How can I make a directory recursively read/writable to a group of users?
PROBLEM:
This is a directory used by apache so access rights should be fairly strict. The only way I could make it adequately work, was to mount the directory as an nfs share which forces the uid and gid to be set to a specific group and uid. But this seems like a hack, and allows anybody to modify the contents, although apache then has fairly strict access rights on the "real" directory.
WHAT I HAVE TRIED:
I have tried the setgid bit, which fails when copying directories via scp. Even after trying to set umask in 6 different places. And I've installed and mounted the partitions to use acl, which had the same problem with the group rights when copying with scp/sftp.
This is really frustrating as it seems like such a simple and profound problem for which I haven't found a satisfactory solution. Hope i'm missing something obvious here. Using mainly Debian squeeze.
Solution with chmod g+s and forcing umasks works quite well. Did you force sftp subsystem umask in sshd_config file?
If you need some flexibility for sftp you may want to try mysecureshell. It has permission options such as:
DirFakeUser #Hide real file/directory owner (just change displayed permissions)
DirFakeGroup #Hide real file/directory group (just change displayed permissions)
DirFakeMode #Hide real file/directory rights (just change displayed permissions)
ForceGroup