Brian Dewey gives a nice post on why you should care about ACLs... As you may know we plan to add ACL support to the BCL in Whidbey.. check out Kit's PDC presentation for more info.  Here is some examples from that presenation... does it look like we are hitting the sweet-spot here?

Enable the ability to view and edit ACLs  on objects in the filesystem, from managed code


// how it might look for Directory…

DirectorySecurity ds = new DirectorySecurity();


ds.AddAccess (“MYDOMAIN\SomePerson”, AccessControlType.Deny,

      AclAccess.View | AclAccess.Change, FileAccess.ReadWrite );


Directory.SetAccessControl ( @“c:\temp”, ds );




Critical capability is setting the ACL at the point a file/directory is created


FileSecurity fs = new FileSecurity();

fs.AddAccess( new FileAccessTrustee( new NTAccount(“MYDOMAIN”, “SomeGroup”),       AccessControlType.Deny,       AclAccess.View | AclAccess.Change, FileAccess.Read |       FileAccess.Write));


using (FileStream file = new FileStream(“foo.txt”, FileMode.Create,    FileAccess.Write, FileShare.None, 4096,   false, fs ) ) {

            // write to the file…