The classes of users are the file owner, members of the 'group' of users the file belongs to, and everyone else.

The basic permissions are permission to read the file, permission to write/modify it, and permission to run it as a program.

Each user is a member of at least one group, and may be a member of any number of them. If a user is a member of multiple groups, there will be one to which their files (typically) belong at creation, but the user can change the group ownership of any file they own to be any group of which they are a member. On many systems, each user has a corresponding group, of which they are the only member, and this group is the default group for new files.

Thus, for two different users to be able to manipulate the same file you must:

• have a group to which both users belong
  
• make sure that the file in question belongs to that group
  
• make sure that the group is allowed to both read and write the file.
  

The first is a matter of a few addgroup commands. The second can be accomplished either by explicitly changing the group ownership of the file with chown or chgrp after creation (or equivalent syscalls in your program), or by setting the 'set GID bit' on a directory, so that operations inside it will happen with an effective group ID of that directory's owner. The third can again be accomplished either by setting the permissions explicitly after the file has been created or by setting the "file creation mask", often referred to as the umask, such that the default permissions when a file is created are to allow read and write access by members of the group.

My wife and I have a directory of files to which we both have access, on our Samba file and print server. We have separate login names, and the computer uses a suer-private-group scheme, so we also have different default groups for the files we create. Normally, if I create a file is owned by user 'him' and group 'him', whereas if my wife creates one it is owned by user 'her' and group 'her'. We don't do world-writable files, 'cause that's just a bad idea. So, for files we want to share we have a third group, 'household' to which we both belong.

We also have a directory, creatively named 'houehold' as well, which is owned by group household, openable only by members of the 'household' group, and is set-GID household. If either of us creates a file in that directory, it is create already owned by the 'household' group. It happens that I also own the directory, because I created it and haven't bothered to change that, but it doesn't matter.

$ ls -ld household/
drwxrws--- 2 his household 4096 2003-06-18 14:10 household/

Unfortunately, I use a umask of 0077, which means that even when I create a file on the 'household' directory, my wife can't read or write it, because group members have no permissions at all on the file. As a result, if I create a file in 'household' I have to then run 'chmod g+rw <filename>' (or equivalent) to let her read and change it. She uses a umask of 0027, so when she creates a file in that directory, I can read it but I can't change it unless she (or the administrator (wait, that's me)) grants write permission for that file to members of the owning group.

That problem could be fixed in a number of ways. My wife and I could both use more permissive file masks. For example, 0017 would work to let us both read and write any file the other created that was owned by user 'household'. I could make the directory set-GID, so that our operations in it would take place as the same user. Or, and most likely, I could decide to activate ACLs and set a default file permission for the directory to override the umask. That last may not be an option on your server.