A few years ago, Ram Pai and I posted an article to show by example – the example itself based on an example in an OLS paper by Ram and Al Viro – how to make use of new-ish mount features in Linux. In the end, we showed how to give each user a private filesystem tree but allow them to share slave and shared mounts.
Noone seems to have taken this and run with it, so I went ahead and packaged it. The source is at lp:~serge-hallyn/user-mounts, and the package is at ppa:serge-hallyn/user-mounts. After you install it and run ‘/bin/add_user_mount john’, when john logs in he will be pivot_rooted into /user/john/. Any mounts he does after that will not be reflected in /. However, if he mounts things under /home/john/my_shared_exports, then other users will be able to see those as shared mounts under /others_shared_exports/john. Mounts under /home/john/my_slave_exports will show up under /others-slave_exports/john.
Really the slave/shared export stuff is still somewhat esoteric and, moreover, not very useful until we get unprivileged mounting. My main motivation, rather, was to combine this with libpam-mount to provide private ecryptfs homes. If user john is using an ecryptfs home mounted using libpam-mount, then the decrypted contents will actually be in /user/john/home, so user sam will not be able to see those.