Make all new files in a directory accessible to a group
Suppose I have two users Alice and Bob and a group GROUPNAME and a folder
foo, both users are members of GROUPNAME (using Linux and ext3).
If I save as user Alice a file under
foo, the permissions are:
-rw-r--r-- Alice Alice. However, is it possible to achieve that every file saved under some subdirectory of
-rwxrwx--- Alice GROUPNAME(i.e. owner Alice, group GROUPNAME)?
You can control the assigned permission bits with
umask, and the group by making the directory setgid to
$ umask 002 # allow group write; everyone must do this $ chgrp GROUPNAME . # set directory group to GROUPNAME $ chmod g+s . # files created in directory will be in group GROUPNAME
Note that you have to do the
chmodfor every subdirectory; it doesn't propagate automatically (that is, neither existing nor subsequently created directories under a setgid directory will be setgid, although the latter will be in group
Also note that
umaskis a process attribute and applies to all files created by that process and its children (which inherit the
umaskin effect in their parent at
fork()time). Users may need to set this in
~/.profile, and may need to watch out for things unrelated to your directory that need different permissions. modules may be useful if you need different settings when doing different things.
You can control things a bit better if you can use POSIX ACLs; it should be possible to specify both a permissions mask and a group, and have them propagate sensibly. Support for POSIX ACLs is somewhat variable, though.
Subdirectories created after setting setgid on the parent directory will have setgid set automatically.
@Arrowmaster: On some systems, perhaps, but not all; I tested on OSX and it doesn't propagate, at least for non-root.
Well on Debian (and I assume most other Linux distros) the setgid and group name both propagate.
On OS X, the setgid bit on a directory is just ignored; new files and directories are *always* given the group of their containing directory.
Is it also possible that files copied or moved to foo (using cp resp. mv) gain the desired permissions automatically (`-rwxrwx--- A G`)?
If your OS doesn't support ACLs, or your file system can't be configured to use ACLs, then this is a good answer. However if you can use ACLs, that is a better approach. See the answer from @Gilles below.
`Note that you have to do the chgrp/chmod for every subdirectory; it doesn't propagate automatically` — is there a reason why the `-R` flag can't fix this? Or is that flag non-portable?
I have made it, and test, it works! But this doesn't help a lot in my case as new folders are creating with drwxrwxr-x BUT files with -rw-r--r-- and it is not writeable for users in the same group.