Hi Brian,
Since few clients support ACLs and even fewer do it right (and Horde has all sorts of its own problems), I wrote a web client and a system daemon to handle ACL manipulation.
However, the daemon only works on Solaris with real system users (not mysql userdb or etc). Our environment was one of real users that can log into the machines, so it takes advantage of filesystem ACLs for security in the shell/sftp/etc contexts. So it's a limited audience. If anyone is interested I can probably get around to finalizing some debugging and putting it up on the 'net in mid-May. I might also be willing to generalize it to non-system user environments.
-Brian
this sounds interesting. I'd really appreciate if you could get your work published. Perhaps we could it addapt so that it fits our needs, since we currently have a virtual user environment based on ldap.
Martin