UID settings seem to be invalid. about samba HOT 12 CLOSED

I've changed the Samba user to root, and it seems to be working.

from samba.

Hi there, I'd say the problem is by creating a user and giving him the already taken userid of root - use a userid from the user range.

So there seems to be a permission problem. just try the following: create a new folder for this test, configure a user with a userid from the user range using the ACCOUNT_test and UID_test.

you can set permissions to this folder from inside podman (don't know if it also has a exec -ti like feature) if the folder is owned by your testuser it should work. or you edit the permissions from outside your container.

from samba.

I tried chown 1000 /shares/public, and after doing so, it seems to be able to upload normally. But in fact, the original owner of the /shares/public file is root, which may be the reason why it cannot be written. I am not particularly clear about the permission management of docker.

I set the Samba user to root, and the log appears to show that the UID of the Samba user has changed to 0, but that looks dangerous.

Considering that containers running in Podman rootless mode actually work primarily on root in the container, and that changing the folder owner can cause file owners outside the container to become abnormal, it might be necessary to use root as the Samba user, but are there any other security measures?

from samba.

thats a good point, I remember that some container runtimes might use randomized uuids for running inside the container, maybe that's the case with podman.

ahhh so you use the rootless mode? isn't this the mode with the randomized uids?

from the docker world if you mount a volume from outside the permissions will not automatically change with the mount - so if you want to write from within the docker container to the volume you need to make sure to have the appropriate access rights

from samba.

Podman rootless mode basically maps the root user in the container to the running user running Podman, but using other users in the container will be mapped to a UID greater than 10000.
I do not know the specific user UID mapping rule.

from samba.

can you check if it works without this rootless mode?

from samba.

I'll close this issue then

from samba.

Excuse me, is it possible to perform user mapping in samba?

from samba.

yes it is - and usually the way to go :) you can have a very complicated setup to map different samba users to another linux user, or enforce the group which is used to create objects in a certain share etc.

to check what you need take a look at samba docs.

also this issue might help you a lot ;) #45

from samba.

Can you provide user-mapped variables in the script? This seems to be a lot more convenient.

from samba.

it's already possible to use env variables to configure all that, take a look at the readme etc.

from samba.

It seems that the username map key value can only be a file path, which means I need to mount /etc/samba/usermap.txt additionally?

from samba.