User1 and User2 have belong to the oinstall group, as well to the dba group.
This is equivalent to them being in any other group -- they have whatever access that has been configured for them.
For example, if a directory has 0775 access (rwxrwxr-x), if it were owned by a group that a user belonged to, they would have full read-write-execute access, where as others would only have read and execute permissions. If a file had 0660 access (rw-rw----), and they similarly belonged to the owning group, they would be able to read and write to the file, unlike anyone who was neither owner nor belonged to the group in question.
The real question is, how did these groups get on your system; were they created by the Oracle installer?