POSIX ACLs will let you set inheritable ACLs. If you set the default acl for a directory, this is inherited down the stack as new files are created.
$ sudo mkdir /tmp/acltest
$ ls -ld /tmp/acltest
drwxr-xr-x 2 root root 4096 2011-01-13 20:39 /tmp/acltest
$ touch /tmp/acltest
touch: setting times of `/tmp/acltest': Permission denied
At this point my user (daniel) can't create files in this directory. I set the default acl for the directory, as well as setting a user acl on the top directory (the default applies to files/directories created in this directory, not to the actual directory itself)
$ sudo setfacl -m d:u:daniel:rwx /tmp/acltest/
$ sudo setfacl -m u:daniel:rwx /tmp/acltest/
And now, I can create a file:
$ touch /tmp/acltest/foo
$ ls -la /tmp/acltest/foo
-rw-r--r-- 1 daniel daniel 0 2011-01-13 20:41 /tmp/acltest/foo
Additionally, I can do anything I like to files that other users create in this directory:
$ sudo mkdir /tmp/acltest/foo2
$ ls -ld /tmp/acltest/foo2
drwxrwxr-x+ 2 root root 4096 2011-01-13 20:49 /tmp/acltest/foo2
$ sudo touch /tmp/acltest/foo2/bar
$ ls -la /tmp/acltest/foo2/bar
-rw-rw-r--+ 1 root root 0 2011-01-13 20:43 /tmp/acltest/foo2/bar
Normal unix permissions won't let me touch this, however ACLs say otherwise:
$ getfacl /tmp/acltest/foo2/bar
# file: tmp/acltest/foo2/bar
# owner: root
# group: root
user::rw-
user:daniel:rwx #effective:rw-
group::r-x #effective:r--
mask::rw-
other::r--
Note that this file is inside a subdirectory of the /tmp/acltest directory, and so normal unix permissions wouldn't let me do anything with this file.
And indeed, the user daniel can do whatever they like to this file:
$ mv /tmp/acltest/foo2/bar /tmp/acltest/foo2/bar2
$ ls -la /tmp/acltest/foo2/
total 8
drwxrwxr-x+ 2 root root 4096 2011-01-13 20:49 .
drwxrwxr-x+ 3 root root 4096 2011-01-13 20:43 ..
-rw-rw-r--+ 1 root root 0 2011-01-13 20:43 bar2
Note that the default acls will only propagate as new files and directories are created. You'll need to do a recursive set operation once to set everything in place, then after that your default acl will take over.
In order to user acls, you'll need to make sure your filesystem is mounted with the acl option in /etc/fstab.
TL;DR POSIX ACLs will allow you to set sticky user/group permissions that propagate down a filesystem tree.
EDIT: Formatting and mount option
Best Answer
You can try to use 'chattr'
Example: