Ubuntu group file permissions on creation

Question

I am setting up a Wordpress site on an Ubuntu 14.04 server using Apache. In this build I use Bamboo to deploy to this server. I have a user named bamboo that is added to the group www-data and is not a sudo user. When I create new files as this user the chown on the files are bamboo:bamboo but I need it to be bamboo:www-data. I can not for the life of me remember how I did this in the past.

File structure looks like this:

/var/www/website/release-1

I have run these commands:

usermod -aG www-data bamboo
adduser bamboo www-data
chown -R bamboo:www-data /var/www/website/

I can make this work using chmod g+s -R /var/www/website/ but I do not want to use (setgid). I am fairly certain I have done this before without using setgid. I have tried nearly ever set of permissions I can think of to get this to work, what am I forgetting?

Answer 1

Okay I figured out what was going wrong. Posting this for people in the future, there are two ways to achieve this.

1. This method uses setgid, I do not want to use this method because it adds permissions that are not needed, you can look up when and when not to use this method, but it does work.

   sudo chmod g+s -R /var/www/website/

2. This method sets the default group for a user to www-data. This now makes all files created by that user with permissions bamboo:www-data.

   sudo usermod -g www-data bamboo

But there is a gotcha in the second method. Note that if you run this command and you use a private key to login into your server. It might change the permissions of your /home/bamboo/.ssh folder and key. So check your permissions on these. You want the following permissions.

bamboo:bamboo ~/.ssh
bamboo:bamboo ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys