One of my workmates was just about to play around with Linux ACLs on desktops with enduser-usability. He tried to setup network shares via NFS and standard Linux ACLs to the LDAP users.
He told me then he has a weird problem with moving files into this share and keeping the right permissions. He expected that when moving a file into this network share the file get the ACL permission of the parent directory (default ACL set on parent directory). This was true when you copy a file, but when moving a file in this share it just keeps the old permissions.
This was a big problem for us for the enduser usability. You cannot expect that endusers dont have to moving files but instead copy them and then delete on the old location. We also couldnt find any information or workaround to fix this problem.
So my idea was to write a small program in python that observes this special directories and sets the ACLs as expected. As first testings gives feedback this seems to work very well. It uses standard Python 2.7 and the inotify kernel extension. You also have to setup the “sudoers” file if you dont want it to run as root.
If you are interested or have the same problem you are welcome to test this program on your own. I have setup a bitbucket project to host this program.
Update: I have also setup a small project page now with some usage information: Linux ACL-Observer