I've read a lot of solutions for something like this, but nothing seems to work quite right for me. I have a shared development box used for a few projects that require such a thing and I'd like to configure it so that files created by users in the /opt/dev
directory:
- Are owned by
<username>:developers
- Have permissions set to
774
(files) - Have permissions set to
775
(directories)
All developer users have their primary group set to developers
so the first requirement has been pretty solid. What's a lot less solid is the actual permissions. They just aren't being set consistently the way we need them to get set and I haven't found the right solution.
I do have the sticky bit set (g+s
) based on something else I read at some point, but that wouldn't seem to be particularly useful since all users are in the same primary group.
I also have the default umask
set to 002
in /etc/login.defs
. I thought that would kind of cover it, that doesn't seem to be the case.
I'd really appreciate any advice about how to get everything lined up properly. I feel like I'm constantly in there adjusting a file here and a directory there just so people can do their work.
Best Answer
Ok, for point 1, the solution is quite easy:
For points 2 and 3, I suppose you'll need
ACL
. So, the first thing to do is to edit/etc/fstab
to give the optionacl
to the mountpoint of/opt/dev
. If/opt/dev
is not on a separate partition you'll need to enableACL
for the whole root filesystem.Then you'll have to follow this answer.
should be equivalent to
chgrp developers /opt/dev
(and doesn't set thesticky
bit,s
sets thesuid
bit).Then proceed with
setfacl
:to set advanced permission criteria for files and directories. To be honest, I couldn't find a way to set separate file and directory permissions, but I'm pretty sure it's doable. You can try this tutorial to have more information about the topic.