You may want to consider a different approach: generally, the default umask setting is (and should be) 022; i.e., files are read-write for the owner, read for the group and read for public. You can change that value to 002 so that files are read-write for both owner and group. Having directories and files created with the modes you're suggesting is, well, just asking for trouble -- bear in mind that if umask is set system-wide to create files and directories as you're thinking, every file and directory will be created that way irrespective of "who" creates them (so, anything created by root will have Attila the Hun privileges for anybody with access to the system). A umask value of 022 creates directories "755" and files with "644," and a umask value of 002 creates directories "775" and "664" which is more reasonable.
If you set your umask to 002 and your contract employees are in group "contractor" they will have permissions to read and write files as necessary; adding your regular employees to the "contractor" group (you would use the usermod utility, possibly with the -G option) and add your regular employee's user names to the "contractor" group so they would have read-write permissions. If you look at the file /etc/group you will see examples of what this would look like. Note that you do not change the regular employee's default group (which may be "users"), rather you add their account names to the "contractor" group (in /etc/group with the usermod utility) so that they can access files and directories.
There may be a file /etc/login.defs on your system; if so, that is where you can change the UMASK value from 022 to 002. Please do not change that to 000 -- it will come back an bite you if you do.
Hope this helps some.
|