ACLs: denying privs to owners

If you give a user the ability to create files in a directory, those files automatically give that user POSIX r/w perms. If you create a deny ACL for that user (say, to read), it seems to disobey the precedence rule and not override the POSiX perms. (The example is not imaginary; I have a client that wants to have a drop box that users can add to, see the contents, but not read the contents of the contents once they're there ... FTP service where their customers share an account ... OK, I can try to convince them to give every customer their own account, but I don't think ti will fly.) Can anyone else confirm this? Using Workgroup Manager, logged in as your preferred admin account, navigate to your home directory in the Sharing section. Create a new folder. Add an ACL to deny read access to child files. Save a file there (say, `echo "my ACL test">testfile` while logged in with SSH). You can still read the contents of the file. Is it a bug? Or an undocumented feature? -b-