On Mon, 16 May 2011, Nicolas Thierry-Mieg wrote: > This would give apache write access to the site contents, which is bad > practice. > > It also won't solve the umask issue. > Since the OP wants all members of webdev1 to have write access to site1, > he needs the setgid bit active on site1/ . And he needs all files in > site1/ to be 664 as he says. > But with a umask 077 for all users, any new file created by a user will > be 600. > I don't know how to solve that cleanly at file creation (but I don't > know ACLs). > You could ask your users to try to remember to chmod any new files; and > have a find command running in cron regularly to do the chmod when they > forget. ACLs sounds like a perfectly reasonable solution to me. Default ACLs set on a directory apply to files/directories created within it, so there shouldn't be a file creation issue. A periodic scan from a cron find isn't a bad idea either, as it provides you a mechanism to reimpose correctness even if people do something wrong. I don't think you're likely to find that happens to much with ACLs and most people don't understand how to use them so won't change them ;) jh