Michael is right: setting the "g+s" access right to a parent dir means that
all filenames or direcories added in that parent directory will inherit the
group-ownership from the parent dir, instead of acquiring the
group-ownership of the user that creates that file or directory.
You may as well use "u+s" (combinable in chown with "gu+s") if you want also
to inherit of the uid of the parent directory (avoiding other headaches if
one file initially created by one user in one group is then read by other
users in that group, but the user is later changed to another group).
The best solution is then to create a user with the name of the group that
must haves write-privileges to a module, and then set the module directory
with the uid/gid of that user. Then you can map all normal Unix users to one
or more groups, and all files that this user will create will inherit from
the uid/gid of the parent folder.

Example:

- with the "cvs" user, uid=101, gid=101, you give ownership of the cvs
modules to:

$ mkdir cvs
$ chown -R cvs cvs
$ chgrp -R cvs cvs

$ find cvs -type d -exec chmod 775 {} \; -exec chmod gu+s {} \;
-o -type f -exec chmod 554 {} \;

- then with the "cvs-lib" user, uid=102, gif=102, you do:

$ cd cvs
$ mkdir lib
$ chown -R cvs-lib lib
$ chgrp -R cvs-lib lib

$ find lib -type d -exec chmod 775 {} \; -exec chmod gu+s {} \;
-o -type f -exec chmod 554 {} \;

Note: the -o parameter is to allow distinction between file types and
directory types, because only directories should be given the
execute(=traversal) access right to users/groups/others.

This done, all files or directories newly created in a module will remain
with the ownership and accessrights of the module owner/group: a user can
still only write if it is itself the file or directory owner or a member of
the group that owns the module. All creations are immediately given to the
module owner and group; files can still be written by that user despite it
is no longer the owner itself and despite it is the user that created that
file.

If you prefer that files' user-ownership remain that user, you can just keep
the "group inherit" attribute (g+s) on directories. You may also want that
the file may not be deletable by all members of the modules' group, but only
by that user by adding the "u+t" attribute, i.e. the user-sticky bit, (this
is what is normally configured in /tmp, so that anyone can write in that
directory, but only the owner of the file can unlink it from the /tmp
directory, and nobody else can overwrite the temporary files created by that
user, unless that user gives the permission in his file)

----- Original Message -----
From: "Sam Berlin" <***@limepeer.com>
To: <***@gui.limewire.org>
Sent: Saturday, November 27, 2004 7:39 AM
Subject: RE: [gui-dev] CVS lockup in the gui module for its themes
folder-badaccess rights

Yes, that scheme still works. You are perfectly setup for it--you did
the right thing by partitioning things with groups, now you just need to
add the guid bit.

Phillipe provided the 1 line find command which can be used:

chgrp -R cvs-lib lib
find lib -t d -exec chgrp 2775 cvs-lib {} \;

will make all of cvs-lib owned by the cvs-lib group and put the guid bit
on all the directories.

Michael