I have a Linux (Red Hat Enterprise) webserver that hosts a collection of websites. This system uses kerberos authentication to allow me to create local accounts for Active Directory users, and then authenticate those accounts off the kerberos server. None of the login accounts have home directories, but each of the websites have their own local user (/home/site) directory and group (I created the "site" user, but never ran "passwd" to assign a password - you cannot login using the "site" accounts). There are multiple site administrators for a few of the sites, and they are each members of the site's group.
The problem that I'm running into is that even though Billy uploads a file to /home/site/www, and the ownership is "billy:site", the permissions default to 644, making Billy the only user able to edit that file, instead of granting access to all users in the "site" group (664). Is it possible to specify a default file permission mask for files uploaded via SFTP so that each of the users (who aren't in any way linux-ly gifted) don't have to specifically assign group rights through the SFTP client for the files they upload?
I'd prefer to do this without individual user home directories if at all possible - for housekeeping's sake - less clutter (users don't need their own home directories).
Your help is appreciated.