James D. Parra wrote:
You want the directory to be setgid, so,
chmod 2777 .
This create any file in that directory to be created with the same groups perms. as the directory.
Is that sufficient?
Almost, except if one user creates a file, the second user can't modify it; although the second user can delete the file, which I think is odd.
Example;
-rwxrwsrwx 1 herman users 0 Oct 21 09:58 test-1.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:57 test-2.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:56 test-3.txt -rw-r--r-- 1 postgres users 0 Oct 21 11:43 new-file.txt -rw-r--r-- 1 herman users 0 Oct 21 11:46 herman-file.txt -rwxrwsrwx 1 postgres users 679 Oct 21 10:38 source_system.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:54 test-postgres.txt
#chmod -R 2777 dir-in-question #cd dir-in-question
user 'herman' creates file herman-file.txt user 'postgres' can't modify the file, however user postgres can 'rm' file herman-file.txt.
Any ideas?
Thank you.
~James
The umask controls permissions of newly created files. Yours is probably 0022. Setting it to 0002 will result in the files being created with -rw-rw-r-. All the sgid bit on a directory does is ensure the file has the same owning group as the directory. It doesn't affect the permissions. An alternative would be to use ACLs. # setfacl -m u::rwx,d:u::rwx,g:users:rwx,d:g:users:rwx,m::rwx,d:m:rwx,o::rwx,d:o:rwx dir-in-question will cause all files created in the dir-in-question directory to be readable and writeable by the owner, the group users and unreadable by everyone else.. Jason Joines ================================