Edo ml2edwin@gmail.com wrote:
If user1 writes a file in folder1 will user2 be made the default group owner, is there a way of enforcing this and with the required privileges (r for files, rx for directories?).
Yes. If user1 belongs to the user2 group, that’s how it should [already] work. <<
The problem here is the RH "User Private Group" scheme, which means that user1 is only a member of the group user1 and user2 is only a member of the group user2. So their group memberships, by default, don't intersect and user2's only access to user1's files is by virtue of the "other/world" permissions, which depend upon the umask (but don't give access, by default).
I've written this up (again, for a course I wrote some years ago, but it's still mostly relevant) at http://www.lesbell.com.au/Home.nsf/web/Controlling+Access+to+Files?OpenDocum... - see the section near the bottom entitled " Red Hat's User Private Group Philosophy" which explains how it should be used (the secret is to make the user administrator of their own group with gpasswd -A). The RH approach, imho, is better than a global group, "users", as found on other distros, because there's no real difference between "users" and "world".
One easy way to allow shared access - and this will work over Samba - is to create a group for the users, e.g. "accounts" and make the various users members of that group (as a secondary group). Then create a shared directory for them, chown it to be owned by the group (e.g. chown me:accounts /home/accounts) and then set the SGID bit on the directory (chmod 2777 /home/accounts). Now, whenever anybody creates a file in that directory, it will be owned by that user and the shared group "accounts", rather than the primary group of the creator. See the section in that article on "Permissions on directories".
I actually haven't tested that approach with SELinux, but I can't see that it would interfere.
Best,
--- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144