TL;DR: Do `chmod g+s directory` __every__ time you create a new directory.
In days of yore, we simply adjusted a user's default group to match their research group affiliation. The concept of research groups is still extremely valuable, so AD groups like `clas_spacephysics_halekas` or `clas_spacephysics_rpwg` are the best way to segregate access to many different file resources. However, the university Active Directory specifies the default group for each account to correspond to the department that employs them. For example, everyone in the Department of Physics and Astronomy has a default group `clas-physics-and-astronomy-d1280` which will appear as the group ownership of new files created unless they are created in a directory owned by the research group and with the group "sticky bit" set on the directory. So, unless the directory where the file is being created has `chmod g+s` applied, then the group ownership will be the unfortunate department-wide value. Worse yet, external collaborators share an even-more-expansive group, depending on how their HawkID was established.
In days of yore, we simply adjusted a user's default group to match their research group affiliation. The concept of research groups is still extremely valuable, so AD groups like `clas_spacephysics_halekas` or `clas_spacephysics_rpwg` are the best way to segregate access to many different file resources. However, the university Active Directory specifies the default group for each account to correspond to the department that employs them. For example, everyone in the Department of Physics and Astronomy has a default group `clas-physics-and-astronomy-d1280` which will appear as the group ownership of new files created unless they are created in a directory owned by the research group and with the group "sticky bit" set on the directory. So, unless the directory where the file is being created has `chmod g+s` applied, then the group ownership will be the unfortunate department-wide value. Worse yet, external collaborators share an even-more-expansive group, depending on how their HawkID was established.
At this point, it is likely that the only solution will be continual repair of group ownership. Consider the following example:
At this point, it is likely that the only solution will be continual repair of group ownership. Consider the following example:
