This option specifies the bit mask to be anded with default permissions when a file is created. The default does allow group and other read access to files created in the share. If you want complete privacy, specify create mask = 0700, this removes all permissions from group and “others”.