You can use an ACL (access control list) to set the default permissions for files in a directory.
From man 5 acl
:
If a default ACL is associated with a directory, the mode parameter to
the functions creating file objects and the default ACL of the directory
are used to determine the ACL of the new object:
The new object inherits the default ACL of the containing directory
as its access ACL.
The access ACL entries corresponding to the file permission bits are
modified so that they contain no permissions that are not contained
in the permissions specified by the mode parameter.
To set it up (change device, directories, etc., accordingly):
Edit your /etc/fstab
file and add the acl
mount option.
/dev/mapper/star-home /home ext3 defaults,acl 0 2
Remount (Samba mount.cifs
man page) your filesystem by rebooting or use:
mount -o remount,acl /home
Make sure you have the setfacl
and getfacl
utilities.
Set the default ACL on the directory (you may also need to set the ACL on existing files):
$ setfacl -m d:user:george:rwx,d:group:sales-g:rwx,d:group:marketing-g:rwx projections
See the linked tutorial for more information.
Source: Tutorial Part 1 and Part 2
Reference: POSIX Access Control Lists on Linux
Let's say you have Sue & Sam in Sales and Harry and Hermione in HR.
- Create users sue, sam, harry, hermione
- Create groups hr and sales.
- Add sue & sam to group sales.
- Add harry and hermione to group hr.
- create folders hr and sales in
/var/www/htdocs
†
- change group of folder hr to group hr
- ditto sales
- set the group bit so files created in sales & hr inherit group
- set permissions so group can write, others can only read
- for convenience, create a softlink to hr from hermione and harry's home directories
- ditto sales folk.
- edit Apache config as needed (e.g. name based virtual server for sales.example.com)
Useful commands (see man pages)
- mkdir
- chown
- chgrp
- groupadd
- useradd
- groupmod
- ln
† or wherever Apache's docroot is
Best Answer
0775
is rarely correct for a file. The following will add the appropriate desired permissions to the appropriate type, without disturbing other existing permissions:See the man page for find to help decipher that.