What do the groups do in "Users and Groups"?

Some groups allow access to files or directories, for example: the www-data allow the access to web files or the adm group to read files in /var/log. This is the trivial use.

But some groups allow access to certain devices. For example the dialout group allows access to the serial ports via files in /dev:

$ find /dev -group dialout -exec ls -ld {} \;
crw-rw---- 1 root dialout 4, 64 Jan 19 12:51 /dev/ttyS0
crw-rw---- 1 root dialout 4, 67 Jan 19 12:51 /dev/ttyS3
crw-rw---- 1 root dialout 4, 66 Jan 19 12:51 /dev/ttyS2
crw-rw---- 1 root dialout 4, 65 Jan 19 12:51 /dev/ttyS1

So if you are member of the dialout group you can use the serial ports by reading and writing to the device file: echo "Hello world" > /dev/ttyS0. The video group allows access to the video hardware.

For description of each groups, read the file: /usr/share/doc/base-passwd/users-and-groups.html

EDIT about first comment:

In fact, usually you don't have to be in those groups to "access" the hardware resources, from a user point of view. The common practice is to have a daemon/server managing it, being member of the most restrictive group, then allowing you access to the daemon/server.

For your case, being member of the video group allows direct access to the graphic hardware, not through the X server. Usually on desktop/laptop computer it is nice to have direct access to the graphic hardware (glxinfo | grep "direct rendering").

Side note, if you have direct rendering but you are not member of the video group (id | grep --color video), you were allowed hardware access by an acl of the /dev file (find /dev/ -group video -exec getfacl {} \; | grep $USERNAME).


In general the concept of group separation relates to this:

http://en.wikipedia.org/wiki/Principle_of_least_privilege

It does seem silly to have all of those groups until you realize the alternative would be a single common level of high privilege (ex. sudo/root) which would be a security nightmare.

Most of the groups shown in your post exist so that various pieces of the OS can access common functionality with the least amount of privileges. The user shouldn't have to worry about this too much. During some administrative tasks you may need to up your privs to access some functionality and this is usually done using sudo for short one time tasks and by adding yourself to a specific group for repetitive tasks.