If you are a Unix developer and you want a good laugh, read through Microsoft's documentation for
createDirectory() .
Specifically, assume that you DON'T want to simply inherit the security settings from the parent directory, so follow the link for the
SECURITY_ATTRIBUTES structure.
When you get there you'll note the structure describing the security settings holds a pointer to another
structure describing the file's owner, the group, an discretionary ACL, a system ACL, and some qualifiers. You finally get here, and you're thinking, okay, now I can create a directory. Then you notice you can't set the SECURITY_DESCRIPTOR attributes by hand, you have to access them through a family of functions: GetSecurityDescriptor*. So you have another 14 web pages to read through (at least) before you can create a directory with the permissions scheme you want.
This approach (with the ACL and all) seems powerful to me, but at the same time I find it laughable because Unix provides reasonable file security with a super simple interface. Simple is good. Windows file permissions are far from simple. It is no wonder so many windows applications screw up the file permissions.
