One of the first things I wanted to do when I got my shiny new OS X computer was set up groups for my users (me, partner, guest). I wanted one group for me and my partner, and some other group or no group for guest access. That way my partner and I could share files easily, but any guests that I admitted to the machine could not see our data. Imagine my disappointment to find out that this is not supported well under OS X (non-server; OS X Server apparently has a wonderful GUI utility for managing users and groups).
Background: with standard Unix, the administrator edits files in the /etc directory to create users and assign them to groups. OS X does not work this way; instead, it uses a powerful, flexible, and cryptic system called NetInfo to manage these bits and pieces of administrivia. So, forget about going into /etc/groups and editing the file to put users in groups. Side note: apparently, the point of the NetInfo system is to be able to organize user administration data so that someone can use a remote computer, and seamlessly access his/her usual home directory, etc.
Read the rest of the article for an overview of using groups in OS X...
Disclaimer: changing values in the NetInfo database is not without risk. Be very careful and mindful of the changes you are making, or you could end up with a system that won't let you log in or won't let you access files that you want to access. OS X does not include documentation on NetInfo Manager, so the following includes some intelligent guesses on my part.
It turns out that Apple provides a GUI utility called NetInfo Manager even in the non-server edition, and this can be used to edit NetInfo data. By default, when you create a user with the User pane of the System Preferences utility, it assigns that user a group id (gid) of 20. It turns out that this corresponds to the group "staff", however, the job is only half done: the user has been assigned a group id, but the group part of the database hasn't been updated to include whatever users you create. What you need to do is go into NetInfo Manager, find the group "staff", and make it list the users that you want put together. A relatively simple extension of this idea is to create an entirely new group, assign users to it, and then edit the user's profiles to use the newly-created group id.
Begin by starting up NetInfo Manager (found in the Utilities directory under Applications). The main form shows a display similar to the List view of the Finder: clicking on one item in the main window advances the window to the right and shows a new level of detail below in the hierarchy. Some orientation: items in the upper half of the form are termed "directories"; within a given directory there are properties (shown below in the lower left window), and each property may have one or more values, shown in the lower right window. Directories, in this context, are not literally directories like you find on the disk; they are more like categories of information within a database of information. If all this sounds similar to the Windows registry, well, you're right, they are similar.
The top level of the directories is "/", just like in the file directory system. Below that, you'll see a list of directories with familiar names: groups, mounts, printers, users, and some others. If you click on users, for instance, the column view will show a list of users at the right, including all the users that you've added. Clicking on one of those user names will fill in the lower pane of the display with properties, including values for that user's home file directory, starting shell, etc. Note that the gid for users that you've added is 20.
Suppose you wish to finish the job of putting all your added users into the "staff" group. Starting on the top of the hiearchy, click on "/", then on "groups", then on "staff". You'll see that a group has four properties; one of them is called users, and that's the one we are interested in. If you've never made any changes before, the only user within "staff" will be "root". Make sure that you have permission to make changes by clicking on the little lock icon in the lower left of the form. Then click once on the "users" property in the lower part of the form. Then, under the Directory menu item you'll find a command to "Append value." Select this, and you'll be able to add a second user's name to the group. Do this as many times as it takes to add all the users that you wish to add to "staff". If you click on a different directory item, NetInfo Manager will ask if you want to save your changes.
It should be possible to extend this concept to create entirely new groups.
Don't forget that the directory that holds the file that is to be shared with the group must be read - writeable - executable to the group, as well.
[Editor's note: I haven't done any work with groups in OS X, and I have not tried these instructions myself.]
Mac OS X Hints
http://hints.macworld.com/article.php?story=20020428235448290