[Samba] "Inherited Permissions" vs "Force/Create Mask"

[AndyLiebman at aol.com]

I have written to this list several times. I purchased the Officia SAMBA 3 
How-To and Reference Guide (and read much of it). But I can't get a good answer 
to my question. 

I'm trying to figure out the difference between "inherited permissions" and 
"force/create mask/directory", and other actions like "force user" and "force 
group" (it seems I don't want to use the latter). 

I have a very simple requirement. I have 6 users in a small network of 
Windows XP video editing workstations. All users must be able to read and write to 
the same shared directory (reading, modifying, and deleting each other's 
files). Plus, I want to know who wrote each file that's on the system (who is the 
true owner). 

Because I am doing video editing -- sometimes with uncompressed video over a 
gigabit network (18 MB/sec)  -- I need the very highest efficiency. So, 
whatever solution I choose it can't have a negative impact on speed. 

So far I have been able to solve my problem more or less by using "Inherited 
Permissions = yes" in my smb.conf file under my shared directory name. Is this 
the best way to do it? Or are there better solutions?

Here are the "facts" about my system. 

-- Each user has a username and password on my Linux system. 
-- Each user has the same username and password under Samba
-- Each user logs onto his/her Windows machine with the same usernames and 
passwords that they have in Linux.
-- The Shared Directory on my Linux machine is owned by the group to which 
all users belong, and the group has write permission  (rwxrw-r--) 
-- The umask for the Linux user that created the directory is 0002

With the solution I have chosen ("inherited permissions = yes), all files and 
folders that my 6 users create and write into the shared directory are listed 
as being owned by the person who created them (that's good) and by the group 
to which they all belong (that's good) and the group has read and write 
permissions. 

However, in Windows XP, group members who didn't originally create a file or 
directory are not listed as having FULL CONTROL. They have read and write 
permission, but not modify. I'm not sure it makes any difference in the end 
because all users seem to be able to change the names of files, read them and delete 
them. But maybe they solution I'm using isn't good or has a high impact on 
performance?  

It seems another approache could be to use "force mask" and "create mask" and 
"force directory" and "create directory". 

And as I said above, another approach would be to "force user" and "force 
group" -- but that doesn't preserve the information about who actually created 
the file. And I want to keep that if possible. 

And maybe there's a solution that doesn't involve using any special smb.conf 
variables. 

Some guidance would be appreciated. Thanks. 

Andy Liebman