Why Use Groups?

Every user belongs to some primary group, generally a group that has the same name as the user and the user as its only member. This can be changed as you see fit; for instance, you might decide to have all users belong to the "users" group as their primary group. However, having a different group for every user gives you more flexibility. It's also a more secure model. More information on unique "personal" groups and why they're useful can be found in man adduser.

Each user can also belong to any other groups in the system, such as other users' "personal" groups, the wheel group, or any other group you create (by adding the user to the /etc/group file, as you'll see later). However, the super-user is the only one who can control who belongs to what groups.

We have discussed the purpose of the wheel group: to indicate a special clique of users who have the privileges to use su to gain root access. Other applications for groups are geared toward granting special privileges to certain users. In the most general case, a group exists to give one user the same permissions on a set of files or processes as another userfor example, to enable different engineers working on a software project to modify the source code files in a single central location, as illustrated in Figure 13.2. It wouldn't be very desirable if the two users had to share an account or tell each other their passwords; groups enable the two users to "own" the same group of files, with both users having the same permissions to operate on these files.