From e74f29a11cadc0159ed36700191abfc678e58b5a Mon Sep 17 00:00:00 2001 From: kongkrit <45794368+kongkrit@users.noreply.github.com> Date: Fri, 16 Jul 2021 13:06:54 +0700 Subject: [PATCH 1/5] added 'show' and 'DISABLE_SOCKET_OPTIONS' --- Readme.md | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/Readme.md b/Readme.md index ff1febd..ae34b20 100644 --- a/Readme.md +++ b/Readme.md @@ -47,16 +47,23 @@ Container will be configured as samba sharing server and it just needs: - usergroup (wich user must belong) p.e. alice - password (The password may be different from the user's actual password from your host filesystem) --s name:path:rw:user1[,user2[,userN]] +-s name:path:show:rw:user1[,user2[,userN]] -- add share, that is visible as 'name', exposing contents of 'path' directory for read+write (rw) or read-only (ro) access for specified logins user1, user2, .., userN +- add a share that is accessible as 'name', exposing contents of 'path' directory. 'show' or 'hidden' controls whether this 'name' is browsable or not. this share also has read+write (rw) or read-only (ro)access control for specified logins user1, user2, .., userN + +### Environmental Variable(s) +- `DISABLE_SOCKET_OPTIONS`, by default, the `[global]` section of the container's `smb.conf` will contain the line: + ``` + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + ``` + This may cause slow transfer for some use cases. In order to disable this line, add `-e DISABLE_SOCKET_OPTIONS=yes` to `docker run`. ### Serve Start a samba fileshare. ``` sh -docker run -d -p 445:445 \ +docker run -d -p 139:139 -p 445:445 \ -- hostname any-host-name \ # Optional -e TZ=Europe/Madrid \ # Optional -v /any/path:/share/data \ # Replace /any/path with some path in your system owned by a real user from your host filesystem @@ -64,10 +71,10 @@ docker run -d -p 445:445 \ -u "1000:1000:alice:alice:put-any-password-here" \ # At least the first user must match (password can be different) with a real user from your host filesystem -u "1001:1001:bob:bob:secret" \ -u "1002:1002:guest:guest:guest" \ - -s "Backup directory:/share/backups:rw:alice,bob" \ - -s "Alice (private):/share/data/alice:rw:alice" \ - -s "Bob (private):/share/data/bob:rw:bob" \ - -s "Documents (readonly):/share/data/documents:ro:guest,alice,bob" + -s "Backup directory:/share/backups:show:rw:alice,bob" \ + -s "Alice (private):/share/data/alice:show:rw:alice" \ + -s "Bob (private):/share/data/bob:hidden:rw:bob" \ # Bob's private share does not show up when user is browsing the shares + -s "Documents (readonly):/share/data/documents:show:ro:guest,alice,bob" ``` This is my real usage command: @@ -76,7 +83,7 @@ This is my real usage command: docker run -d -p 445:445 -e TZ=Europe/Madrid \ -v /home/pirate/docker/makefile:/share/folder elswork/samba \ -u "1000:1000:pirate:pirate:put-any-password-here" \ - -s "SmbShare:/share/folder:rw:pirate" + -s "SmbShare:/share/folder:show:rw:pirate" ``` or this if the user that owns the path to be shared match with the user that raise up the container: @@ -84,10 +91,10 @@ or this if the user that owns the path to be shared match with the user that rai docker run -d -p 445:445 --hostname $HOSTNAME -e TZ=Europe/Madrid \ -v /home/pirate/docker/makefile:/share/folder elswork/samba \ -u "$(id -u):$(id -g):$(id -un):$(id -gn):put-any-password-here" \ - -s "SmbShare:/share/folder:rw:$(id -un)" + -s "SmbShare:/share/folder:show:rw:$(id -un)" ``` On Windows point your filebrowser to `\\host-ip\` to preview site. --- -**[Sponsor me!](https://github.com/sponsors/elswork) Together we will be unstoppable.** \ No newline at end of file +**[Sponsor me!](https://github.com/sponsors/elswork) Together we will be unstoppable.** From eb120200f2c663fc829c166a8537fe413a9096c1 Mon Sep 17 00:00:00 2001 From: kongkrit <45794368+kongkrit@users.noreply.github.com> Date: Fri, 16 Jul 2021 13:07:46 +0700 Subject: [PATCH 2/5] added 'show' and 'DISABLE_SOCKET_OPTIONS' --- entrypoint.sh | 44 ++++++++++++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 12 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index c74dd6e..7c92f92 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,6 +3,12 @@ CONFIG_FILE="/etc/samba/smb.conf" FIRSTTIME=true +if [[ -z "$DISABLE_SOCKET_OPTIONS" ]] ; then + COMMENT_IT="" +else + COMMENT_IT="# " +fi + hostname=`hostname` set -e cat >"$CONFIG_FILE" <>"$CONFIG_FILE" echo -n "path '$sharepath' " echo "path = \"$sharepath\"" >>"$CONFIG_FILE" + + if [[ "show" = "$show" ]] ; then + echo -n "browseable " + # echo "browseable = yes" >>"$CONFIG_FILE" # browseable = yes is the default behavior + else + echo -n "not-browseable " + echo "browseable = no" >>"$CONFIG_FILE" + fi + echo -n "read" if [[ "rw" = "$readwrite" ]] ; then echo -n "+write " @@ -106,7 +123,10 @@ EOH fi if [[ -z "$users" ]] ; then echo -n "for guests: " - echo "browseable = yes" >>"$CONFIG_FILE" + if [[ "show" = "$show" ]] ; then + echo -n "(guest-browesable): " + echo "browseable = yes" >>"$CONFIG_FILE" + fi echo "guest ok = yes" >>"$CONFIG_FILE" echo "public = yes" >>"$CONFIG_FILE" else @@ -129,4 +149,4 @@ EOH esac done nmbd -D -exec ionice -c 3 smbd -FS --no-process-group --configfile="$CONFIG_FILE" < /dev/null \ No newline at end of file +exec ionice -c 3 smbd -FS --no-process-group --configfile="$CONFIG_FILE" < /dev/null From bdb22b489dfad18dcc3e757274a04c9aa6560e61 Mon Sep 17 00:00:00 2001 From: kongkrit <45794368+kongkrit@users.noreply.github.com> Date: Sat, 17 Jul 2021 18:58:30 +0700 Subject: [PATCH 3/5] fix: users(ro) can still write pulled in from https://github.com/deftwork/samba/pull/9/files --- entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 7c92f92..ef28f89 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -134,7 +134,9 @@ EOH users=$(echo "$users" |tr "," " ") echo -n "$users " echo "valid users = $users" >>"$CONFIG_FILE" - echo "write list = $users" >>"$CONFIG_FILE" + if [[ "rw" = "$readwrite" ]] ; then + echo "write list = $users" >>"$CONFIG_FILE" + fi fi echo "DONE" ;; From 8b718cd10005d4748b9c5421b1656e14e87943d4 Mon Sep 17 00:00:00 2001 From: kongkrit <45794368+kongkrit@users.noreply.github.com> Date: Sun, 18 Jul 2021 01:14:32 +0700 Subject: [PATCH 4/5] new list --- entrypoint.sh | 81 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 33 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index ef28f89..0a6165c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -14,25 +14,24 @@ set -e cat >"$CONFIG_FILE" <>"$CONFIG_FILE" echo -n "path '$sharepath' " echo "path = \"$sharepath\"" >>"$CONFIG_FILE" - + if [[ "show" = "$show" ]] ; then echo -n "browseable " # echo "browseable = yes" >>"$CONFIG_FILE" # browseable = yes is the default behavior @@ -110,33 +109,49 @@ EOH echo -n "not-browseable " echo "browseable = no" >>"$CONFIG_FILE" fi - - echo -n "read" - if [[ "rw" = "$readwrite" ]] ; then - echo -n "+write " - echo "read only = no" >>"$CONFIG_FILE" - echo "writable = yes" >>"$CONFIG_FILE" - else - echo -n "-only " - echo "read only = yes" >>"$CONFIG_FILE" - echo "writable = no" >>"$CONFIG_FILE" - fi + +# echo -n "read" +# if [[ "rw" = "$readwrite" ]] ; then +# echo -n "+write " +# echo "read only = no" >>"$CONFIG_FILE" +# echo "writable = yes" >>"$CONFIG_FILE" +# else +# echo -n "-only " +# echo "read only = yes" >>"$CONFIG_FILE" +# echo "writable = no" >>"$CONFIG_FILE" +# fi + if [[ -z "$users" ]] ; then echo -n "for guests: " - if [[ "show" = "$show" ]] ; then - echo -n "(guest-browesable): " - echo "browseable = yes" >>"$CONFIG_FILE" - fi echo "guest ok = yes" >>"$CONFIG_FILE" - echo "public = yes" >>"$CONFIG_FILE" + if [[ "rw" = "$readwrite" ]] ; then + echo "(read-write)" + echo "read only = no" >>"$CONFIG_FILE" + echo "force directory mode = 2777" >>"$CONFIG_FILE" + echo "force create mode = 0666" >>"$CONFIG_FILE" + else + echo -n "(read-only)" + echo "force directory mode = 2775" >>"$CONFIG_FILE" + echo "force create mode = 0664" >>"$CONFIG_FILE" + fi +# echo "public = yes" >>"$CONFIG_FILE" else echo -n "for users: " users=$(echo "$users" |tr "," " ") echo -n "$users " +# echo "guest ok = no" >>"$CONFIG_FILE" echo "valid users = $users" >>"$CONFIG_FILE" +# echo "read list = $users" >>"$CONFIG_FILE" if [[ "rw" = "$readwrite" ]] ; then + echo "(read-write)" echo "write list = $users" >>"$CONFIG_FILE" + else + echo "(read-only)" + echo "read list = $users" >>"$CONFIG_FILE" fi + echo "force directory mode = 2770" >>"$CONFIG_FILE" + echo "force create mode = 0660" >>"$CONFIG_FILE" + fi echo "DONE" ;; From e3488313e5fd8f5b276daa7ef612ad2c66aa662e Mon Sep 17 00:00:00 2001 From: kongkrit <45794368+kongkrit@users.noreply.github.com> Date: Tue, 20 Jul 2021 16:01:05 +0700 Subject: [PATCH 5/5] apk add --no-cache --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d138d5d..960c179 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ LABEL mantainer="Eloy Lopez " \ org.label-schema.version=$VERSION \ org.label-schema.schema-version="1.0" -RUN apk update && apk upgrade && apk add bash samba-common-tools samba tzdata && rm -rf /var/cache/apk/* +RUN apk update && apk upgrade && apk add --no-cache bash samba-common-tools samba tzdata && rm -rf /var/cache/apk/* COPY entrypoint.sh /entrypoint.sh RUN chmod u+x /entrypoint.sh @@ -25,4 +25,4 @@ EXPOSE 137/udp 138/udp 139 445 HEALTHCHECK --interval=60s --timeout=15s CMD smbclient -L \\localhost -U % -m SMB3 ENTRYPOINT ["/entrypoint.sh"] -CMD ["-h"] \ No newline at end of file +CMD ["-h"]