Greetings, Just a follow up.
I never found a way to track the "why" behind a user getting permissions when they were not supposed to. However, it appears that Panasas enabled a new form of ACL's in their 5.5 update which we went to a few months back. The ACL's are apparently always on and enabled outside of the Linux permission scope. This is how users are getting permissions. Thanks for all of the off-list suggestions people sent me. I do appreciate all of the help. ~Stack~
signature.asc
Description: OpenPGP digital signature
