On 9/22/21 07:15, Paul M. Foster wrote: > > On 9/21/21 11:42 PM, Georgi Naplatanov wrote: >> On 9/22/21 06:09, Paul M. Foster wrote: >>> Folks: >>> >>> This is probably a stupid question for many of you, but I've been >>> struggling with it since I started using Linux in 1996. >>> >>> Say you have a directory in which there are development files. A number >>> of users will be creating, deleting and modifying the files there. This >>> is the type of situation which might have been common on old Unix >>> university systems. (Users might be accessing files via Samba, NFS, or >>> locally.) >>> >>> Just to make this more concrete, assume the development tree is in >>> /var/www/html/website. >>> >>> Without setting directory and file permissions to 777, how do you allow >>> the above? What combinations of groups, directory owners/permissions and >>> file owners/permissions might make this possible? >>> >> Hi Paul, >> >> you can create a user group, add all developers to it and give this >> group permissions to read and write to that particular folder >> (/var/www/html/website). >> >> If you need more granular permissions (e.g. several development teams) >> then you can use ACLs (Access Control List). >> >> Kind regards >> Georgi >> > This is more or less the solution I tried. However, when a user creates > a file on this system, the permissions are (for example) paulf:paulf. > This means that, despite the directory permissions, other users won't be > able to modify the file normally (assuming a system umask of 022). > > However, I did just read an excellent explanation of the setgid bit, > which apparently, sets the GID of a created file to that of the > directory, rather than the file's creator. This might work. I haven't > tested it yet. > > I've heard of ACLs, but never had the need to user or learn about this. > I'm assuming that attending to ACL issues requires additional steps in > the creation/editing/deletion of files? >
I have not used ACLs either. I heard about them about 15 or more years ago and it required parameter (as I can remember) during file system creation. I don't know what is the situation now. Kind regards Georgi
