Samba default file creation mask calculation
The magic of losing 0011 happens because it is the default Samba behaviour.
Extract from the doc:
Create mask : The default value of this parameter removes the group and other write and execute bits from the UNIX modes
Default: create mask = 0744
Here is the link : http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
Search for create mask (S)
In this doc, Samba team does not explain why they choose to implement this default behaviour, but to me it's easy to think about a security mechanism (as you mentioned).
You can use the inherit permissions = yes directive to make a new file inherit its parent folder permission, but this will not affect the x bit.
So, in your case, this will render :
-rwxrw-r--. 1 vanek amikon 0 Dec 21 10:14 file.txt
Also, as you said, to change this behaviour you will have to explicitly define your own mask. Now, the main difference between "create" and "force create" is that :
-
create masktakes permissions away (an AND mask) -
force create modeadds them after that (an OR mask)
Also create mask is not able to deal with x bit for group and others.
So, you may need to deal with both directive to reach some goals.
Let's try some samples :
1) If you only want the x bit for group and others you will have to combine :
create mask = 0700 #Remove r bit from group and others
force create mode = 0711 #Add x bit only to group and others
Result : -rwx--x--x 1 kris kris 0 Dec 21 14:20 file.txt
2) If you want the r and x bits for group and others, remove create mask directive (because default is already 0744) and just add :
;create mask = 0700 #remove r bit from group and others (commented)
force create mode = 0711 #Add x bit only to group and others
Result : -rwxr-xr-x 1 kris kris 0 Dec 21 14:17 file.txt
And so on...
Hope it helps you a bit to understand Samba behaviours.