Ignatios Souvatzis said:

>I am not sure that this is desirable. Normally, you do not want a system to
>access a volume which it doesn't understand - we don't want, say, 4.2BSD
>systems to access long uid/gid filesystems, either - because even if it
>doesn't corrupt ACLs, it might give away access rights that were not intended.
>
>In this special case - do ACLs always _add_ access permissions, or can they
>deny access permissions that the old user/group/other system alone would grant?

And then there is this cautionary paragrapch in the setfacl man page
on Solaris:

     If  you use the chmod(1) command to change  the  file  group
     owner  permissions on a file with ACL entries, both the file
     group owner permissions and the ACL mask are changed to  the
     new  permissions. Be aware that the new ACL mask permissions
     may change the effective permissions  for  additional  users
     and groups who have ACL entries on the file.

A reckless "chmod -R" could screw up a complex ACL scheme. Solaris
allows 1024 entries per inode.

-- 
Rick Kelly  rmk@rmkhome.com  www.rmkhome.com