Comments (5)
thanks for the input, it might not work to simply remove the default user, but maybe I'm able to start the samba daemon as non root.
from samba.
Now that I think about it, it's also possible it has to run as root given the mount points, etc. it might need to interact with. I just generally try to keep things not running as root if I can so I was trying to figure out if that was possible here.
from samba.
what's you specific usecase in choosing the UID? or would it be enough if it runs with a default samba user?
from samba.
I've just read about this context.
It's not easily possible to run samba as non-root.
I've noticed, that samba already drops privileges to the user of a share in a subprocess, maybe there is only a small portion of samba running as root -> this is pure speculation I did not verify this.
also most of my script needs to run as root in order to configure samba itself within it's container.
some people might take the effort to have some stripped down configuration which can run as non root. see here: dperson/samba#170 (comment)
Might make sense if you really want to lock down a system - but I'd advice that samba is not the right choice if you need to secure/harden you file server.
also note, that the root user inside the container is not the same as outside the container. it just looks like a root user inside the container.
running the entrypoint etc. as non-root is out of scope of this container. I'm going to close this issue.
quick and easy workaround, use this container to generate your samba configuration, extract the config from the server.
create a new container from alpine, install samba, add the exported config start samba directly with unprivileged user on non root ports
from samba.
Yeah, I was reading a little more about this as well after creating this issue and I agree with your assessment, I don't think it makes sense.
I'm coming from a place of having run a bunch of other containers with things that are clearly user-level processes (Home Assistant, etc.) and having them run in user-space (even inside the container) feels more correct to me than having them run as root and was trying to follow the same playbook when adding a file server, but it just doesn't make sense here.
from samba.
Related Issues (20)
- adduser not possible if gid = uid HOT 1
- Error loading shared library HOT 3
- No access to shared folder HOT 5
- Read-only shared folders HOT 2
- Question: Which version of Samba (v1/v2/v3/v4) is being used, and can it be changed for best performance? HOT 5
- force user = %U with timemachine HOT 5
- Why does turning on time machine modify my read and write permissions HOT 4
- Samba Server not visible HOT 5
- `disable netbios = yes` disregards `$NETBIOS_DISABLE` HOT 1
- Multiline not working HOT 3
- Cannot use UID and GID of a host user HOT 1
- differnce to dperson/samba HOT 1
- How to set the Time Machine share max size differently for different users HOT 6
- Why I can't create file? HOT 2
- Add configuration to change AVAHI service host name HOT 10
- Not Able to Delete Files HOT 25
- auth error when use compose list format HOT 14
- enable encryption HOT 2
- Can't connect on my share remotely and not discovarable HOT 4
- Scheduled Docker builds failing HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samba.