dperson / samba

Samba docker container
GNU Affero General Public License v3.0
1.53k stars 515 forks source link

Samba resetting ownership for all shared files #351

Open ninze opened 3 years ago

ninze commented 3 years ago

When I share a volume using dperson/samba in rw mode, all existing files within that volume are chowned to user 100 and group 101. This messes up a lot of things.

I understand that users / groups are different on each image and that samba user should be the owner of new files, but I don't understand why samba needs to hijack ownerships of all the existing files in the volume. Is there any way to prevent this?

immortaly007 commented 3 years ago

I run into the same problems! What would be a good way to solve this? Mounting /etc/{group,passwd,shadow} to the container?

ninze commented 3 years ago

I run into the same problems! What would be a good way to solve this? Mounting /etc/{group,passwd,shadow} to the container?

Looking at the code I came to a conclusion that recursive chown of all files under the mount point is done on purpose of "fixing permissions". I ended up using a different image.

rpodgorny commented 3 years ago

I run into the same problems! What would be a good way to solve this? Mounting /etc/{group,passwd,shadow} to the container?

Looking at the code I came to a conclusion that recursive chown of all files under the mount point is done on purpose of "fixing permissions". I ended up using a different image.

...which one?

ninze commented 3 years ago

I used alpine:latest and installed samba from package manager. Below is the dockerfile if you need inspiration. Replace "myuser", "mygroup" and "mypasswd" with something that makes more sense in your case.

FROM alpine:latest

RUN apk --no-cache --no-progress add bash samba tini

# Add group mygroup and user myuser
RUN addgroup -g 500 -S mygroup \
    && adduser -S -D -H -h /tmp -s /sbin/nologin -G mygroup -u 500 myuser

# Set samba password for user myuser
RUN (echo "mypasswd"; echo "mypasswd") | smbpasswd -a -s myuser

# Declare ports we want to to listen to
EXPOSE 137/udp 138/udp 139 445

HEALTHCHECK --interval=60s --timeout=15s \
    CMD smbclient -L \\localhost -U % -m SMB3

ENTRYPOINT ["tini", "--"]

CMD ["smbd", "-FS", "--no-process-group"]
davidburstrom commented 2 years ago

Is it an option for you to run the container without the -p option (which is the one that resets the permissions)?

bingo787 commented 2 years ago

How to recover the file's ownership? my colleague wants to KILL me !!!

cybertale commented 1 year ago

I run into the same problem and it confuses me for a very long time. Originally I thought it was some bad things going on with my docker.

I have to manually fix all permissions and some containers go down randomly all because of losing executable permissions.

I finally found that the problem is I mistakenly added -p options to the start up command of container in docker-compose.yml

As far as I know, the easiest way of recovering files ownership is to use git reset --hard, or we can only manually recovering it.

irrelevantdotcom commented 2 months ago

This one bit me too... been pulling my hair out! Seems the example docker-compose.yml provided has -p at the end of the command parameters. I think this would be best omitted!