Securing Linux Storage with ACLs: An Open-Source Web Management Interface for Enhanced Data Protection

[TEMHITHORPHE]

@zeydabadi
Hi, name is Temi, Rust Engineer | Security Researcher | OpenSource Developer.

I have taken it upon myself to solve this task, and wanted to build out some sort of POC for inclusion with my proposal, so first I wanted to know generally speaking what other authentication modules is required apart from LDAP, and I also wanted to know what would be considered a good MVP or POC per se, a cmdline? minimal GUI with LDAP auth?.

Want to also understand how the application will be deployed, since "eiciel" does not solve the problem, I'm guessing a per-user installation is not how the solution will be used (or is it?), but more like a server-based install ?, which makes me curious as to how it's supposed to then manage ACLs, (network storage perhaps??).

ps: I didn't find out about this early enough that's why it seems I'm reaching out late, as I wasn't expecting to find tasks with Rust oriented solutions under Emory-BMI, but I'm happy I did check 😃, as the challenge falls directly within my skillset.

Profile: all available on GitHub page

[Teblurrry]

Hello!
I'm very interested in this project too:) I agree that server-based deployment would work out via network storage too, but my question is, what types of network storage should the application need to support (NFS or Samba or...), and should the ACL management logic be adapted based on the storage backend? What's more, I wanna kindly ask: For packaging, since the application gonna support both RedHat and Debian-based distributions, does the org prefer specific packaging formats (rpm or deb or both) or would alternative methods (e.g., containerized deployment) also be considered?
Looking forward to hearing more valuable thoughts!☺️

[TEMHITHORPHE]

@zeydabadi
soft reminder, answers to these questions will help craft a more focused proposal 🙂

[ayamba-coder]

I have also asked soo many questions and gotten no responses.
Maybe this project isn't really a priority to them

[Tanmay1906]

Hello mentors (@zeydabadi ) and the Emory BMI team,

I’m interested in contributing to the “Securing Linux Storage with ACLs” project for GSoC. I’ve spent time understanding the goals and reviewing the technologies involved (Linux ACLs, system-level service design, web frontends with secure backend integration), and I’m currently finalizing my proposal for submission today.

I understand that time is short, but I wanted to express my strong interest and share that I’ve started outlining the architecture and system flow, with a focus on:

"A lightweight web interface using Flask (or alternative) without external JS dependencies"
"Integration with Linux ACLs using Python’s os and subprocess for getfacl/setfacl"
"Secure deployment via SystemD with non-root privileges"
"LDAP-based authentication module"

I’ll also be sharing the proposal with you shortly via the GSoC portal. Any final feedback or guidance, even post-submission, would be deeply appreciated. I’d love the chance to learn and contribute meaningfully to this important security-focused tool.

Thank you for considering my application and for offering such a well-thought-out project.

Best,
Tanmay Verma
GitHub: https://github.com/Tanmay1906
Email: vermatanmay87@gmail.com