| blob | 2db50f1ce3fca230b4b11b3d473a706aea3f43f6 |
1 <samba:parameter xmlns:samba="http://samba.org/common">
2 <term><anchor id="FORCESECURITYMODE"/>force security mode (S)</term>
3 <listitem><para>This parameter controls what UNIX permission
4 bits can be modified when a Windows NT client is manipulating
5 the UNIX permission on a file using the native NT security dialog
6 box.</para>
8 <para>This parameter is applied as a mask (OR'ed with) to the
9 changed permission bits, thus forcing any bits in this mask that
10 the user may have modified to be on. Essentially, one bits in this
11 mask may be treated as a set of bits that, when modifying security
12 on a file, the user has always set to be 'on'.</para>
14 <para>If not set explicitly this parameter is set to 0,
15 and allows a user to modify all the user/group/world permissions on a file,
16 with no restrictions.</para>
18 <para><emphasis>Note</emphasis> that users who can access
19 the Samba server through other means can easily bypass this restriction,
20 so it is primarily useful for standalone "appliance" systems.
21 Administrators of most normal systems will probably want to leave
22 this set to 0000.</para>
24 <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter moreinfo="none">
25 force directory security mode</parameter></link>,
26 <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory security
27 mask</parameter></link>, <link linkend="SECURITYMASK"><parameter moreinfo="none">
28 security mask</parameter></link> parameters.</para>
30 <para>Default: <command moreinfo="none">force security mode = 0</command></para>
31 <para>Example: <command moreinfo="none">force security mode = 700</command></para>
32 </listitem>
33 </samba:parameter>