Aligning WebDav and Linux permissions
I wanted to set up a directory that I could write to easily over WebDAV running on Apache2. I also wanted to be able to use these same files locally as a standard user.
Any file system access by WebDAV in Apache is done under the credentials of the Apache process (e.g. wwwuser:wwwgroup). This means if you create a WebDAV file, or local file then the other won't be able to use it due to permissions.
This can be worked around by using groups and access control lists.
I created a group called "davusers" that had everybody who needed read/write access to the shared directory, and applied it with a SGID flag:
chmod g+s sharedfolder
By setting "s" on the group for a directory, anything created in this directory will inherit the same group. This means that any new files or folders will automatically be set up with the group as "davusers" for me.
The next hurdle is the default mask for Apache is to allow only the file owner (the Apache process owner) read/write access. Group users will only get read.
To combat this we can use "setfacl" to add an access control list for groups:
setfacl -m d:g::rwx sharedfolder
What this bizarre combination of letters does is set the default, group access to read/write/execute
With these combined I now get files being owned by whoever created them (either apache or a local user), but the group will always be "davusers" and that group will always have the ability to edit the files too.