The purpose of groups is to allow users to access files and utilities that they would not otherwise have access to; "users" in this context means everybody but root.
There is a basic rule of multiuser, multitasking operating systems (Windows is not one of those): Thou Shalt Not Work as Root (because you can do a lot of unintended damage really, really quickly). Essentially, you only want to be logged in as root (or use
su or
sudo) as rarely as possible. But, as a user, you do need to be able to, you know, do stuff so a way needs to exist that lets you. That's what groups are for.
The pretty much standard default mask for creating files and directories, where owner, group and public access permissions are set, is 0022 (this is an octal value that is used by the system when you create a file or directory). See the manual page for the
umask utility for more. With that
umask value, every time you create a file it will have a mask that looks like this:
Code:
ls -l item.txt
-rw-r--r-- 1 trona users 4672 Jan 6 11:36 item.txt
That's three sets of permissions: owner (you), group (others know to you) and public (anybody else). In this case, I have read-write, users can read and public can read.
That's files. Directories get created with
Code:
ls -l
drwxr-xr-x 4 trona users 4096 Dec 31 11:45 tools/
It's a directory, I have read, write and execute, the group as read and execute and public has execute (which implies read).
That's the default (and it's a good default). If you wanted other users to have write permissions to files you've created you can add that with
and, to allow write access in a directory
Now, you'd do this kind of thing if you're working on a project with other users. You'd create a directory somewhere (not in anybody's home directory, perhaps in
/usr/local), make it writable (
chmod 775 dirname) and then have users add group write permissions to any files they create in that directory (
chmod 664 filename). Actually this is a little convoluted and there are other ways to accomplish it but we're looking at basics here.
Back to your original question, here's a good set of groups for an ordinary user to belong to:
Code:
groups
users lp floppy dialout audio video cdrom plugdev power usbfs netdev scanner
Contrast this to the groups root belongs to:
Code:
su -
groups
root bin daemon sys adm disk wheel floppy audio video cdrom tape plugdev power usbfs netdev scanner
(and, no, you do not want to add uses to those).
Having a user belong to the groups listed above lets a user do things that otherwise would require root permissions; e.g.,
plugdev lets you plug in a memory stick and read and write it,
lp and
scanner lets you use a scanner.
The permission masks and groups are there so users can do what they need to without the need (or the ability) to do things they shouldn't be doing -- keep in mind that the system is designed to support hundreds of users (even though it's just "you" on your own system) and those "checks and balances" are there to make that feasible. There is a discussion at
http://en.wikipedia.org/wiki/Group_identifier that you may find useful.
Hope this helps some.