How do I use chmod on a Mac to make new files inherit parent directory permissions?

Solution 1:

First, a bit of background to explain what's going on: Files in OS X can have two quite different kinds of permission settings applied to them: POSIX and ACLs.

Files always (well, almost always) have POSIX permissions applied, consisting of an owner, group, and others (with some combination of read, write, and execute for each of those). There is no way to control inheritance of POSIX permissions: new items are always owned by whatever user created them, the group assignment is inherited from the folder they're in, and the access is determined by the umask (which is pretty much always: owner gets full access, group and others read only + execute for folders). So POSIX permissions won't work for what you're trying to do.

Files can also have an access control list (ACL) applied. This is a list of access control entries (ACEs), each of which applies to a user or group, specifies types of access (in great detail), whether they're being allowed or denied, and whether the ACE should also be copied to items created inside the folder. That last bit is the part that makes this useful for you; you need to create an ACE on the folder that specifies the group you want, the types of access you want, and full inheritance.

chmod on OS X can manipulate ACEs with the +a, -a, etc permissions options. If I understand what you want, you'd use this (with your group name and folder path substituted) to create the ACE:

chmod +a "group:examplegroup allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /path/to/folder

Note that the inheritance is not "live", i.e. it doesn't apply to items created before you assigned the ACE, and it doesn't apply to items created somewhere else and then moved into the folder. You can apply it to existing contents by using -R (chmod -R +a ...). I don't know of a way (except Apple's server admin tools) to force inheritance to items moved into the folder.

Solution 2:

This (-R) is not what most people seek to do; most of the time they would prefer to change the ACL on the topmost directory and do something magical to force all contained objects to inherit flags according to the ACL they specified on the root of that sub-tree. This is much more elegant as the ACLs on the objects will sort these inherited ACEs according to policy.

And yes, I had to write a python script to do this, I didn't find anything appropriate either.

Solution 3:

Try adding -R to @gordon's command, like so:

chmod -R +a "group:_www allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" outdoors

The -R option will (as noted here):

Recurse: Change the mode of file hierarchies rooted in the files instead of just the files themselves.

Changing the file hierarchies seems to be what you're looking for (for new files, directories, etc.).

You can also check out this Apple.SE post, which covers a situation somewhat similar to yours (except relating to a shared directory), which required a sudo tacked onto the front.

Solution 4:

On a Mac try using PathFinder, it makes it easy to set ACL and POSIX. If you're hosting WordPress on a Mac Server you'll also need to set define('FS_METHOD', 'direct'); in the wp-config.php so that installing plugins and upgrading won't ask you for FTP details.

So basically you keep the default POSIX permissions, and add the user _www (not group) to ACL, then click Propagate Permission in the ACL window.