I've a set of servers configured as DM of an AD domain, all in Samba 4.8.12 (Debian stretch, Louis Van Belle repo). In all of these server I've a share configured as: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:prefix = %S|%d|%I|%M|%u recycle:exclude = *.TMP,*.tmp,*.temp,*.o,*.obj,~$* recycle:versions = yes recycle:keeptree = yes recycle:repository = .cestino/%U with /srv in a XFS filesystem, mounted as: root@vdmsv1:~# mount | grep /srv /dev/sdc2 on /srv type xfs (rw,nodev,noexec,relatime,attr2,inode64,grpquota) In *ALL* of these server, folder like '/srv/work/.cestino/<username>' get created as 0755' and so they are WORLD READABLE. As suggested in 'samba' list, I've tried to add: recycle:subdir_mode = 1700 recycle:directory_mode = 1700 but nothing changed (as samba.conf manpage say, these are the default). Seems that at least this depend of FS type; I've a second share in some of these server that are mounted directly via GFS: [FVG] comment = Regionale (FVG) kernel share modes = No map acl inherit = Yes path = / read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit glusterfs volume = FVG full_audit:failure = none full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:prefix = %S|%d|%I|%M|%u recycle:exclude = *.TMP,*.tmp,*.temp,*.o,*.obj,~$* recycle:versions = yes recycle:keeptree = yes recycle:repository = .cestino/%U glusterfs:volume = gv0 and in this share, user folder get created with correct permission (0700).