Specify default group and permissions for new files in a certain directory
I have a certain directory in which there is a project shared by multiple users. These users use SSH to gain access to this directory and modify/create files.
This project should only be writeable to a certain group of users: lets call it "mygroup". During an SSH session, all files/directories created by the current user should by default be owned by group "mygroup" and have group-writeable permissions.
I can solve the permissions problem with umask
:
$ cd project
$ umask 002
$ touch test.txt
File "test.txt" is now group-writeable, but still belongs to my default group ("mislav", same as my username) and not to "mygroup". I can chgrp
recursively to set the desired group, but I wanted to know is there a way to set some group implicitly like umask changes default permissions during a session.
This specific directory is a shared git repo with a working copy and I want git checkout
and git reset
operations to set the correct mask and group for new files created in the working copy. The OS is Ubuntu Linux.
Update: a colleague suggests I should look into getfacl/setfacl of POSIX ACL but the solution below combined with umask 002
in the current session is good enough for me and is much more simple.
In order to have all files under a given directory inherit group rights, you need to use the setgid bit on your directory. See this link.
$ mkdir test
$ sudo chown raphink.staff test
$ ls -lhd test
drwxr-xr-x 2 raphink staff 4.0K 2009-12-21 16:19 test
$ sudo chmod g+s test # Set the setgid bit
$ ls -lhd test
drwxr-sr-x 2 raphink staff 4.0K 2009-12-21 16:21 test
$ touch test/foo
$ ls -lh test
total 0
-rw-r--r-- 1 raphink staff 0 2009-12-21 16:23 foo
If you want to do this with an existing folder, you need to make sure the setgid bit is enabled for all subfolders as well. However, you don't need it on files, and you probably don't want it on files either. Here is how to set it for all subfolders recursively.
find /path/to/base/dir -type d -exec chmod g+s {} +
I'm not much of an expert when it comes to the *nix side, but I think what you're looking for is called setgid.
See here.
I cannot find the source back, but using setgid
to solve this issue for bare git repositories, which I assume is your case, is deprecated, and can cause issues in some cases.
Git can take care of all this via the core.sharedRepository
flag. I had the same issue and solved it as follows:
Assuming repogroup
is your group, and you have cd
to the repo directory:
First change the shared flag to group
:
git config core.sharedRepository group
Note: here you must use the keyword group
, not the group name.
This is equivalent to creating the bare repository with option --shared=group
.
Then change the group for the whole repository:
chgrp -R repogroup .
To make sure that existing directories are group-writable (g+w
),
and existing executables also become group-executables (g+X
)
you also need to:
chmod -R g+wX .
Once you have done this, git will honor the shared=group
flag and take care of group permissions in the following, both for existing and new files, so you'll never need again to umask
or chgrp
.
I'll put the source in a comment if I find it back.