Setting multiple groups as directory owners
You can only have one group as owner.
However using access control lists you can define permissions for other groups.
Check if you have ACL installed issuing the command getfacl.
If your system hasn't ACL installed, install the command line tools which are in the acl package with: sudo apt-get install acl
With getfacl you can read the ACL information of a directory or other file, and with setfacl you can add groups to a file.
For example:
setfacl -m g:devFirmB:rwx /srv/svn/
Adds the group devFirmB with read, write, execute permissions to directory /srv/svn.
If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means “allow execution if executable by the owner (or anyone else)”.
setfacl -m g:devFirmB:rwx /srv/svn/
setfacl -d -m g:devFirmB:rwX /srv/svn/
This is an extremely common problem, if I understand it accurately, and I encounter it constantly. If I used ACLs for every trivial grouping problem, I would have tons of unmanageable systems. They are using the best practice when you cannot do it any other way, not for this situation. This is the method I very strongly recommend.
First you need to set your umask to 002, this is so a group can share with itself. I usually create a file like /etc/profile.d/firm.sh, and then add a test command with the umask.
[ $UID -gt 10000 ] && umask 002
Next you need to set the directories to their respective groups,
chgrp -R FirmA /srv/svn/FirmA
chgrp -R FirmB /srv/svn/FirmB
chgrp -R FirmC /srv/svn/FirmC
Finally you need to set the SGID bit properly, so the group will always stay to the one you set. This will prevent a written file from being set to the writer's GID.
find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmB -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmC -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmB -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmC -type f -print0 | xargs -0 chmod 664
Now finally if you want to prevent the directories from being accessed by other users.
chmod 2770 /srv/svn/FirmA
chmod 2770 /srv/svn/FirmB
chmod 2770 /srv/svn/FirmC
It is not possible to have a file owned by multiple Linux groups with traditional Unix permissions. (However, it is possible with ACL.)
But you might use the following workaround and create a new group (e.g. called devFirms) which will include all users of the groups devFirmA, devFirmB and devFirmC.
You create new user groups with:
sudo addgroup NEWGROUPNAME
First, you might have to install id-utils to get the lid-command:
sudo apt-get install id-utils
Then you can run the following line of code to easily copy all users of SOURCEGROUP to TARGETGROUP. Of course you have to run the command once for each group you want to copy. Don't forget to replace the capitalized place-holders with the actual group names.
for u in $(lid -g -n SOURCEGROUP); do sudo usermod -a -G TARGETGROUP $u; done
So in your case you would have to run the command (all lines at once):
sudo addgroup devFirms &&
for u in $(lid -g -n devFirmA); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmB); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmC); do sudo usermod -a -G devFirms $u; done
Note that these commands only copy all users who are current members of the source groups. Every user who gets added later will also have to be manually added to your common group with the adduser command. Just replace once again the capitalized place-holders with the actual user and group name (devFirms):
sudo adduser NEWUSER TARGETGROUP
Thanks to Justin Ethier for his answer at Unix&Linux.SE: Add all users of one group to another group?