16

I have a certain directory in which there is a project shared by multiple users. These users use SSH to gain access to this directory and modify/create files.

This project should only be writeable to a certain group of users: lets call it "mygroup". During an SSH session, all files/directories created by the current user should by default be owned by group "mygroup" and have group-writeable permissions.

I can solve the permissions problem with umask:

$ cd project
$ umask 002
$ touch test.txt

File "test.txt" is now group-writeable, but still belongs to my default group ("mislav", same as my username) and not to "mygroup". I can chgrp recursively to set the desired group, but I wanted to know is there a way to set some group implicitly like umask changes default permissions during a session.

This specific directory is a shared git repo with a working copy and I want git checkout and git reset operations to set the correct mask and group for new files created in the working copy. The OS is Ubuntu Linux.

Update: a colleague suggests I should look into getfacl/setfacl of POSIX ACL but the solution below combined with umask 002 in the current session is good enough for me and is much more simple.

mislav
  • 263
  • 1
  • 3
  • 7

4 Answers4

20

In order to have all files under a given directory inherit group rights, you need to use the setgid bit on your directory. See this link.

 $ mkdir test
 $ sudo chown raphink.staff test
 $ ls -lhd test
     drwxr-xr-x 2 raphink staff 4.0K 2009-12-21 16:19 test
 $ sudo chmod g+s test # Set the setgid bit
 $ ls -lhd test
     drwxr-sr-x 2 raphink staff 4.0K 2009-12-21 16:21 test
 $ touch test/foo
 $ ls -lh test
     total 0
     -rw-r--r-- 1 raphink staff 0 2009-12-21 16:23 foo
raphink
  • 11,337
  • 6
  • 36
  • 47
6

If you want to do this with an existing folder, you need to make sure the setgid bit is enabled for all subfolders as well. However, you don't need it on files, and you probably don't want it on files either. Here is how to set it for all subfolders recursively.

find /path/to/base/dir -type d -exec chmod g+s {} +
andrewtweber
  • 449
  • 1
  • 10
  • 18
5

I cannot find the source back, but using setgid to solve this issue for bare git repositories, which I assume is your case, is deprecated, and can cause issues in some cases.

Git can take care of all this via the core.sharedRepository flag. I had the same issue and solved it as follows:

Assuming repogroup is your group, and you have cd to the repo directory:

First change the shared flag to group:

git config core.sharedRepository group 

Note: here you must use the keyword group, not the group name. This is equivalent to creating the bare repository with option --shared=group.

Then change the group for the whole repository:

chgrp -R repogroup .

To make sure that existing directories are group-writable (g+w), and existing executables also become group-executables (g+X) you also need to:

chmod -R g+wX .

Once you have done this, git will honor the shared=group flag and take care of group permissions in the following, both for existing and new files, so you'll never need again to umask or chgrp.

I'll put the source in a comment if I find it back.

ggll
  • 151
  • 1
  • 1
4

I'm not much of an expert when it comes to the *nix side, but I think what you're looking for is called setgid.

See here.

ThatGraemeGuy
  • 15,314
  • 12
  • 51
  • 78