Filesystem ACLs are going to be your best solution here.
You can set a default ACL on directories, and when a file is created in that directory, it inherits the default ACL. You can then set this default ACL to allow access to the files.
For example, if you wanted to grant all users of the group mygroup
read/write access to /var/www
, you can do:
setfacl -R -m group:mygroup:rw /var/www
setfacl -R -d -m group:mygroup:rw /var/www
The first line sets the ACL on all the existing files. The second line sets the default for any new files.
And while I think it's a bad idea, if you really want to allow all users full access to the files:
setfacl -R -m other::rw /var/www
setfacl -R -d -m other::rw /var/www
Note that this will require your filesystem to be mounted with ACL support. If this is not currently the case, you can do so via mount -o remount,acl /var/www
(or whatever the mountpoint is). Then edit your /etc/fstab
and add the acl
option to the appropriate line.
This is quite special and you could not manage this by using the legacy permissions architecture of an unixoid system. The closest approach to your intention is using ACLs. Issue the following command (optionally as superuser):
setfacl -d -R -m g:manager:rwx /dir/of/user1
setfacl -R -m g:manager:rwx /dir/of/user1
The first command sets the default permissions to the directory so that they apply to newly created files (by user1). The second command sets the actual rights of the folders and files recursively.
Note, that the ACL infrastructure does not apply to the Apache Webserver. Apache only cares about the legacy permissions (user/group/others permission). So inside the webfolder every file/folder must be in the www-data
group and every file must have at least read permissions for www-data
. Folders should have the execute permissions for www-data
for the Index searching.
Update:
To force the newly created files inside a directory to inherit the group of this directory set the gid bit of the directory:
chmod g+s /web/directory
Newly created files inside /web/directory
will then inherit the group of /web/directory
Best Answer
For the normal access rights this is a design decision. You need richacls:
WRITE_ACL
and maybeWRITE_OWNER
.