Hiya, not sure if this is a newbie question or not, but feels like it .

Anyway, just wondering is it possible to have a different set of group permissions somehow, just trying to add an extra layer of protection....

I.e

group 1 (or user) can only read users files given to more people...
group 2 (or user) can read and write to users files given to very few people to help them out if they have problems..

i know you can chmod g+r etc, but that would only work for the one set?

Not sure if that makes sense, just trying to think of best way to arrange things so a new admin doesn't have access to every users files for writing and able to destroy stuff accidentally, but do want a few to be able to but would prefer they didn't have root password. (in the situation of alot of users). Bit like the idea of user/admin/superadmin/root.

To be honest, I'm not entirely clear what you're asking for... a bit more detail/example would be good.
However, I think it would be useful to you to look into the fact that a user can be in more than 1 group at a time.
See man group.

Hiya, thanks for the reply, yes we already have users in more than one group as the current set up, but at the moment admins can both read and write to all users, this I would like to cut back so that only certain admins have write access to all standard users, and others read only.

At the moment we have admin (not actually called user admin as too obvious) part of a group who has write access to customer1+customer2 for example as their group.

Would like to change this...i.e
customer1, customer2 (plus admins) have standard accounts can read/write their own files.
Admin1 has read only access to customer1+2.
Admin2 has read+write access to customer1+2.

What I would like is a user (i.e an accepted admin) to be able to read the users configuration files and look for problems etc. Could possible add a 2nd admin as "other" and not group and enable read access for that, but don't really like that idea...

Then on top of that a more qualified admin who has access to read+write other standard users files in case they have messed up.

Don't really want to use root apart from the usual obvious exceptional circumstances.

Not sure if thats any clearer, thanks for the reply though. I might be missing the obvious though (hence in this section as I'm not sure if its something that can't be done, or something simply is obvious and not thinking of!