It sounds like you’re describing the setgid bit functionality where when a directory that has it set, will force any new files created within it to have their group set to the same group that’s set on the parent directory.
$ whoami saml $ groups saml wheel wireshark
setup a directory with perms + ownerships
$ sudo mkdir --mode=u+rwx,g+rs,g-w,o-rwx somedir $ sudo chown saml.apache somedir $ ll -d somedir/ drwxr-s---. 2 saml apache 4096 Feb 17 20:10 somedir/
touch a file as saml in this dir
$ whoami saml $ touch somedir/afile $ ll somedir/afile -rw-rw-r--. 1 saml apache 0 Feb 17 20:11 somedir/afile
This will give you approximately what it sounds like you want. If you truly want exactly what you’ve described though, I think you’ll need to resort to Access Control Lists functionality to get that (ACLs).
If you want to get a bit more control over the permissions on the files that get created under the directory,
somedir, you can add the following ACL rule to set the default permissions like so.
$ ll -d somedir drwxr-s---. 2 saml apache 4096 Feb 17 20:46 somedir
$ sudo setfacl -Rdm g:apache:rx somedir $ ll -d somedir/ drwxr-s---+ 2 saml apache 4096 Feb 17 20:46 somedir/
+ at the end, that means this directory has ACLs applied to it.
$ getfacl somedir # file: somedir # owner: saml # group: apache # flags: -s- user::rwx group::r-x other::--- default:user::rwx default:group::r-x default:group:apache:r-x default:mask::r-x default:other::---
$ touch somedir/afile $ ll somedir/afile -rw-r-----+ 1 saml apache 0 Feb 17 21:27 somedir/afile $ $ getfacl somedir/afile # file: somedir/afile # owner: saml # group: apache user::rw- group::r-x #effective:r-- group:apache:r-x #effective:r-- mask::r-- other::---
Notice with the default permissions (
setfacl -Rdm) set so that the permissions are (
r-x) by default (
g:apache:rx). This forces any new files to only have their
r bit enabled.
TL:DR; to make new files inherit the group of the container folder do:
$ chmod g+s somefolder
Note: its implied in the accepted answer, this is just a snippet.
As a complement to slm’s answer, note that, on an ext2/3/4 filesystem, you can replicate the BSD behavior you describe by using the
bsdgroups mount option on the partition. From the
mount(1) man page :
grpid|bsdgroups and nogrpid|sysvgroups These options define what group id a newly created file gets. When grpid is set, it takes the group id of the directory in which it is created; otherwise (the default) it takes the fsgid of the current process, unless the directory has the setgid bit set, in which case it takes the gid from the parent directory, and also gets the setgid bit set if it is a directory itself.