[Samba] inherit acls and inherit permissions = execute bit always set?

[Ray Van Dolson]

Hi all, I have a share set up as follows:

[images]
  path = /images
  read only = No
  create mask = 0660
  directory mask = 2770
  hide special files = yes
  hide files = /lost+found/
  acl group control = yes
  inherit acls = yes
  map acl inherit = yes
  inherit permissions = yes
  map archive = no
  security mask = 0111

When users create files or directories under this share, the ACL's set
at the top level are properly propagated, but the files always seem to
have the execute bit set.  I'm guessing this is a side-effect of
inherit permissions per the man page:

  "New files inherit their read/write bits from the parent directory.
  Their execute bits continue to be determined by map archive, map
  hidden and map system as usual."

The files being created have neither archive flag, hidden or system
flag set, so I'm not sure why the execute is getting set unless it is
getting pulled directly from the directory permissions.

I also notice under the inherit acls entry:

 "This parameter can be used to ensure that if default acls exist on
 parent directories, they are always honored when creating a new file
 or subdirectory in these parent directories. The default behavior is
 to use the unix mode specified when creating the directory. Enabling
 this option sets the unix mode to 0777, thus guaranteeing that default
 directory acls are propagated."

So I'm not sure which directive is to blame.

I attempted to use security mask to disable the setting of the execute
bit on any created files, but inherit permissions seems to override
all.

Any suggestions?  I want my files created without the execute bit set,
but want to be able to inherit ACL's.

Thanks,
Ray