diff -ru samba-4.0.1.org/lib/param/param_functions.c samba-4.0.1/lib/param/param_functions.c
--- samba-4.0.1.org/lib/param/param_functions.c	2012-12-04 11:07:43.000000000 +0100
+++ samba-4.0.1/lib/param/param_functions.c	2013-01-29 11:51:07.000000000 +0100
@@ -193,6 +193,7 @@
 FN_GLOBAL_BOOL(map_untrusted_to_domain, bMapUntrustedToDomain)
 FN_GLOBAL_BOOL(ms_add_printer_wizard, bMsAddPrinterWizard)
 FN_GLOBAL_BOOL(multicast_dns_register, bMulticastDnsRegister)
+FN_GLOBAL_BOOL(native_os_permissions, bNativeOsPermissions)
 FN_GLOBAL_BOOL(nis_home_map, bNISHomeMap)
 FN_GLOBAL_BOOL(nmbd_bind_explicit_broadcast, bNmbdBindExplicitBroadcast)
 FN_GLOBAL_BOOL(ntlm_auth, bNTLMAuth)
diff -ru samba-4.0.1.org/lib/param/param_table.c samba-4.0.1/lib/param/param_table.c
--- samba-4.0.1.org/lib/param/param_table.c	2012-12-04 11:07:44.000000000 +0100
+++ samba-4.0.1/lib/param/param_table.c	2013-01-29 11:51:07.000000000 +0100
@@ -403,6 +403,15 @@
 		.flags		= FLAG_ADVANCED | FLAG_WIZARD,
 	},
 	{
+		.label		= "native os permissions",
+		.type		= P_BOOL,
+		.p_class	= P_GLOBAL,
+		.offset		= GLOBAL_VAR(bNativeOsPermissions),
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= FLAG_ADVANCED | FLAG_WIZARD,
+	},
+	{
 		.label		= "config backend",
 		.type		= P_ENUM,
 		.p_class	= P_GLOBAL,
diff -ru samba-4.0.1.org/source3/autoconf/source3/param/param_global.h samba-4.0.1/source3/autoconf/source3/param/param_global.h
--- samba-4.0.1.org/source3/autoconf/source3/param/param_global.h	2013-01-14 19:36:38.000000000 +0100
+++ samba-4.0.1/source3/autoconf/source3/param/param_global.h	2013-01-29 11:51:07.000000000 +0100
@@ -51,6 +51,7 @@
 	bool   bMapUntrustedToDomain;
 	bool   bMsAddPrinterWizard;
 	bool   bMulticastDnsRegister;
+	bool   bNativeOsPermissions;
 	bool   bNISHomeMap;
 	bool   bNmbdBindExplicitBroadcast;
 	bool   bNTLMAuth;
diff -ru samba-4.0.1.org/source3/include/proto.h samba-4.0.1/source3/include/proto.h
--- samba-4.0.1.org/source3/include/proto.h	2012-12-04 11:07:44.000000000 +0100
+++ samba-4.0.1/source3/include/proto.h	2013-01-29 11:51:07.000000000 +0100
@@ -1326,6 +1326,7 @@
 bool lp_acl_check_permissions(int );
 bool lp_acl_group_control(int );
 bool lp_acl_map_full_control(int );
+bool lp_native_os_permissions(void );
 bool lp_durable_handles(int);
 int lp_create_mask(int );
 int lp_force_create_mode(int );
diff -ru samba-4.0.1.org/source3/param/loadparm.c samba-4.0.1/source3/param/loadparm.c
--- samba-4.0.1.org/source3/param/loadparm.c	2012-12-04 11:07:44.000000000 +0100
+++ samba-4.0.1/source3/param/loadparm.c	2013-01-29 11:51:07.000000000 +0100
@@ -862,6 +862,7 @@
 #endif
 #endif
 	Globals.bTimeServer = false;
+	Globals.bNativeOsPermissions = false;
 	Globals.bBindInterfacesOnly = false;
 	Globals.bUnixPasswdSync = false;
 	Globals.bPamPasswordChange = false;
diff -ru samba-4.0.1.org/source3/smbd/open.c samba-4.0.1/source3/smbd/open.c
--- samba-4.0.1.org/source3/smbd/open.c	2012-12-04 11:07:44.000000000 +0100
+++ samba-4.0.1/source3/smbd/open.c	2013-01-29 14:08:29.000000000 +0100
@@ -164,6 +164,11 @@
 
 	TALLOC_FREE(sd);
 
+	if (lp_native_os_permissions()) {
+		rejected_mask = 0;
+		status = NT_STATUS_OK;
+	}
+
 	if (NT_STATUS_IS_OK(status) ||
 			!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
 		return status;
@@ -270,6 +275,12 @@
 				false,
 				(access_mask & ~FILE_READ_ATTRIBUTES),
 				&access_granted);
+
+	if (lp_native_os_permissions()) {
+		access_granted = 0;
+		status = NT_STATUS_OK;
+	}
+
 	if(!NT_STATUS_IS_OK(status)) {
 		DEBUG(5,("check_parent_access: access check "
 			"on directory %s for "
@@ -1724,6 +1735,11 @@
 				 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
 				 &access_granted);
 
+	if (lp_native_os_permissions()) {
+		access_granted = 0;
+		status = NT_STATUS_OK;
+	}
+
 	TALLOC_FREE(sd);
 
 	if (!NT_STATUS_IS_OK(status)) {