mars:
groups for users are not a simple question about the origin of users (internet- or intranet-users).
I think for example you have foldertrees for a programming- or documentation project.
There would be an number (say 14,30,70) of users working on the project-group.
Some of them (founders) may access all, upload and download in all subfolders, others, like 'coders',
may access all except some folder with special documents, and upload in some folders only,
'illustrators' dont access code-folders and only upload in other folders, a forth type of members
of the group will only have access- and download rights. .. ..
Administration of the access-rights in the different folders could be simplified, if users belong to groups(and subgroups).
Supose a user belongs to a subgroup project.coders or project.founder. This implies, that he belongs to project.
Hence, in the filesystem, you may give access to 'project' on the first element of the folder-tree, limiting upload to project.founder.
in a folder in next level of the tree, you give access only to folder.founder, folder.coder and upload only to folder.coder .. .. ..
So the group system allows having to add only one or two entries to give access or upload rights, you don't need to specify in each
level (folder) a list of 12, 30, 60 users. A user who belongs to a group (by being an element of the subgroup) automatically has the asigned rights
to the (sub-)group in the corresponding folders.
That's the thing for creating user-groups.