A
subtle point often overlooked with standard
Unix file permissions is this:
You Can Revoke Priviliges With Group Permission
The permissions on a file are: user, group, other. But only one of these bits will ever be checked for a particular action. If the user is the owner of the file, the user bit is checked. If the user is a member of the file's group and not the owner of the file, the group bit is checked. If the user is neither owner nor a member of the file's group, only then will the other bit be checked.
Here is a useful example. Imagine a system with a powerful, potentially dangerous program called power. Most users on the system are trusted to run power, but a new user outsider, who is not trusted, must be added to the system. Without changing any of the existing users or their groups, the system administrator can ensure power is safe. The admin adds a new group called untrusted and makes outsider a member of this group. Then the permissions and uid/gid of power are changed to:
-rwx---r-x root untrusted power
(In other words, power has a gid of untrusted and permissions of 0705). When outsider tries to execute power, only the group bit is checked, and it is not set -- so access is denied. The other bit is never checked.
Of course, this still isn't nearly as flexible as access control lists and in practice programs like sudo are better.