Defining groups

A user's account entry in /etc/passwd solely determines which group the user is part of on logging in, while the groups a user is named in within the /etc/group file solely determine the groups the user may switch to after logging in (see the newgrp utility). As with user names and IDs, the numeric effective group ID of a running program determines its access to resources.

For example, if you have a team of people that require access to /home/projects on the system, but you don't want the other users to have access to it, do the following:

  1. Add a group called projects to the /etc/group file, adding all necessary users to that group (for details, see Creating a new group,” below).
  2. If you want this group to be the default for these users, change their account entries in /etc/passwd to reflect their new default group ID.
  3. Recursively change the group ownership and permissions on /home/projects:
    chgrp -R projects /home/projects
    chmod -R g+rw /home/projects
  4. Remove access for all other users:
    chmod -R o-rwx /home/projects

For more details on permissions, see File ownership and permissions in Working with Files.