Restricting access with groups not working

So on my site i have recently added a development area for the other devers and me. I set this as a subdomain with a different user account to avoid any problems with an rm -rf command (well at least it wont take out our site). I was under the assumption that if i make a group for my normal user and put only that user into that group, then the files owned by that group would not be accessible by other groups… maybe i can explain it better like this

my normal user is foo
the new user is bar
i made a new group called foogrp and put foo into it
i then did a chgrp foogrp /home/foo/

i was under the assumption that if bar then did a cat /home/foo/ then it should say access denied. this is not the case. how can i protect this file?