenSSH and jailkit, and access the read only sshfs automount as a non-privileged user from there. Every dir/file stat or read generates a syslog event. It's been working like a charm and the users have no rights off of the one jailed box.
Best Answer
Is there a reason for not using NFS with ACL support? You could either tunnel it through SSH/VPN, or use NFSv4 which supports encryption on its own.