[Samba] Is "acl_xattr:ignore system acl = yes" recommended?

[miguel medalha]

> Since Samba has root access, wouldn't it be possible, when using acl_xattr:ignore_system_acls, 
> to set permissions to 600/700 instead and let Samba do the translation and authorize access based
> only on what is stored in the "security.NTACL" extended attribute by acl_xattr?

Or even 660/770 if owner and group were to be root:root. It's the "others" part that is problematic.