create mask , create directory mask and force user in samba server

type "man smb.conf" for linux manual !

dump from the manual

create mask (S)
          When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX  mode  is
          then  bit-wise  'AND'ed  with  this  parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit not set here will be
          removed from the modes set on a file when it is created.

          The default value of this parameter removes the group and other write and execute bits from the UNIX modes.

          Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the force create mode parameter which is  set  to  000  by
          default.

          This parameter does not affect directory masks. See the parameter directory mask for details.

          Note  that  this  parameter  does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control
          lists also, they need to set the security mask.

          Default: create mask = 0744

          Example: create mask = 0775


----------------------------------------------------

 security mask (S)
             This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using  the  native
             NT security dialog box.

             This  parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not in this mask from being modified. Make sure
             not to mix up this parameter with force security mode, which works in a manner similar to this one but uses a logical OR instead of an AND.

             Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change.

             If not set explicitly this parameter is 0777, allowing a user to modify all the user/group/world permissions on a file.

              Note that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for  standalone  "appliâ
             ance" systems. Administrators of most normal systems will probably want to leave it set to 0777.

             Default: security mask = 0777

             Example: security mask = 0770


----------------------------------------------------------------

directory mask (S)
          This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.

          When a directory is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode
          is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a directory. Any bit not set here will
          be removed from the modes set on a directory when it is created.

          The default value of this parameter removes the 'group' and 'other' write bits from the UNIX mode, allowing only the user who owns the directory to modify it.

          Following  this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the force directory mode parameter. This parameter is set
          to 000 by default (i.e. no extra mode bits are added).

          Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a  mask  on  access  control
          lists also, they need to set the directory security mask.

          Default: directory mask = 0755

          Example: directory mask = 0775


      directory security mask (S)
          This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native
          NT security dialog box.

          This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not in this mask from being modified. Make sure not
          to  mix  up this parameter with force directory security mode, which works similar like this one but uses logical OR instead of AND. Essentially, zero bits in
          this mask may be treated as a set of bits the user is not allowed to change.

          If not set explicitly this parameter is set to 0777 meaning a user is allowed to modify all the user/group/world permissions on a directory.

          Note that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for  standalone  "appliance"
          systems. Administrators of most normal systems will probably want to leave it as the default of 0777.

          Default: directory security mask = 0777

          Example: directory security mask = 0700


------------------------------------------------------------

   force user (S)
          This  specifies  a  UNIX  user  name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You
          should also use it carefully as using it incorrectly can cause security problems.

          This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply  a  valid  password.  Once  conâ
          nected, all file operations will be performed as the "forced user", no matter what username the client connected as. This can be very useful.

          In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5
          the primary group was left as the primary group of the connecting user (this was a bug).

          Default: force user =

          Example: force user = auser


------------------------------------------------------

   force group (S)
          This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files
          by  ensuring that all access to files on service will use the named group for their permissions checking. Thus, by assigning permissions for this group to the
          files and directories within this service the Samba administrator can restrict or allow sharing of these files.

          In Samba 2.0.5 and above this parameter has extended functionality in the following way. If the group name listed here has a '+'  character  prepended  to  it
          then  the  current  user accessing the share only has the primary group default assigned to this group if they are already assigned as a member of that group.
          This allows an administrator to decide that only users who are already in a particular group will create files with group ownership set to  that  group.  This
          gives  a  finer  granularity of ownership assignment. For example, the setting force group = +sys means that only users who are already in group sys will have
          their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group.

          If the force user parameter is also set the group specified in force group will override the primary group set in force user.

          Default: force group =

          Example: force group = agroup