I would like to ask what is the difference of user group in different case , In case 1 , when created the user1/2 , I assign it to group 400 ; in case 2 , I manually added user1/2 to the tail of /etc/group file .

is it different user permission if in these two case ? thanks

Case 1
======
user1:x:500:400:web_user:/home/user1:/sbin/nologin

user2:x:501:400:web_user:/home/user2:/sbin/nologin

Case 2
======

nginx:x:400:user1,user2

What distro/version?

This article from the Arch wiki might help: https://wiki.archlinux.org/index.php/users_and_groups

Rh 6.5

If you are using RHEL, you are paying for support. You might direct this question to the RHEL support channels for which you are paying.

I have a few thoughts:

Most distros assign user numbers automatically. Generally, the first user is number 1000 (sometimes it's number 500) and successive users increment upwards to the next higher number. AFAIC, if you start ad libbing user numbers, you are likely to have unexpected consequences.

I don't have any expertise here, but I suspect that your original question could be answered by your inspecting the /etc/passwd and /etc/group files and comparing the group memberships of the users that you added and making sure that no other users (some of which may be, not persons, but processes) have conflicting user numbers.

nginx, user1, user2, all those are nothing more that human readable help for our consumption. The number is what matters to the system.

An user account can have many, and usually have many groups assigned to it. However, only one is the primary and the rest are secondary.
Groups do not have a category of primary or secondary assigned to them. A group in /etc/groups can be primary or secondary to any amount of users account, simultaneously. This can be seen in /etc/groups.
The primary group for an user will appear as the fourth entry in /etc/password.
The command id <username> or groups <username> can show secondary group information.

Using the commands: and is a worthwhile way to add groups and users. Manually adding them is the road to chaos.

It all depends on what you are doing.

Adding users directly to the passwd/shadow/group files is possible and reasonable - specially when you use a pre-existing disk server for users home directories. Adding 500 users at once this way is very fast... MUCH faster than using the "useradd" function.

You just have to pay reasonable attention to the distributions policies. Most of them now use UIDs (and GIDs, though that is a bit less restrictive) for system accounts (accounts for special purposes - databases, jails for named/sendmail, security monitoring tools...). These are usually identified with UID/GID values under 1000. As long those policies are checked you should have no problem.

It is also reasonable consider using LDAP instead... and that has the SAME "chaos" as adding users manually.