Arrggg, keep forgetting to set gid

If you keep a web development server you may often find yourself installing and moving stuff around as superuser. This results in a lot of directories and areas that are root:root (owned by root, in root group). This can be a problem for web applications, that need their web accessible files and below to be read by the webserver user.

So first you will do something like

chown -R root:www-data yourstartdir

for these webaccessible directories specifically. Replace www-data with the user that your webserver runs as (www-data is the default user for apache2 on debian or ubuntu linux.) Read your security notes for the application first to make sure the application doesn't need a special user scheme to enforce security on their application. Pay attention also to which directories are web accessible (below the web document root). I'll assume you do your homework.

OK, so what was the point of this post? OH YES! You may want to help yourself out by specifying that all directories and files created in your web accessible area in the future should belong to the same group as their parent, preserving apache's ability to process them. This trick of making the filesystem remember to assign the same group is called setting the GID bit.

You do this by running

chmod g+s yourdir

But what if you have a directory structure already built before you remember to set the gid bit?

What you want to do on a classic unix is to use find to retrieve directories (not files) below your start directory, and then setting the perms on them to something reasonable plus the gid bit.

find yourstartdir -type d -exec chmod g+s {} \;