I'm not sure, what's problem here -- you can create common directory like /home/common, make it accessible to every trusted user and store mod cache there. Or, probably, i misunderstood your problem?

Sorry i should give an example:

# ls -ld /ocean/gomodcache
drwxrwxr-x 4 root www-user 4096 août  19 16:57 /ocean/gomodcache

wilk@thinkpad:/tmp/t$ go env |grep GOMODCACHE
GOMODCACHE="/ocean/gomodcache"

wilk@thinkpad:/tmp/t$ go get github.com/gorilla/mux
go: downloading github.com/gorilla/mux v1.7.4

ania@thinkpad:/tmp/t$ go get github.com/gorilla/mux
go get: open /ocean/gomodcache/github.com/gorilla/mux@v1.7.4: permission denied

ania@thinkpad:/tmp/t$ go get github.com/pkg/errors
go: writing stat cache: mkdir /ocean/gomodcache/cache/download/github.com/pkg: permission denied
go: downloading github.com/pkg/errors v0.9.1
go get github.com/pkg/errors: mkdir /ocean/gomodcache/cache/download/github.com/pkg: permission denied

thinkpad:/ocean# ls -ld gomodcache/*
drwxr-xr-x 3 wilk wilk 4096 août  19 17:00 gomodcache/cache
drwxr-xr-x 3 wilk wilk 4096 août  19 17:00 gomodcache/github.com

The directories are created without writing permission to group and others and the owner is the first user who go get something.

You need to set setgid bit for this directory, like chmod g+s /ocean/gomodcache. In that case, all new files and subdirectories will inherit group from parent directory

Yes for the group, but there is still no write permission on the group.
I tried also with -modcacherw but it's only for files and owner.

Try to set acl for this directory and add group to it: setfacl -Rdm g:www-user:rwx /ocean/gomodcache. Did it helped?

No, i believe go get explicitly set group without write.

That's strange, that works for me.

Here's how i tried to reproduce your problem, feel free to update my steps if i do something wrong:

Create group:

groupadd test

Create user and add him to group:

useradd testuser
usermod -a -G test testuser

Create common directory and assign needed permissions:

mkdir /home/common
chmod g+rwx /home/common
chmod g+s /home/common
setfacl -Rdm g:test:rwx /home/common/

Login as new user and download module:

su testuser
export GOMODCACHE="/home/common/"
cd some_module
go get github.com/grigoriymikhalkin/sqlboiler-paginate/v4

And that works just fine.

The first user who go get works, it's the next user which cannot. Can you come back to the first user and go get something ?

Ah, i see. Indeed, i get this error from first user.

I'm not sure if this is meant to be supported and whether it's already possible (if done in a certain way).

/cc @jayconrod @matloob @bcmills @mvdan

What is your umask setting? What are the permissions on the directories where the permission denied errors are happening?

The go command creates most cache directories with mode 0777, but people usually have a umask of 0022, so that becomes 0755.

Also /cc @katiehockman FYI since this topic may be relevant to fuzzing work.

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)