>In fact, you can do things very easily with *nix acls that are very >difficult in Windows. For example, you can set different 'Default' >permissions (what will be on things created in the directory) than the >permissions that are actually on the directory. You can set different >masks for different groups or users in the same directory, etc. That's not accurate. You can do exactly that very trivially with Container Inheritance flags only etc...