> If there are 10 million entries, the session will be blocked for a pretty long time.
Ah, I get you. It's the implementation that's the problem, not the concept.
> Both Unix and Windows ask to write those permissions to all files below that dir.
I'm fairly certain Explorer (the Windows shell) uses the most naive method possible for applying permissions.
> Also, in Unix and Windows there's a mix of permissions from a share and permissions to a file. In Netware you assigned a right, at that's it. Much easier to review.
For as long as I can remember giving full access to shares to "Everyone", and then using filesystem permisions has been the recommended practise. It is useful occasionally for enforcing "no remote access" policies, etc.