I have a customer requirement that is giving me a tough time. I have a shared volume between three servers (locally mounted to one and NFS mounted to the others). The two NFS mounted servers have the Xuser user reading and writing files into the shared directory. On the third server, there is user Yuser who is also reading and writing files in the directory. Sometimes files written by Yuser will be updated by files written by Xuser. Maybe vice versa, but not sure. Both users are in the same 'grp1' group with the same group id on all three servers. The Xuser and Yuser UIDs are different. Problem is, the umask for both users is 0022. New files created by both users have 755 permissions (o:rw,g:r,w:r) on each file created. Even though both users have write permissions to the directory, they don't have write permission to the files. We don't want to change the umask for the users, because that creates vulnerabilities for too many files in other directories. How do we change the directory such that any new file created in the directory has 664 permissions?

This is what we get when the two users create files. This is good everywhere except for within the problem directory.
-rw-r--r-- 1 Xuser grp1 0 Sep 18 20:11 Xuser_created
-rw-r--r-- 1 Yuser grp1 0 Sep 18 20:10 Yuser_created

This is what we want when the two users create files in the directory, but only in this directory:
-rw-rw-r-- 1 Xuser grp1 0 Sep 18 20:11 Xuser_created
-rw-rw-r-- 1 Yuser grp1 0 Sep 18 20:10 Yuser_created

Thank you.

They're both in the same group, you could change the umask to 0012. Yes, I realize you said you don't want to do that. There are some possibilities to use extended ACLs, but I don't know how to accomplish that as well as just changing the umask.

Yeah, ACLs is the way to go

1 members found this post helpful.