I wanted to set the file permissions properly on our shared music folder (accessed by Samba/scp/directly on the computer by different users). Basically, I want anyone in the ‘data’ group able to read and write everything.
First, I created the data group.
sudo groupadd data
Then I edited /etc/group and made all the relevant users members of that group
data:x:1002:user1,user2
Then I set the ownership and permissions on the directory using the following script. One note is that the last line sets the 'setgid' permission on the directories (chmod g+s ...) which makes the permissions 'sticky'.
#!/bin/bash
DIR=/data/music
echo "Changing Group ownership to 'data'"
chgrp -R data $DIR
echo "Changing permissions of files to ug=rw,a=r"
chmod -R 664 $DIR
echo "Changing permissions of directories to a+rx, g+rwx, g+s"
find $DIR -type d -exec chmod a+rx,g+rwx,g+s '{}' \;
Now set the umask so that the group gets write permission by default. In /etc/profile:
umask 002
Finally, set the same permissions in Samba too. In /etc/samba/smb.conf:
[data] path = /data available = yes browsable = yes public = yes writable = yes create mask = 664 directory mask = 775
Now files and directories are created group-writable.
drwxrwsr-x 2 user1 data 4096 2008-02-15 11:29 temp -rw-rw-r-- 1 user1 data 0 2008-02-15 11:29 test
Update:
When you copy files via scp, the umask is not set properly because the bash doesn't read startup files in this situation.
In order to get scp to set the umask properly, you need to add umask 002 to /etc/default/ssh (in Debian/Ubuntu, on Redhat-derived systems try /etc/sysconfig/sshd).
This will set the 002 umask for all users. If you want something more fine-grained you'll need a more complex solution.