I have some users in a group called aa and I need to give them the rights to write to a folder which is currently tomcat:tomcatdeploy.
The straightforward way to do this is to add all the users to the tomcatdeploy group, one-by-one.
Is it possible to say that members of group aa are also automatically members of tomcatdeploy by somehow adding the aa group to the tomcatdeploy group?
Or is that trying to push the UNIX permissions scheme too far?
You didn't mention what platform you are on, but a Linux system from within the last 5 years (or more, probably) supports ACLs, in addition to the traditional Unix file system permissions. By using ACLs, you can add the 2nd group to the directory with write access:
$ setfacl -m group:2ndtomcatdeploy:rwx target_directory
You can use getfacl to display the ACLs and ls -l will show a '+' at the end of the usual symbolic mode string.
You could use the lid command to get a list of users in aa, and the loop over that list to add them to tomcatdeploy:
for u in $(lid -g -n aa); do usermod -a -G tomcatdeploy $u; done
