Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added browsable and socket option features #12

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ LABEL mantainer="Eloy Lopez <elswork@gmail.com>" \
org.label-schema.version=$VERSION \
org.label-schema.schema-version="1.0"

RUN apk update && apk upgrade && apk add bash samba-common-tools samba tzdata && rm -rf /var/cache/apk/*
RUN apk update && apk upgrade && apk add --no-cache bash samba-common-tools samba tzdata && rm -rf /var/cache/apk/*

COPY entrypoint.sh /entrypoint.sh
RUN chmod u+x /entrypoint.sh
Expand All @@ -25,4 +25,4 @@ EXPOSE 137/udp 138/udp 139 445
HEALTHCHECK --interval=60s --timeout=15s CMD smbclient -L \\localhost -U % -m SMB3

ENTRYPOINT ["/entrypoint.sh"]
CMD ["-h"]
CMD ["-h"]
27 changes: 17 additions & 10 deletions Readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,27 +47,34 @@ Container will be configured as samba sharing server and it just needs:
- usergroup (wich user must belong) p.e. alice
- password (The password may be different from the user's actual password from your host filesystem)

-s name:path:rw:user1[,user2[,userN]]
-s name:path:show:rw:user1[,user2[,userN]]

- add share, that is visible as 'name', exposing contents of 'path' directory for read+write (rw) or read-only (ro) access for specified logins user1, user2, .., userN
- add a share that is accessible as 'name', exposing contents of 'path' directory. 'show' or 'hidden' controls whether this 'name' is browsable or not. this share also has read+write (rw) or read-only (ro)access control for specified logins user1, user2, .., userN

### Environmental Variable(s)
- `DISABLE_SOCKET_OPTIONS`, by default, the `[global]` section of the container's `smb.conf` will contain the line:
```
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
```
This may cause slow transfer for some use cases. In order to disable this line, add `-e DISABLE_SOCKET_OPTIONS=yes` to `docker run`.

### Serve

Start a samba fileshare.

``` sh
docker run -d -p 445:445 \
docker run -d -p 139:139 -p 445:445 \
-- hostname any-host-name \ # Optional
-e TZ=Europe/Madrid \ # Optional
-v /any/path:/share/data \ # Replace /any/path with some path in your system owned by a real user from your host filesystem
elswork/samba \
-u "1000:1000:alice:alice:put-any-password-here" \ # At least the first user must match (password can be different) with a real user from your host filesystem
-u "1001:1001:bob:bob:secret" \
-u "1002:1002:guest:guest:guest" \
-s "Backup directory:/share/backups:rw:alice,bob" \
-s "Alice (private):/share/data/alice:rw:alice" \
-s "Bob (private):/share/data/bob:rw:bob" \
-s "Documents (readonly):/share/data/documents:ro:guest,alice,bob"
-s "Backup directory:/share/backups:show:rw:alice,bob" \
-s "Alice (private):/share/data/alice:show:rw:alice" \
-s "Bob (private):/share/data/bob:hidden:rw:bob" \ # Bob's private share does not show up when user is browsing the shares
-s "Documents (readonly):/share/data/documents:show:ro:guest,alice,bob"
```

This is my real usage command:
Expand All @@ -76,18 +83,18 @@ This is my real usage command:
docker run -d -p 445:445 -e TZ=Europe/Madrid \
-v /home/pirate/docker/makefile:/share/folder elswork/samba \
-u "1000:1000:pirate:pirate:put-any-password-here" \
-s "SmbShare:/share/folder:rw:pirate"
-s "SmbShare:/share/folder:show:rw:pirate"
```
or this if the user that owns the path to be shared match with the user that raise up the container:

``` sh
docker run -d -p 445:445 --hostname $HOSTNAME -e TZ=Europe/Madrid \
-v /home/pirate/docker/makefile:/share/folder elswork/samba \
-u "$(id -u):$(id -g):$(id -un):$(id -gn):put-any-password-here" \
-s "SmbShare:/share/folder:rw:$(id -un)"
-s "SmbShare:/share/folder:show:rw:$(id -un)"
```

On Windows point your filebrowser to `\\host-ip\` to preview site.

---
**[Sponsor me!](https://github.com/sponsors/elswork) Together we will be unstoppable.**
**[Sponsor me!](https://github.com/sponsors/elswork) Together we will be unstoppable.**
109 changes: 73 additions & 36 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,30 +3,35 @@
CONFIG_FILE="/etc/samba/smb.conf"
FIRSTTIME=true

if [[ -z "$DISABLE_SOCKET_OPTIONS" ]] ; then
COMMENT_IT=""
else
COMMENT_IT="# "
fi

hostname=`hostname`
set -e
cat >"$CONFIG_FILE" <<EOT
[global]
workgroup = WORKGROUP
netbios name = $hostname
server string = $hostname
security = user
create mask = 0664
directory mask = 0775
force create mode = 0664
force directory mode = 0775
#force user = smbuser
#force group = smbuser
server string = foofoo
log file = /var/log/samba/log.%m
log level = 1
# Cap the size of the individual log files (in KiB).
max log size = 1000
logging = file
# panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
map to guest = bad user
min protocol = SMB2
${COMMENT_IT}socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
guest account = nobody
max log size = 50
map to guest = bad user
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
dns proxy = no

EOT

while getopts ":u:s:h" opt; do
Expand All @@ -50,10 +55,12 @@ Container will be configured as samba sharing server and it just needs:
add a usergroup (wich user must belong) p.e. alice
protected by 'password' (The password may be different from the user's actual password from your host filesystem)

-s name:path:rw:user1[,user2[,userN]]
add share, that is visible as 'name', exposing
contents of 'path' directory for read+write (rw)
or read-only (ro) access for specified logins
-s name:path:show:rw:user1[,user2[,userN]]
add a share that is accessible as 'name', exposing
contents of 'path' directory. 'show' or 'noshow'
controls whether this 'name' is browsable or not.
this share also has read+write (rw) or read-only (ro)
access control for specified logins
user1, user2, .., userN

To adjust the global samba options, create a volume mapping to /config
Expand All @@ -66,10 +73,10 @@ docker run -d -p 445:445 \\
-u "1000:1000:alice:alice:put-any-password-here" \\ # At least the first user must match (password can be different) with a real user from your host filesystem
-u "1001:1001:bob:bob:secret" \\
-u "1002:1002:guest:guest:guest" \\
-s "Backup directory:/share/backups:rw:alice,bob" \\
-s "Alice (private):/share/data/alice:rw:alice" \\
-s "Bob (private):/share/data/bob:rw:bob" \\
-s "Documents (readonly):/share/data/documents:ro:guest,alice,bob"
-s "Backup directory:/share/backups:show:rw:alice,bob" \\
-s "Alice (private):/share/data/alice:show:rw:alice" \\
-s "Bob (private):/share/data/bob:hidden:rw:bob" \\ # Bob's private share does not show up when user is browsing the shares
-s "Documents (readonly):/share/data/documents:show:ro:guest,alice,bob"

EOH
exit 1
Expand All @@ -89,32 +96,62 @@ EOH
;;
s)
echo -n "Add share "
IFS=: read sharename sharepath readwrite users <<<"$OPTARG"
IFS=: read sharename sharepath show readwrite users <<<"$OPTARG"
echo -n "'$sharename' "
echo "[$sharename]" >>"$CONFIG_FILE"
echo -n "path '$sharepath' "
echo "path = \"$sharepath\"" >>"$CONFIG_FILE"
echo -n "read"
if [[ "rw" = "$readwrite" ]] ; then
echo -n "+write "
echo "read only = no" >>"$CONFIG_FILE"
echo "writable = yes" >>"$CONFIG_FILE"

if [[ "show" = "$show" ]] ; then
echo -n "browseable "
# echo "browseable = yes" >>"$CONFIG_FILE" # browseable = yes is the default behavior
else
echo -n "-only "
echo "read only = yes" >>"$CONFIG_FILE"
echo "writable = no" >>"$CONFIG_FILE"
echo -n "not-browseable "
echo "browseable = no" >>"$CONFIG_FILE"
fi

# echo -n "read"
# if [[ "rw" = "$readwrite" ]] ; then
# echo -n "+write "
# echo "read only = no" >>"$CONFIG_FILE"
# echo "writable = yes" >>"$CONFIG_FILE"
# else
# echo -n "-only "
# echo "read only = yes" >>"$CONFIG_FILE"
# echo "writable = no" >>"$CONFIG_FILE"
# fi

if [[ -z "$users" ]] ; then
echo -n "for guests: "
echo "browseable = yes" >>"$CONFIG_FILE"
echo "guest ok = yes" >>"$CONFIG_FILE"
echo "public = yes" >>"$CONFIG_FILE"
if [[ "rw" = "$readwrite" ]] ; then
echo "(read-write)"
echo "read only = no" >>"$CONFIG_FILE"
echo "force directory mode = 2777" >>"$CONFIG_FILE"
echo "force create mode = 0666" >>"$CONFIG_FILE"
else
echo -n "(read-only)"
echo "force directory mode = 2775" >>"$CONFIG_FILE"
echo "force create mode = 0664" >>"$CONFIG_FILE"
fi
# echo "public = yes" >>"$CONFIG_FILE"
else
echo -n "for users: "
users=$(echo "$users" |tr "," " ")
echo -n "$users "
# echo "guest ok = no" >>"$CONFIG_FILE"
echo "valid users = $users" >>"$CONFIG_FILE"
echo "write list = $users" >>"$CONFIG_FILE"
# echo "read list = $users" >>"$CONFIG_FILE"
if [[ "rw" = "$readwrite" ]] ; then
echo "(read-write)"
echo "write list = $users" >>"$CONFIG_FILE"
else
echo "(read-only)"
echo "read list = $users" >>"$CONFIG_FILE"
fi
echo "force directory mode = 2770" >>"$CONFIG_FILE"
echo "force create mode = 0660" >>"$CONFIG_FILE"

fi
echo "DONE"
;;
Expand All @@ -129,4 +166,4 @@ EOH
esac
done
nmbd -D
exec ionice -c 3 smbd -FS --no-process-group --configfile="$CONFIG_FILE" < /dev/null
exec ionice -c 3 smbd -FS --no-process-group --configfile="$CONFIG_FILE" < /dev/null