1 files changed, 35 insertions, 0 deletions

diff --git a/docs/smbdotconf/security/forcesecuritymode.xml b/docs/smbdotconf/security/forcesecuritymode.xml
new file mode 100644
index 0000000000..f9f701e1df
--- /dev/null
+++ b/docs/smbdotconf/security/forcesecuritymode.xml
@@ -0,0 +1,35 @@
+<samba:parameter name="force security mode"
+                 context="S"
+				 type="string"
+                 xmlns:samba="http://samba.org/common">
+<description>
+    <para>This parameter controls what UNIX permission 
+    bits can be modified when a Windows NT client is manipulating 
+    the UNIX permission on a file using the native NT security dialog 
+    box.</para>
+		
+    <para>This parameter is applied as a mask (OR'ed with) to the 
+    changed permission bits, thus forcing any bits in this mask that 
+    the user may have modified to be on. Essentially, one bits in this 
+    mask may be treated as a set of bits that, when modifying security 
+    on a file, the user has always set to be 'on'.</para>
+
+    <para>If not set explicitly this parameter is set to 0,
+    and allows a user to modify all the user/group/world permissions on a file,
+    with no restrictions.</para>
+		
+    <para><emphasis>Note</emphasis> that users who can access 
+    the Samba server through other means can easily bypass this restriction, 
+    so it is primarily useful for standalone &quot;appliance&quot; systems.  
+    Administrators of most normal systems will probably want to leave
+    this set to 0000.</para>
+
+</description>
+
+<value type="default">0</value>
+<value type="example">700</value>
+
+<related>force directory security mode</related>
+<related>directory security mask</related>
+<related>security mask</related>
+</samba:parameter>