You should NEVER assign S to anyone. S means Supervisor and you can't block it.. That's why it's not working. In fact, go through your system and take S out of anything it is assigned to.
A rule of thumb, and practice that I use is follows:
Grant general or very restrictive permissions at top level subdirectories. Grant more priviledges only where specifically required on specific subdirectories.
When you grant excessive rights from the top, you then have to block them wherever you don't want them, and that turns into a management nightmare.
Here are some common rights that people need:
Full: [RWCEMF]
Read Only: [R F]
Those usually accomodate 95% of scenarious.
Here is a description of each letter:
S - Supervisor (god priviledges)
R - Read (Open a file for reading)
W - Write (allows you to Modify or write to a file)
C - Create (allows you to Create a new file)
E - Erase (allows you to Delete a file)
M - Modify (ability to Modify netware attributes)
F - File Scan (Allows you to view directory contents)
A - Access Control (Ability to assign permissions)
The entire concept is pretty simple.. ask if you need any further clarification.
Marvin Huffaker, MCNE