A second level of security, that allows more than one user account to access a file, is the group permission. As previously pointed out, each user account is assigned their own group, but that is not the only use for group permissions.
If there is a group of user accounts, all of which are working on the same document project, it is possible to create a group, such as doc, and assign each user in the project to that group. This new group is added to the /etc/group file by the adduser program. To add the group doc the command would look like:
adduser --group doc
While it is also possible to declare a specific ID for this group, it is not generally recommended. adduser will assign the next available ID to the group, and in most cases, this is just what is needed. There are a number of default groups already provided in /etc/group for those programs that are expecting particular gid (groud ID) numeric values, so there should never be the need for a specific gid to be assigned to any particular group.
Once the group has been created, adduser is again used to assign each user in the documentation project to this new group. To add the fred account to this new group, root would execute the following command:
adduser fred doc
Now any documents that Fred creates may be assigned to the group doc and have its group permission bits set so that others in the documentation group can work on that file as well. To do this for the file private.txt Fred would first issue the command:
chown fred:doc private.txt and then set the permission bits with the command:
chmod g=rwx private.txt
Now any member of the group doc can work on this file as well, but all others are still restricted from even looking at the file. Thus the permissions bits, when combined with file ownership and group information, can provide a great deal of flexibility while still maintaining a level of security at the same time.