Applying default permissions for newly created files within a specific folder

I’ve had to give access to multiple accounts to a single folder as a development environment in which it can be tracked who did what. I am writing this down for future reference.

Here was my goal:

Two different accounts, belonging to the same group need to be able to edit each others’ files.
We need to make all files/folders in a location belong to a certain group and then all new files and folders created in that location should also have the same ownership. They should also be group writable. Here is the desired result for newly created files:

-rw-rw-r-- 1 student1 school 0 2007-12-06 22:46 newfile

For this guide our users will be “student1” and “student2” which are both added to the group “school”
Our folder will be at /home/user1/project, so let’s assume user1 is the current owner of the folder and all files and folders in it have the following ownership: user1:user1

The first thing we need to do is change the group ownership of all of the files and folders:

chown -R :school /home/user1/project

After that we need to enable read/write for the user and group for all files and folders. Since we need 775 for folders and 664 for files, we do the following:

find /home/user/project -type d -exec chmod 775 {} \;
find /home/user/project -type f -exec chmod 664 {} \;

Now we need to use GID to set the ownership for all files and folders that will be created in the future (for any subfolder – that’s why it is recursive):

find /home/user/project -type d -exec chmod g+s {} \;

In order to set the access rights for new files and folders we will use ACL. If you don’t have it installed, you can do so by executing (for debian):

apt-get install acl

After installing it, we can set read/write permissions recursively, by defining the modes for owner and group:

setfacl -R -d -m g::rwx -m o::rx /home/user/project

It is important to note that the user’s umask plays a role when creating new files and folders. I.E. the root user in your system will most likely create files with the ownership of root:root and they will not give in to the desired permissions.
For regular users, however this should not be a problem if you have not tinkered with their umask.

That’s it. Result:
Newly created files/folders by user2 will have this ownership: user2:school
Files and folders will be writable by all users in the group, but will keep their original owner.