bindfs - Mount a directory elsewhere with changed permissions.

bindfs is a FUSE filesystem for mirroring a directory to another directory, similarly to mount --bind. 
The permissions of the mirrored directory can be altered in various ways.

Some things bindfs can be used for:

　　1. Making a directory read-only.
　　2. Making all executables non-executable.
　　3. Sharing a directory with a list of users (or groups).
　　4. Modifying permission bits using rules with chmod-like syntax.
　　5. Changing the permissions with which files are created.
　　6. Non-root users can use almost all features, but most interesting use-cases need user_allow_other to be defined in /etc/fuse.conf.

Non-root users can use almost all features, but most interesting use-cases need user_allow_other to be defined in /etc/fuse.conf.

Make a directory read-only for non-root users.
bindfs --perms=a-w somedir somedir

Share a directory with some other users without modifying /etc/group.
bindfs --mirror-only=joe,bob,@wheel ~/some/dir shared

Make all new files uploaded to an FTP share owned by you and seen by everyone.
bindfs --create-for-user=me --create-with-perms=u+rw,a+rD /var/ftp/uploads /var/ftp/uploads

Make your website available to the webserver process read-only.
bindfs --force-user=www --perms=0000:u=rD ~/stuff/website ~/public_html

The corresponding /etc/fstab entry.
/home/bob/stuff/website /home/bob/public_html fuse.bindfs force-user=www,perms=0000:u+rD 0 0