Proposal to remove confusing "security XX mask" parameters for 4.0.0

Scott Lovenberg scott.lovenberg at
Wed Oct 3 13:45:35 MDT 2012

On Wed, Oct 3, 2012 at 2:49 PM, Jeremy Allison <jra at> wrote:
> On Wed, Oct 03, 2012 at 09:18:51AM -0400, Scott Lovenberg wrote:
>> I just read the thread that spawned this thread.  I feel I should
>> clarify my position.  I have used these bits to get around bugs with
>> Office documents, now that those bugs are all stomped, I have no
>> reason to ever use these parameters again.
> Ok, so that's *slightly* worrying :-). You did use them
> separately once ?
> Jeremy.

"Slightly", indeed! :)

It's been a few years since this happened and I'm a bit fuzzy on the
specifics, but I was affected by bug 2346
( where MS Office
files get the wrong permissions.  I ended up using "force security
mode = 660" to always keep the read and write permissions for the
user/group that owned the file, regardless of what the client asked
for.  It was ugly, but effective.

Trying to keep them all straight while testing was a nightmare.
Especially when you figure out all the modes are logical "or"s and the
masks are logical "and"s, except for "directory mode" which is an
alias for "directory mask".
Peace and Blessings,

More information about the samba-technical mailing list