Re: Development permissions

["Paul M. Foster" <paulf@quillandmouse.com>]

On 9/21/21 11:42 PM, Georgi Naplatanov wrote:
> On 9/22/21 06:09, Paul M. Foster wrote:
> > Folks:
> >
> > This is probably a stupid question for many of you, but I've been
> > struggling with it since I started using Linux in 1996.
> >
> > Say you have a directory in which there are development files. A number
> > of users will be creating, deleting and modifying the files there. This
> > is the type of situation which might have been common on old Unix
> > university systems. (Users might be accessing files via Samba, NFS, or
> > locally.)
> >
> > Just to make this more concrete, assume the development tree is in
> > /var/www/html/website.
> >
> > Without setting directory and file permissions to 777, how do you allow
> > the above? What combinations of groups, directory owners/permissions and
> > file owners/permissions might make this possible?
> Hi Paul,
>
> you can create a user group, add all developers to it and give this
> group permissions to read and write to that particular folder
> (/var/www/html/website).
>
> If you need more granular permissions (e.g. several development teams)
> then you can use ACLs (Access Control List).
>
> Kind regards
> Georgi
This is more or less the solution I tried. However, when a user creates 
a file on this system, the permissions are (for example) paulf:paulf. 
This means that, despite the directory permissions, other users won't be 
able to modify the file normally (assuming a system umask of 022).

However, I did just read an excellent explanation of the setgid bit, 
which apparently, sets the GID of a created file to that of the 
directory, rather than the file's creator. This might work. I haven't 
tested it yet.

I've heard of ACLs, but never had the need to user or learn about this. 
I'm assuming that attending to ACL issues requires additional steps in 
the creation/editing/deletion of files?

Paul