This parameter controls what UNIX permission bits can be set when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box. This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus preventing any bits not in this mask from being set. Make sure not to mix up this parameter with , which works in a manner similar to this one but uses a logical OR instead of an AND. Essentially, zero bits in this mask are a set of bits that will always be set to zero. If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file. Note that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will probably want to leave it set to 0777. force directory security mode directory security mask force security mode 0777 0770