Ok so, heres my situation and how I solved the problem for future googlers:
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech.
I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute.
I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech.
simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
Trying to fix this problem i found literally HUNDREDS of these thread and this same question posted EVERYWHERE. And every answer was the same....you do it with umask. by changing EVERYONES umask in /etc/profile to 027 and create a cronjob that fixes all permissions to 0750 every minute. This is BS. I aint doing that...
Here's how to do it.
#chown root:tech tech/
#chmod g+s tech/
#chmod 0750 tech/
#setfacl -d -m g:techAdmin:rwx tech/
when you run getfacl tech, you should see:
# file: tech/
# owner: root
# group: tech
# flags: -s-
BUT WAIT THERES MORE! This company uses Windows clients too...so we need essentially the SAME setup for them too. This can be accomplished in SAMBA. Your smb.conf file tech share should look like this:
comment = Tech department only
inherit acls = Yes
path = /mnt/tech
guest ok = no
browseable = yes
create mask = 0750 #this forces all created documents to have 750 perms
directory mask = 0750 #same for directories
force group = tech #this is so that all files written to the share will be set to "chgrp tech" if you dont do this only the user that created the file will have access to it.
write list = @techAdmin #only the group that has write privileges
valid users = @tech
user1 and user2 can now log into Windows OR linux, create or modify existing files within the tech directory. user3 and user4 can also log into Windows OR linux, but only have read access...they cannot create, modify, delete.