I've been trying to do this for a while, but I haven't found much info on this so I had to put the pieces together myself, so to speak. In essence, I want to change the umask for only one folder, which you can't really do with umask... This is the only way AFAIK to achieve this. Please let me know if there is a simpler way.
Here is my objective:
I have a folder which I want to share with rw permissions for a selected group of users. Let's say the folder is /music and I want to share it with the group media. What we want is not only having users accessing files in /music with rw access, but also to ensure that all files created in /music will have ownership username:media and permissions -rw-rw-r-- .
To achieve this, we will use two tools:
1) GID
2) ACL (man acl)
GID
Lets assume the /music directory has the following permissions:
Code:
drwxrwxr-x root media
By setting the GID on the directory /music , files created within this directory will have the same group as the /music directory. For example, normally we would expect a newly created file to have the following ownership:
Code:
-rw-r--r-- 1 matty users 0 2007-12-06 22:46 newfile
If we set the GID of /music :
Now, newly created files in /music will have the following ownership:
Code:
-rw-r--r-- 1 matty media 0 2007-12-06 22:46 newfile
We are one step closer but what we actually want is:
Code:
-rw-rw-r-- 1 matty media 0 2007-12-06 22:46 newfile
so that other users in the group media will be able to modify/delete the file.
ACL
ACL is included in the default Slackware install (for Ubuntu
sudo apt-get install acl should do the trick). To "activate" it, you simply have to remount the drive with the acl option.
My fstab looks something like this (modify yours appropriately - don't mess it up!):
Code:
/dev/hdb1 /music ext3 defaults,acl 1 2
I have used ACL with reiserfs and ext3. I'm not sure how it works with others. Also, it seems that you don't have to specify acl in the options for xfs partitions.
Now remount the drive for it to take effect:
Code:
mount -o remount /music
We can now use ACL to create default permissions for for newly created files in /music
Code:
setfacl -d -m g::rwx /music
setfacl -d -m o::rx /music
Check the new permissions:
The output should look something like this:
Code:
# file: /music
# owner: matty
# group: media
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
We're done. For those who prefer a GUI, you can execute the steps outlined above using Konqueror. Right click -> permissions -> advanced permissions. Mess around with those options at you leisure.
Now, when we create a new file in /music :
Code:
touch newfile
ls -l newfile
Gives us:
Code:
-rw-rw-r--+ 1 matty media 0 2007-12-06 22:46 newfile
The plus sign is to indicate ACL attributes are in effect on the file.
Newly created folders in /music should have:
Code:
drwxrwsr-x+ 2 matty media 48 2007-12-06 23:15 newfolder/
Applying this idea to an already existing messy /music folder with subdirectories.
Before you do this as root in a valuable folder, its probably a good idea to practice as user in a not so valuable folder in your home directory to avoid potentially disastrous mistakes. 
Before using chmod and chown with -R as root, think carefully...
Set GID as described above:
Code:
chown -R :media /music
chmod 775 music
chmod g+s /music
ls -ld music should give us
Code:
drwxrwsr-x 3 matty media
*** find a way to set the g+s on all subdirectories ***
This is pretty straight forward using konqueror. Select all the directories and right click, permissions, and advanced permissions.
From the command line: ???
We can apply acl recursively:
Code:
setfacl -R -d -m g::rwx -m o::rx /music
This creates the default rules for newly created files/dirs within the /music directory and subdirectories.
If the original files in there were created with a "standard" umask, most of them will have permissions similar to:
Code:
-rw-r--r--
drwx-r-xr-x
Assuming this is the case, we can fix this with
Code:
chmod -R g+w /music
That should do it.
Your files in /music should now be group (media) writeable. New files will be created with group media and be group writeable as well.
