1 <samba:parameter name="security mask"
3 xmlns:samba="http://samba.org/common">
5 <para>This parameter controls what UNIX permission
6 bits can be modified when a Windows NT client is manipulating
7 the UNIX permission on a file using the native NT security
10 <para>This parameter is applied as a mask (AND'ed with) to
11 the changed permission bits, thus preventing any bits not in
12 this mask from being modified. Essentially, zero bits in this
13 mask may be treated as a set of bits the user is not allowed
16 <para>If not set explicitly this parameter is 0777, allowing
17 a user to modify all the user/group/world permissions on a file.
20 <para><emphasis>Note</emphasis> that users who can access the
21 Samba server through other means can easily bypass this
22 restriction, so it is primarily useful for standalone
23 "appliance" systems. Administrators of most normal systems will
24 probably want to leave it set to <constant>0777</constant>.</para>
26 <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE">
27 <parameter moreinfo="none">force directory security mode</parameter></link>,
28 <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory
29 security mask</parameter></link>, <link linkend="FORCESECURITYMODE">
30 <parameter moreinfo="none">force security mode</parameter></link> parameters.</para>
32 <para>Default: <command moreinfo="none">security mask = 0777</command></para>
34 <para>Example: <command moreinfo="none">security mask = 0770</command></para>