linux setfacl permission to different user and able to write in recursive

Question

I have tow user in same group 1. user 1 : datauser 2. user 2 : webuser 3. Group : apache

What set permission using setfact to either of user can create directory/file recursive.

Ex.: directory /web/foo/ What permission/mask set (using setfact), so that datauser/webuser can create directory under foo dir (recursive).

#datauser : mkdir -p /web/foo/datadir/
#webuser : mkdir -p /web/foo/datadir/webdir
#datauser : touch /web/foo/datadir/webdir/datafile.txt
#webuser : touch /web/foo/datadir/webfile.txt
etc...

I try with below command, but when any directory created using      
webuser:apache, then datauser:apache not able to write under that.

setfacl -Rm u:webuser:rwX,d:u:webuser:rwX foo
setfacl -Rm u:datauser:rwX,d:u:datauser:rwX foo
setfacl -Rm m:rwX,d:m:rwX foo

---

That umask and chmod not work.
[datauser]$ mkdir foo
[datauser]$ chmod g+ws foo
[datauser]$ umask 002 foo

[datauser]$ getfacl foo
file: foo
owner: datauser group: apache
flags: -s-
user::rwx
group::rwx
other::r-x

Now create directory using webuser:apache user [PHP : mkdir(/web/foo/browser, 0755, ture); ] And directory permission is: [datauser]$ getfacl foo/browser/ file: foo/browser/
owner: apache
group: apache
flags: -s-
user::rwx
group::r-x
other::r-x

Now create file under browser dir. getting permission denied.

[datauser]$ touch foo/browser/command.txt
touch: cannot touch ‘foo/browser/command.txt’: Permission denied

Answer 1

How about using chmod g+ws /web/foo? This sets the setgid and write bits on the directory, which makes all created files' groups to be apache in that directory, and allows all apache group users to write to that directory and create further directories inside it.

And another thing that you need to do is to update your umask so that group has write permissions by default. So, you should add umask 002 somewhere in your startup files so that group gets write permissions by default.