> RHEL and CentOS have much, much tighter basic privilege handling. The > complexity of the NTFS ACL structure, for example, is so frequently > mishandled that it's often ignored and simply dealt with as > "Administrator". The result is privilege escalation chaos. And how is the user-group-world permissions system any better? I work daily with both *nix & NTFS ACL's and given the choice I prefer NTFS' for the finer grained control. You want to create a folder in which user A & B have access to but nobody else? In *nix you create a group that both those users belong to and set the folder to use that group's permissions. In NTFS you set the ACL's so those two users have (almost) full access to the folder. Simple enough. Now say you need to create another folder which only users B & C have access to? In *nix you create another group, one that B & C belong to, and assign that group permissions to that folder. NTFS? Set the ACL's so that only B & C have access. Now let's say we want User A to have read only access to that second folder? They're not the owner, and don't belong to the group, so world permissions are your only choice. What if this folder is a confidential folder containing files the CEO & VP should be able to alter but the Admin Assistant needs to be able to pick files from? You really don't want a lowly peon down in shipping seeing the confidential memo now do you? In NTFS you just add user A to the folder with read only permissions. Now expand this out to hundreds of folders and watch the *nix groups multiply like rabbits. Admittedly a few areas of NTFS ACL's cause some confusion, inheritance and precedence rules among them, but if you take the time to read how they work and play with it before putting it into production it's actually quite easy to work with. RTFM? :-) -- Drew "Nothing in life is to be feared. It is only to be understood." --Marie Curie