Best way to manage file/dir permissions: samba or *nix perms

[Andreas Hasenack]

Hi all!

I have samba 2.0.5a running on a RedHat 6.1 systems, everything works fine
for me.
I don't have experience in large user installations. By that I mean a server
with many users, directories, groups, project directories, public
directories, etc.
Linux standard file permissions (owner, groups, other) can be a headache
sometimes.
With samba one have more permissions to worry about, but they apply only to
the share that's being exported, and the underlying ext2 filesystem has
always the final word. This can be confusing sometimes, even more if you
have to explain to a manager why he can't write do a share that's marked as
writable: the linux permissions won't allow it (example).
OK, here comes a more objetive question:
One could, for example, export a dir with 777 permissions and restrict
access via the share properties (write list, etc). Or the opposite: place no
restriction at all in the share (smb.conf) and place the restrictions in the
ext2 filesystem instead.
As I said, I don't have that much experience in managing this kind of stuff.
What would be the best way? A mix?
In this first samba installation for a customer I'm actually using both, and
those force create mode, create mask, etc are very handy.