Group Permissions Look Good But Permission Denied

A situation existed where a user needed access to a CentOS 6 server to provide support for a specific application. This application is associated with a unique username to that application. For the sake of argument, an application xyz has a user xyz which automatically puts that user in a group of the same name, xyz.

The additional user whom needed to support this application is john.doe. Adding john.doe to the group xyz, is not enough. It is, however, a good first step.

usermod -a -G xyz john.doe

Using ll to check out the /home directories revealed that the app xyz had the permissions of drwx------ for the home directory /home/xyz with user:group xyz:xyz. Here the user, xyz has full control over the directory /home/xyz, as where group and other have no access.

Change the permissions to the directory /home/xyz to drwxrwx---. The following command will do the trick.

chmod g+rwx /home/xyz

The user john.doe should, a member of the group xyz should now have access to the directory /home/xyz.

An explanation that worked for me was this one: "[T]he group "x" bit set in the directory to allow group searches [or listings]." To open a file given its name, apply the read (r) permission or to create a file, the write (w) permission is applied. Another neat explanation that I found to be useful: "You need the execute (x) bit set for the group in order for that group to enter the directory. Think of it as a rough analog to the windows "Traverse Directory" setting. Without it, access will be denied for the group."

Source(s)
http://serverfault.com/questions/139656/permission-denied-but-group-permissions-look-good-on-redhat
http://www.howtogeek.com/50787/add-a-user-to-a-group-or-second-group-on-linux/