Linux shared writable directory recursively

Question

How can I make a directory recursively read/writable to a group of users?

PROBLEM:

This is a directory used by apache so access rights should be fairly strict. The only way I could make it adequately work, was to mount the directory as an nfs share which forces the uid and gid to be set to a specific group and uid. But this seems like a hack, and allows anybody to modify the contents, although apache then has fairly strict access rights on the "real" directory.

WHAT I HAVE TRIED:

I have tried the setgid bit, which fails when copying directories via scp. Even after trying to set umask in 6 different places. And I've installed and mounted the partitions to use acl, which had the same problem with the group rights when copying with scp/sftp.

This is really frustrating as it seems like such a simple and profound problem for which I haven't found a satisfactory solution. Hope i'm missing something obvious here. Using mainly Debian squeeze.

kupson · Answer 1 · 2012-02-28T14:21:50.460

1

Solution with chmod g+s and forcing umasks works quite well. Did you force sftp subsystem umask in sshd_config file?

Subsystem sftp internal-sftp -u 0002

edited Feb 28 '12 at 14:21

answered Feb 28 '12 at 13:10

kupson

3,778

score 0 · Answer 2 · answered Feb 28 '12 at 15:56

If you need some flexibility for sftp you may want to try mysecureshell. It has permission options such as:

DirFakeUser #Hide real file/directory owner (just change displayed permissions)

DirFakeGroup #Hide real file/directory group (just change displayed permissions)

DirFakeMode #Hide real file/directory rights (just change displayed permissions)

ForceGroup

Linux shared writable directory recursively

2 Answers2