[Samba] Need clarification of "read list" option in smb.conf(5)

[Raymond Lillard]

Dear Samba,

I have a v3.0.6 PDC with shares that are to have the
access rights described below:

1. All members of the "mrp" group are to have r/w access

2. All new files to be created with perm 660

3. All new directories to be created with perm 770

4. All new files and directories are to be assigned
    to the "mrp" group

5. One user, "joe" is to have r/o access

6. No other users are to be allowed any form of access

My settings:
MRP]
         comment = Materials, Requirements & Planning
         path = /home/MRP
         read only = no
         write list = @mrp
         force group = +mrp
         read list = joe
         create mask = 0660
         directory mask = 0770
         browseable = Yes
         guest ok = No


What I get is:

If user "joe" *IS NOT* in the "mrp" group, all access is denied.
If user "joe" *IS*     in the "mrp" group, r/w access is granted
as described in the man page.

I have read smb.conf(5) ad nauseum and to the best of my reading,
the above should work with user "joe" not in the "mrp" group.

 From smb.conf(5):
read list(S)
This is a list of users that are given read-only access to a
service.  If the connecting user is in this list then they will
not be given write access, no matter what the read only option
is set to. The list can include group names using the syntax
described in the  invalid users parameter.

Example: read list = mary, @students


So, how do I solve this, and what additional text in the manual
could make this clarify this issue?

Thanks to all,
Ray