Container ACLs
The Object ACL controls access to the object itself. A container object has, in addition to its Object ACL, an Initial Container ACL and an Initial Object ACL. These two ACLs are not used for access control as such, but instead for cloning initial ACLs for objects or containers created within the initial container. The Initial Container ACLs and the Initial Object ACLs can be edited in the same way as the usual ACL by using the -ic and -io options to the dcecp acl commands.
More:
Initial ACLs for Objects and Containers
Effect of Masks When Editing ACLs