Forget about HAL and DBUS.
System objects such as files, directories, and devices, are owned by a user account and a user group. User groups are used by the operating system to identify which system objects, such as files and devices, a given user account is or is not allowed to access. You can set access permissions on any given system object to specify what kind of access is allowed for the user account that owns the object and for the user group that owns the object, and for all other user accounts that don't belong to either the user account or user group that owns the object. Therefore, user groups are part of the authentication part of Linux. When used correctly the user groups can help refine which users and groups of users are allowed access to particular system objects.
Example one. Look at the properties of the system device /dev/cdrom.
Code:
ls -l /dev/cdrom
lrwxrwxrwx 1 root root 3 Jul 23 18:58 /dev/cdrom -> hdc
You can see that on my system this is a link to /dev/hdc so look at the properties of the device to which the link points.
Code:
ls -l /dev/hdc
brw-rw---- 1 root cdwriter 22, 0 Jul 23 18:58 /dev/hdc
Here we can see that the device is owned by the user root and by the user group named cdwriter. Notice that the permissions for the group are read and write. This means that any user account that belongs to the cdwriter user group is allowed to read and write to this device. Any account that is not root and is not a member of the cdwriter user group is denied access to this device. This allows you to control who can access this device.
Example two. Look at the permissions on a file in a normal user HOME directory.
Code:
ls -l
-rw------- 1 mary users 15714 Aug 29 2006 test-file.txt
Here we see a file name test-file.txt with its permission properties listed. The permission for the account that owns the file are read and write. The permission for the user group that owns the file and for all other accounts is no permission. This means that the user account that owns the file can read and write the file. The user group that owns the file is called users. The members of the user group named users has no permission to access the file. The users that aren't user account mary and aren't part of the user group named users also have no permission to access the file.
So we can see that although the file is owned by the user group called users the members of this group still have no permission to do anything with the file.
You can create your own user groups, make whatever user accounts that you want to be members of this group, make any system objects owned by this group, and then set the access permissions for this user group to access the system object. Most of the time the system object will be a file or directory or groups of files and directories.
Example three. Make a work area for people in the Accounting Department.
First make a user group for the members of the Accounting Department. Log on as root to perform all of the commands in this example.
Now add the accntg group to the already existing user accounts for the members of the Accounting Department. Let's say that we already know that these user accounts are mary and jim and that these user accounts are only members of the user group named users. It just makes this example simpler and clearer. We will add the accntg group to the user accounts mary and jim as secondary groups. This will mean that the default group for these accounts is still users but they will also be able to do anything that members of the accntg group can do.
Code:
usermod -G accntg mary
usermod -G accntg jim
Now let's create a directory for them to use to share their work.
Now let's make this new directory owned by the user group named accntg.
Code:
chown root:accntg /home/accntg
You could have used the chgrp command but I like to use chown because you enter both the user account that owns the object and the user group that owns the object. It just reduces the possibility of errors with the ownership.
Now let's set the permission on the /home/accntg directory to be sure that members of the accntg group can read, write, and execute the /home/accntg directory. This is necessary for the users to be able to write and delete files, and to list the files in the directory. Let's also add the sgid bit on the directory. That will mean that all of the files created in the /home/accntg directory will be owned by the accntg user group.
Code:
chmod 2770 /home/accntg
Now list the properties of the accntg directory.
Code:
ls -ld /home/accntg
drwxrws--- 2 root accntg 1024 Jul 27 09:55 /home/accntg
You see the letter "s" in the permission string? That means that the set gid bit is set in the directory permissions. This will cause all of the files that are created in this directory to be owned by the same group that owns the directory. In this case it is the accntg group. Enter the following commands to prove that this is true.
Code:
touch /home/accntg/delete-me.txt
ls -l /home/accntg
total 0
-rw-r----- 1 root accntg 0 Jul 27 09:58 delete-me.txt
Here you can see that the file named /home/accntg/delete-me.txt is owned by the accntg group.
I hope this helps explain how the user groups can be used.