Hi Snake,
You're close. The group permissions are generally permissions applicable to the group that the owner belongs to. If the owner is in group "staff" and sets group permissions to allow read access, then other members of "staff" can read the files.
It's actually a bit more complicated than that, though. Files have an individual owner and a group owner. The group may or may not have any real connection to the individual owner, but that is the most common case. When you do a directory in the "long" form (ls -l) both the owner (user) and the group are displayed. Root can chgrp the files so that some group that the owner doesn't even belong to is the relevant group, but that is unusual.
Secondary groups are often the main way of setting group-type permissions in *ix. Set up a non-user "owner" for a set of files and add the appropriate users to the same group. For example, we have an application "matlab" with a license agreement that specifies that only certain types of users should be able to use it. So we create a dummy user "matlab" to own the files, and a group "mlgroup" (I gave the group a different name from the owner just for illustration. It would work just as well if the group is named "matlab" and that is, as often as not, how actual installations set it up.) and then grant membership in the "mlgroup" to the appropriate users. If the directory "/usr/local/matlab" where matlab resides is set as 770 then the owner and other members of the mlgroup will have full access and others will have no access.
HTH,
Paul
144
