Obviously needs to be r/w (6) so owners have complete control of their own files.
Without acl this needs to be r/w (6) so that users that need to edit other's files could be assigned to this group.
This is where I am stuck. I want to allow some users to read files but not write. It seems that I can either open up permissions in linux to 770 and then limit access in samba. This seems like a bad option because the "read only" user could just log in to the server directly (bypass samba) and they would have r/w access to all folders directly that they did not have in samba.