We have an unusual request to block a single user from any access to a particular folder several levels down on an NSS volume. Some users already have access either by explicit group rights directly to the folder or inherited rights from levels above the folder. Other than creating an IRF to block out the world and then create a single group (and figure out who needs to be in the group) with explicit rights is there another way to do this? Thanks.