Clarification on smb.conf man-page needed (doc-bug?)

Anders Karlsson trudheim at
Sat Feb 3 19:29:10 GMT 2007

Hi there,

I have a question on the smb.conf man-page and the behaviour of 'create
mask' plus 'security mask'. The wording in the man page suggests that
'create mask' only influences permissions at file creation time, and
that 'security mask' controls what bits that later can be changed.

However, the observed behaviour, when mounting the share with
'mount.cifs //localhost/share /mnt/test -o setuids,user=cifs' and user
cifs is set as admin user for the share is as follows;
 * the bits set in the 'security mask' become bits you can not change
with chmod.
 * bits not set in 'create mask' become bits you can not change with

As such, to get the behaviour where you can change rwx for ugo, plus set
suid, sgid and sticky, you have to, for the share, set;

security mask = 0000
create mask = 7777

This is not very practical as newly created files become world
readable/writeable. I also need to clarify if file / directory
permissions are server side enforced? The settings of 'umask' on the
client is ignored which made me draw this conclusion.

If anyone can shed some light on this, it would be much appreciated.


Anders Karlsson <trudheim at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3549 bytes
Desc: not available
Url :

More information about the samba-technical mailing list