Security Levels - Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual

browseable = No
This setting makes the share invisible in the network environment.
read only = No
By default, Samba prohibits write access to any exported share by means of
the read only = Yes parameter. To make a share writable, set the value
read only = No, which is synonymous with writable = Yes.
create mask = 0640
Systems that are not based on MS Windows NT do not understand the concept
of UNIX permissions, so they cannot assign permissions when creating a file.
The parameter create mask defines the access permissions assigned to
newly created files. This only applies to writable shares. In effect, this setting
means the owner has read and write permissions and the members of the
owner's primary group have read permissions. valid users = %S prevents
read access even if the group has read permissions. For the group to have read
or write access, deactivate the line valid users = %S.

Security Levels

To improve security, each share access can be protected with a password. SMB has
four possible ways of checking the permissions:
Share Level Security (security = share)
A password is firmly assigned to a share. Everyone who knows this password has
access to that share.
User Level Security (security = user)
This variation introduces the concept of the user to SMB. Each user must register
with the server with his or her own password. After registration, the server can
grant access to individual exported shares dependent on usernames.
Server Level Security (security = server)
To its clients, Samba pretends to be working in user level mode. However, it
passes all password queries to another user level mode server, which takes care of
authentication. This setting requires an additional parameter (password server).
Samba 341