> You and they are both really reinforcing my point that the default (and most commonly used on GNU/Linux) permissions system is limited and hard to work with.
The default Unix/Linux permissions system is perfectly adequate and is not 'hard to work with'. It has proven itself over many decades. Because Unix/Linux has inode file systems allowing multiple file links and various other flags, such as sticky bit, setuid and setgid, the fit of this model is perfectly matched to the system. I would agree that if the file permission system was applied to Windows filesystems then it would be an ineffectual nightmare, but that is because it is not an inode system.
Because Windows started off with an extremely poor (to the point of non-existence) permissions system, and file systems that lacked the basic facilities offered by inode based systems, then NT had to implement a layer of permissions over the top of the file system. They used ACLs. ACLs may be more flexible in many respects (you can have them on Unix/Linux too if you want). These are far more complicated, whether they are 'easier' or 'harder' to work with depends entirely on what you are used to and whether you know how to use the facilities correctly.