DockerFiles/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix -G parameters not overriding global settings for shares

Browse Source 
Problem: When using environment variables, GENERIC was processed before
SHARE, so share sections didn't exist when -G options tried to modify them.
Also, \s regex was not POSIX-compatible for Alpine/busybox.

Changes:
- Reorder env var processing: GLOBAL -> SHARE -> GENERIC
- Replace \s with [[:space:]] in regex patterns
- Add ^ anchor to sed append command
- Add CHANGELOG.md documenting the fix
- Update README.md (sync with Russian version)
- Update README_RU.md with troubleshooting section

🤖 Generated with [Claude Code](https://claude.ai/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Struchkov Mark
2026-01-07 22:09:31 +03:00
parent e8289e9b64
commit b8103cc60a
4 changed files with 634 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
CHANGELOG.md Normal file
View File

@@ -0,0 +1,35 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [Unreleased]
### Fixed
- **Share-specific parameters not overriding global settings** ([#issue](https://github.com/upagge/samba/issues))
**Problem**: When creating public shares with guest write access, the `-G` parameters for individual shares did not override the global `force user` and `force group` settings from the base `smb.conf`.
Example that didn't work:
```bash
-s "public;/cloud/share;yes;no;yes"
-G "public;force user = nobody"
-G "public;force group = nogroup"
```
`testparm -s` showed that the share used global `force user = smbuser` and `force group = smb` instead of the specified values.
**Root cause**:
1. When using environment variables, `GENERIC` was processed **before** `SHARE`, so share sections didn't exist when `-G` options tried to modify them.
2. The regex `\s` in sed was not POSIX-compatible for Alpine/busybox.
**Solution**:
- Reordered environment variable processing: `SHARE` is now processed before `GENERIC`
- Replaced `\s` with POSIX-compatible `[[:space:]]` in regex patterns
- Added `^` anchor to sed append command for precise matching
### Changed
- Environment variable processing order: `GLOBAL` -> `SHARE` -> `GENERIC` (was: `GENERIC` -> `GLOBAL` -> `SHARE`)

388
README.md
View File

@@ -2,169 +2,317 @@
# Samba # Samba
Samba docker container Docker container for Samba file server.
# Fork changes ## About the Fork
This repository is a fork of the https://github.com/dperson/samba project, since dperson/samba stopped being updated a long time ago. This version contains the current samba for the current version of alpine.
## Samba Version This repository is a fork of the [dperson/samba](https://github.com/dperson/samba) project, which has not been updated for a long time. This version contains the current Samba version for the current Alpine Linux version.
The image tags correspond to the version of samba that is in the container. Use the need tag if you need the version you need. The latest stable version is always tagged latest, and the development version is always tagged develop.
At the moment, the current version of samba will be the one that is available for installation in the alpine image. So if you see that samba has new versions, but they are still not available in this image, it most likely means that the samba version has not been updated in alpine. ## Samba Versions
# What is Samba? Image tags correspond to the Samba version in the container. Use the appropriate tag to get the required version. The latest stable version always has the `latest` tag, and the development version has the `develop` tag.
Since 1992, Samba has provided secure, stable and fast file and print services The Samba version corresponds to what is available for installation in Alpine. If a new Samba version is not yet available in the image, it means it has not been updated in Alpine yet.
for all clients using the SMB/CIFS protocol, such as all versions of DOS and
Windows, OS/2, Linux and many others.
# How to use this image ## What is Samba?
By default there are no shares configured, additional ones can be added. Since 1992, Samba has provided secure, stable, and fast file and print services for all clients using the SMB/CIFS protocol: all versions of DOS and Windows, OS/2, Linux, and many others.
## Hosting a Samba instance ## Image Features
sudo docker run -it -p 139:139 -p 445:445 -d upagge/samba -p - Alpine Linux base image (minimal size)
- SMB2/SMB3 support (SMB1 disabled by default)
- Time Machine support for macOS
- Built-in recycle bin
- Optimized performance settings
- Healthcheck for status monitoring
OR set local storage: ## Quick Start
sudo docker run -it --name samba -p 139:139 -p 445:445 \ ### Run with default settings
```bash
docker run -it -p 139:139 -p 445:445 -d upagge/samba -p
```
### Run with local storage
```bash
docker run -it --name samba -p 139:139 -p 445:445 \
-v /path/to/directory:/mount \ -v /path/to/directory:/mount \
-d upagge/samba -p -d upagge/samba -p
```
### Run with docker-compose
```yaml
services:
samba:
image: upagge/samba
restart: unless-stopped
ports:
- "139:139/tcp"
- "445:445/tcp"
volumes:
- /mnt/data:/share
command: '-s "Data;/share;yes;no;no" -u "user;password" -p'
```
## Configuration ## Configuration
sudo docker run -it --rm upagge/samba -h ### Help
Usage: samba.sh [-opt] [command]
Options (fields in '[]' are optional, '<>' are required):
-h This help
-c "<from:to>" setup character mapping for file/directory names
required arg: "<from:to>" character mappings separated by ','
-G "<section;parameter>" Provide generic section option for smb.conf
required arg: "<section>" - IE: "share"
required arg: "<parameter>" - IE: "log level = 2"
-g "<parameter>" Provide global option for smb.conf
required arg: "<parameter>" - IE: "log level = 2"
-i "<path>" Import smbpassword
required arg: "<path>" - full file path in container
-n Start the 'nmbd' daemon to advertise the shares
-p Set ownership and permissions on the shares
-r Disable recycle bin for shares
-S Disable SMB2 minimum version
-s "<name;/path>[;browse;readonly;guest;users;admins;writelist;comment]"
Configure a share
required arg: "<name>;</path>"
<name> is how it's called for clients
<path> path to share
NOTE: for the default values, just leave blank
[browsable] default:'yes' or 'no'
[readonly] default:'yes' or 'no'
[guest] allowed default:'yes' or 'no'
NOTE: for user lists below, usernames are separated by ','
[users] allowed default:'all' or list of allowed users
[admins] allowed default:'none' or list of admin users
[writelist] list of users that can write to a RO share
[comment] description of share
-u "<username;password>[;ID;group;GID]" Add a user
required arg: "<username>;<passwd>"
<username> for user
<password> for user
[ID] for user
[group] for user
[GID] for group
-w "<workgroup>" Configure the workgroup (domain) samba should use
required arg: "<workgroup>"
<workgroup> for samba
-W Allow access wide symbolic links
-I Add an include option at the end of the smb.conf
required arg: "<include file path>"
<include file path> in the container, e.g. a bind mount
The 'command' (if provided and valid) will be run instead of samba ```bash
docker run -it --rm upagge/samba -h
```
ENVIRONMENT VARIABLES ### Command Line Options
* `CHARMAP` - As above, configure character mapping | Option | Description |
* `GENERIC` - As above, configure a generic section option (See NOTE3 below) |--------|-------------|
* `GLOBAL` - As above, configure a global option (See NOTE3 below) | `-h` | Show help |
* `IMPORT` - As above, import a smbpassword file | `-c "<from:to>"` | Set up character mapping for file/directory names |
* `NMBD` - As above, enable nmbd | `-g "<parameter>"` | Add global option to smb.conf |
* `PERMISSIONS` - As above, set file permissions on all shares | `-G "<section;parameter>"` | Add option to specific smb.conf section |
* `RECYCLE` - As above, disable recycle bin | `-i "<path>"` | Import smbpasswd file |
* `SHARE` - As above, setup a share (See NOTE3 below) | `-n` | Start nmbd daemon to advertise shares |
* `SMB` - As above, disable SMB2 minimum version | `-p` | Set ownership and permissions on shares |
* `TZ` - Set a timezone, IE `EST5EDT` | `-r` | Disable recycle bin for shares |
* `USER` - As above, setup a user (See NOTE3 below) | `-S` | Disable SMB2 minimum version |
* `WIDELINKS` - As above, allow access wide symbolic links | `-t` | Enable Time Machine support for macOS |
* `WORKGROUP` - As above, set workgroup | `-s` | Configure a share (see format below) |
* `USERID` - Set the UID for the samba server's default user (smbuser) | `-u` | Add a user (see format below) |
* `GROUPID` - Set the GID for the samba server's default user (smbuser) | `-w "<workgroup>"` | Configure workgroup (domain) |
* `INCLUDE` - As above, add a smb.conf include | `-W` | Allow wide symbolic links |
| `-I "<path>"` | Add include at the end of smb.conf |
**NOTE**: if you enable nmbd (via `-n` or the `NMBD` environment variable), you ### Share Parameter Format (-s)
will also want to expose port 137 and 138 with `-p 137:137/udp -p 138:138/udp`.
**NOTE2**: there are reports that `-n` and `NMBD` only work if you have the ```
container configured to use the hosts network stack. -s "<name;/path>[;browse;readonly;guest;users;admins;writelist;comment]"
```
**NOTE3**: optionally supports additional variables starting with the same name, | Field | Default | Description |
IE `SHARE` also will work for `SHARE2`, `SHARE3`... `SHAREx`, etc. |-------|---------|-------------|
| `name` | required | Share name for clients |
| `/path` | required | Path to share directory |
| `browse` | yes | Visible in network browsing (yes/no) |
| `readonly` | yes | Read-only (yes/no) |
| `guest` | yes | Allow guest access (yes/no) |
| `users` | all | List of allowed users (comma-separated) |
| `admins` | none | List of share administrators (comma-separated) |
| `writelist` | — | Users with write access on RO share |
| `comment` | — | Share description |
### User Parameter Format (-u)
```
-u "<name;password>[;ID;group;GID]"
```
| Field | Description |
|-------|-------------|
| `name` | Username (required) |
| `password` | User password (required) |
| `ID` | User UID (optional) |
| `group` | User group (optional) |
| `GID` | Group GID (optional) |
### Environment Variables
| Variable | Description |
|----------|-------------|
| `CHARMAP` | Character mapping |
| `GENERIC` | Section-specific option (supports GENERIC2, GENERIC3...) |
| `GLOBAL` | Global option (supports GLOBAL2, GLOBAL3...) |
| `IMPORT` | Path to smbpasswd file for import |
| `NMBD` | Enable nmbd daemon |
| `PERMISSIONS` | Set permissions on shares |
| `RECYCLE` | Disable recycle bin |
| `SHARE` | Share configuration (supports SHARE2, SHARE3...) |
| `SMB` | Disable SMB2 minimum version |
| `TIMEMACHINE` | Enable Time Machine support |
| `TZ` | Timezone (e.g., `Europe/London`) |
| `USER` | User configuration (supports USER2, USER3...) |
| `WIDELINKS` | Allow wide symbolic links |
| `WORKGROUP` | Workgroup |
| `USERID` | UID for smbuser |
| `GROUPID` | GID for smb group |
| `INCLUDE` | Path to additional config file |
## Examples ## Examples
Any of the commands can be run at creation with `docker run` or later with
`docker exec -it samba samba.sh` (as of version 1.3 of docker).
### Setting the Timezone ### Setting the Timezone
sudo docker run -it -e TZ=EST5EDT -p 139:139 -p 445:445 -d upagge/samba -p ```bash
docker run -it -e TZ=Europe/London -p 139:139 -p 445:445 -d upagge/samba -p
```
### Start an instance creating users and shares: ### Creating Users and Shares
sudo docker run -it -p 139:139 -p 445:445 -d upagge/samba -p \ ```bash
-u "example1;badpass" \ docker run -it -p 139:139 -p 445:445 -d upagge/samba -p \
-u "example2;badpass" \ -u "user1;password1" \
-s "public;/share" \ -u "user2;password2" \
-s "users;/srv;no;no;no;example1,example2" \ -s "public;/share;yes;no;yes" \
-s "example1 private share;/example1;no;no;no;example1" \ -s "users;/srv;no;no;no;user1,user2" \
-s "example2 private share;/example2;no;no;no;example2" -s "user1_private;/user1;no;no;no;user1" \
-s "user2_private;/user2;no;no;no;user2"
```
# User Feedback ### Enabling Time Machine
```bash
docker run -it -p 139:139 -p 445:445 -d upagge/samba -p -t \
-u "macuser;password" \
-s "TimeMachine;/backup;no;no;no;macuser"
```
### Using Environment Variables
```bash
docker run -it -p 139:139 -p 445:445 \
-e SHARE="Data;/data;yes;no;no" \
-e SHARE2="Backup;/backup;yes;yes;no" \
-e USER="admin;secretpass" \
-e PERMISSIONS="true" \
-e TZ="Europe/London" \
-v /mnt/data:/data \
-v /mnt/backup:/backup \
-d upagge/samba
```
### Full docker-compose.yml
```yaml
services:
samba:
image: upagge/samba
restart: unless-stopped
environment:
TZ: 'Europe/London'
SHARE: "Documents;/documents;yes;no;no;user1,user2"
SHARE2: "Media;/media;yes;yes;yes"
USER: "user1;${SAMBA_USER1_PASSWORD}"
USER2: "user2;${SAMBA_USER2_PASSWORD}"
PERMISSIONS: "true"
ports:
- "139:139/tcp"
- "445:445/tcp"
volumes:
- /mnt/documents:/documents
- /mnt/media:/media
deploy:
resources:
limits:
memory: 512M
healthcheck:
test: ["CMD", "smbclient", "-L", "\\\\localhost", "-U", "%", "-m", "SMB3"]
interval: 60s
timeout: 15s
start_period: 10s
retries: 3
```
## Ports
| Port | Protocol | Description |
|------|----------|-------------|
| 137 | UDP | NetBIOS Name Service (only with `-n`) |
| 138 | UDP | NetBIOS Datagram Service (only with `-n`) |
| 139 | TCP | SMB over NetBIOS |
| 445 | TCP | SMB direct |
**Note**: Ports 137 and 138 are only needed when using the `-n` flag or `NMBD` variable.
## Troubleshooting ## Troubleshooting
* You get the error `Access is denied` (or similar) on the client and/or see ### -G Parameters for Shares Not Overriding Global Settings
`change_to_user_internal: chdir_current_service() failed!` in the container
logs.
Add the `-p` option to the end of your options to the container, or set the If `-G` parameters for individual shares do not override global `force user` and `force group` settings, make sure you are using the latest version of the image.
`PERMISSIONS` environment variable.
sudo docker run -it --name samba -p 139:139 -p 445:445 \ **This issue has been fixed**: when using environment variables, `GENERIC` was processed before `SHARE`, so share sections did not exist yet. The processing order has now been corrected.
Example of correct usage:
```bash
docker run -it -p 139:139 -p 445:445 -d upagge/samba \
-s "public;/cloud/share;yes;no;yes" \
-G "public;force user = nobody" \
-G "public;force group = nogroup" \
-G "public;guest ok = yes" \
-G "public;read only = no"
```
Or with environment variables:
```bash
docker run -it -p 139:139 -p 445:445 \
-e SHARE="public;/cloud/share;yes;no;yes" \
-e GENERIC="public;force user = nobody" \
-e GENERIC2="public;force group = nogroup" \
-d upagge/samba
```
### "Access is denied" Error
If you get an `Access is denied` error or see `change_to_user_internal: chdir_current_service() failed!` in the logs:
```bash
docker run -it --name samba -p 139:139 -p 445:445 \
-v /path/to/directory:/mount \ -v /path/to/directory:/mount \
-d upagge/samba -p -d upagge/samba -p
```
If changing the permissions of your files is not possible in your setup you Add the `-p` flag or set the `PERMISSIONS=true` variable.
can instead set the environment variables `USERID` and `GROUPID` to the
values of the owner of your files.
* High memory usage by samba. Multiple people have reported high memory usage If changing permissions is not possible, use the `USERID` and `GROUPID` variables:
that's never freed by the samba processes. Recommended work around below:
Add the `-m 512m` option to docker run command, or `mem_limit:` in ```bash
docker_compose.yml files, IE: docker run -it --name samba -p 139:139 -p 445:445 \
-e USERID=1000 \
-e GROUPID=1000 \
-v /path/to/directory:/mount \
-d upagge/samba
```
sudo docker run -it --name samba -m 512m -p 139:139 -p 445:445 \ ### High Memory Usage
Limit container memory:
```bash
docker run -it --name samba -m 512m -p 139:139 -p 445:445 \
-v /path/to/directory:/mount \ -v /path/to/directory:/mount \
-d upagge/samba -p -d upagge/samba -p
```
* Attempting to connect with the `smbclient` commandline tool. By default samba ### Connecting via smbclient
still tries to use SMB1, which is depriciated and has security issues. This
container defaults to SMB2, which for no decernable reason even though it's
supported is disabled by default so run the command as `smbclient -m SMB3`, then
any other options you would specify.
## Issues By default, smbclient tries to use SMB1. Use the `-m SMB3` flag:
If you have any problems with or questions about this image, please contact me ```bash
through a [GitHub issue](https://github.com/upagge/samba/issues). smbclient -L \\localhost -U % -m SMB3
smbclient //localhost/share -U user -m SMB3
```
### NetBIOS Not Working
When using `-n` or `NMBD`, host network mode may be required:
```bash
docker run -it --network host \
-e NMBD=true \
-d upagge/samba -n -p \
-s "share;/data"
```
## Security
- Only SMB2/SMB3 is used by default (SMB1 disabled)
- Use strong passwords
- Store passwords in `.env` file or Docker secrets
- Restrict share access to specific users
## Feedback
If you have any problems or questions, please create an [issue on GitHub](https://github.com/upagge/samba/issues).

318
README_RU.md Normal file
View File

@@ -0,0 +1,318 @@
[![logo](https://raw.githubusercontent.com/upagge/samba/master/logo.jpg)](https://www.samba.org)
# Samba
Docker-контейнер для файлового сервера Samba.
## О форке
Этот репозиторий является форком проекта [dperson/samba](https://github.com/dperson/samba), который давно не обновлялся. Данная версия содержит актуальную версию Samba для текущей версии Alpine Linux.
## Версии Samba
Теги образа соответствуют версии Samba в контейнере. Используйте нужный тег для получения требуемой версии. Последняя стабильная версия всегда имеет тег `latest`, а версия в разработке — тег `develop`.
Версия Samba соответствует той, что доступна для установки в Alpine. Если новая версия Samba ещё не доступна в образе, это означает, что она ещё не обновлена в Alpine.
## Что такое Samba?
С 1992 года Samba предоставляет безопасные, стабильные и быстрые службы файлов и печати для всех клиентов, использующих протокол SMB/CIFS: все версии DOS и Windows, OS/2, Linux и многие другие.
## Возможности образа
- Базовый образ Alpine Linux (минимальный размер)
- Поддержка SMB2/SMB3 (SMB1 отключён по умолчанию)
- Поддержка Time Machine для macOS
- Встроенная корзина (recycle bin)
- Оптимизированные настройки производительности
- Healthcheck для мониторинга состояния
## Быстрый старт
### Запуск с настройками по умолчанию
```bash
docker run -it -p 139:139 -p 445:445 -d upagge/samba -p
```
### Запуск с локальным хранилищем
```bash
docker run -it --name samba -p 139:139 -p 445:445 \
-v /path/to/directory:/mount \
-d upagge/samba -p
```
### Запуск с docker-compose
```yaml
services:
samba:
image: upagge/samba
restart: unless-stopped
ports:
- "139:139/tcp"
- "445:445/tcp"
volumes:
- /mnt/data:/share
command: '-s "Data;/share;yes;no;no" -u "user;password" -p'
```
## Конфигурация
### Справка по параметрам
```bash
docker run -it --rm upagge/samba -h
```
### Параметры командной строки
| Параметр | Описание |
|----------|----------|
| `-h` | Показать справку |
| `-c "<from:to>"` | Настроить маппинг символов для имён файлов/директорий |
| `-g "<параметр>"` | Добавить глобальную опцию в smb.conf |
| `-G "<секция;параметр>"` | Добавить опцию в конкретную секцию smb.conf |
| `-i "<путь>"` | Импортировать файл smbpasswd |
| `-n` | Запустить демон nmbd для анонсирования шар |
| `-p` | Установить права владения и доступа на шарах |
| `-r` | Отключить корзину для шар |
| `-S` | Отключить минимальную версию SMB2 |
| `-t` | Включить поддержку Time Machine для macOS |
| `-s` | Настроить шару (см. формат ниже) |
| `-u` | Добавить пользователя (см. формат ниже) |
| `-w "<workgroup>"` | Настроить рабочую группу (домен) |
| `-W` | Разрешить широкие символические ссылки |
| `-I "<путь>"` | Добавить include в конец smb.conf |
### Формат параметра шары (-s)
```
-s "<имя;/путь>[;browse;readonly;guest;users;admins;writelist;comment]"
```
| Поле | По умолчанию | Описание |
|------|--------------|----------|
| `имя` | обязательно | Имя шары для клиентов |
| `/путь` | обязательно | Путь к директории шары |
| `browse` | yes | Видимость в сетевом окружении (yes/no) |
| `readonly` | yes | Только для чтения (yes/no) |
| `guest` | yes | Разрешить гостевой доступ (yes/no) |
| `users` | all | Список разрешённых пользователей (через запятую) |
| `admins` | none | Список администраторов шары (через запятую) |
| `writelist` | — | Пользователи с правом записи на RO-шаре |
| `comment` | — | Описание шары |
### Формат параметра пользователя (-u)
```
-u "<имя;пароль>[;ID;группа;GID]"
```
| Поле | Описание |
|------|----------|
| `имя` | Имя пользователя (обязательно) |
| `пароль` | Пароль пользователя (обязательно) |
| `ID` | UID пользователя (опционально) |
| `группа` | Группа пользователя (опционально) |
| `GID` | GID группы (опционально) |
### Переменные окружения
| Переменная | Описание |
|------------|----------|
| `CHARMAP` | Маппинг символов |
| `GENERIC` | Опция для конкретной секции (поддерживает GENERIC2, GENERIC3...) |
| `GLOBAL` | Глобальная опция (поддерживает GLOBAL2, GLOBAL3...) |
| `IMPORT` | Путь к файлу smbpasswd для импорта |
| `NMBD` | Включить демон nmbd |
| `PERMISSIONS` | Установить права на шарах |
| `RECYCLE` | Отключить корзину |
| `SHARE` | Настройка шары (поддерживает SHARE2, SHARE3...) |
| `SMB` | Отключить минимальную версию SMB2 |
| `TIMEMACHINE` | Включить поддержку Time Machine |
| `TZ` | Часовой пояс (например, `Europe/Moscow`) |
| `USER` | Настройка пользователя (поддерживает USER2, USER3...) |
| `WIDELINKS` | Разрешить широкие символические ссылки |
| `WORKGROUP` | Рабочая группа |
| `USERID` | UID для пользователя smbuser |
| `GROUPID` | GID для группы smb |
| `INCLUDE` | Путь к дополнительному конфиг-файлу |
## Примеры
### Установка часового пояса
```bash
docker run -it -e TZ=Europe/Moscow -p 139:139 -p 445:445 -d upagge/samba -p
```
### Создание пользователей и шар
```bash
docker run -it -p 139:139 -p 445:445 -d upagge/samba -p \
-u "user1;password1" \
-u "user2;password2" \
-s "public;/share;yes;no;yes" \
-s "users;/srv;no;no;no;user1,user2" \
-s "user1_private;/user1;no;no;no;user1" \
-s "user2_private;/user2;no;no;no;user2"
```
### Включение Time Machine
```bash
docker run -it -p 139:139 -p 445:445 -d upagge/samba -p -t \
-u "macuser;password" \
-s "TimeMachine;/backup;no;no;no;macuser"
```
### Использование переменных окружения
```bash
docker run -it -p 139:139 -p 445:445 \
-e SHARE="Data;/data;yes;no;no" \
-e SHARE2="Backup;/backup;yes;yes;no" \
-e USER="admin;secretpass" \
-e PERMISSIONS="true" \
-e TZ="Europe/Moscow" \
-v /mnt/data:/data \
-v /mnt/backup:/backup \
-d upagge/samba
```
### Полный docker-compose.yml
```yaml
services:
samba:
image: upagge/samba
restart: unless-stopped
environment:
TZ: 'Europe/Moscow'
SHARE: "Documents;/documents;yes;no;no;user1,user2"
SHARE2: "Media;/media;yes;yes;yes"
USER: "user1;${SAMBA_USER1_PASSWORD}"
USER2: "user2;${SAMBA_USER2_PASSWORD}"
PERMISSIONS: "true"
ports:
- "139:139/tcp"
- "445:445/tcp"
volumes:
- /mnt/documents:/documents
- /mnt/media:/media
deploy:
resources:
limits:
memory: 512M
healthcheck:
test: ["CMD", "smbclient", "-L", "\\\\localhost", "-U", "%", "-m", "SMB3"]
interval: 60s
timeout: 15s
start_period: 10s
retries: 3
```
## Порты
| Порт | Протокол | Описание |
|------|----------|----------|
| 137 | UDP | NetBIOS Name Service (только с `-n`) |
| 138 | UDP | NetBIOS Datagram Service (только с `-n`) |
| 139 | TCP | SMB over NetBIOS |
| 445 | TCP | SMB напрямую |
**Примечание**: Порты 137 и 138 нужны только при использовании флага `-n` или переменной `NMBD`.
## Решение проблем
### Параметры -G для шар не переопределяют глобальные настройки
Если параметры `-G` для отдельных шар не переопределяют глобальные настройки `force user` и `force group`, убедитесь, что вы используете актуальную версию образа.
**Проблема была исправлена**: при использовании переменных окружения `GENERIC` обрабатывался до `SHARE`, поэтому секции шар ещё не существовали. Теперь порядок обработки исправлен.
Пример корректного использования:
```bash
docker run -it -p 139:139 -p 445:445 -d upagge/samba \
-s "public;/cloud/share;yes;no;yes" \
-G "public;force user = nobody" \
-G "public;force group = nogroup" \
-G "public;guest ok = yes" \
-G "public;read only = no"
```
Или с переменными окружения:
```bash
docker run -it -p 139:139 -p 445:445 \
-e SHARE="public;/cloud/share;yes;no;yes" \
-e GENERIC="public;force user = nobody" \
-e GENERIC2="public;force group = nogroup" \
-d upagge/samba
```
### Ошибка "Access is denied"
Если вы получаете ошибку `Access is denied` или видите в логах `change_to_user_internal: chdir_current_service() failed!`:
```bash
docker run -it --name samba -p 139:139 -p 445:445 \
-v /path/to/directory:/mount \
-d upagge/samba -p
```
Добавьте флаг `-p` или установите переменную `PERMISSIONS=true`.
Если изменение прав невозможно, используйте переменные `USERID` и `GROUPID`:
```bash
docker run -it --name samba -p 139:139 -p 445:445 \
-e USERID=1000 \
-e GROUPID=1000 \
-v /path/to/directory:/mount \
-d upagge/samba
```
### Высокое потребление памяти
Ограничьте память контейнера:
```bash
docker run -it --name samba -m 512m -p 139:139 -p 445:445 \
-v /path/to/directory:/mount \
-d upagge/samba -p
```
### Подключение через smbclient
По умолчанию smbclient пытается использовать SMB1. Используйте флаг `-m SMB3`:
```bash
smbclient -L \\localhost -U % -m SMB3
smbclient //localhost/share -U user -m SMB3
```
### NetBIOS не работает
При использовании `-n` или `NMBD` может потребоваться сетевой режим хоста:
```bash
docker run -it --network host \
-e NMBD=true \
-d upagge/samba -n -p \
-s "share;/data"
```
## Безопасность
- По умолчанию используется только SMB2/SMB3 (SMB1 отключён)
- Рекомендуется использовать сложные пароли
- Храните пароли в `.env` файле или секретах Docker
- Ограничивайте доступ к шарам конкретным пользователям
## Обратная связь
При возникновении проблем или вопросов создайте [issue на GitHub](https://github.com/upagge/samba/issues).

13
samba.sh
View File

@@ -69,11 +69,11 @@ set_config_option() {
key="$(sed 's| *=.*||' <<< "$2")" key="$(sed 's| *=.*||' <<< "$2")"
value="$(sed 's|[^=]*= *||' <<< "$2")" value="$(sed 's|[^=]*= *||' <<< "$2")"
if sed -n '/^\['"$section"'\]/,/^\[/p' "$SMB_CONF" | grep -qE '^;*\s*'"$key"; then if sed -n '/^\['"$section"'\]/,/^\[/p' "$SMB_CONF" | grep -qE '^;*[[:space:]]*'"$key"; then
sed -i '/^\['"$section"'\]/,/^\[/s|^;*\s*\('"$key"' = \).*| \1'"$value"'|' \ sed -i '/^\['"$section"'\]/,/^\[/s|^;*[[:space:]]*\('"$key"' = \).*| \1'"$value"'|' \
"$SMB_CONF" "$SMB_CONF"
else else
sed -i '/\['"$section"'\]/a \ '"$key = $value" "$SMB_CONF" sed -i '/^\['"$section"'\]/a \ '"$key = $value" "$SMB_CONF"
fi fi
} }
@@ -319,9 +319,6 @@ done
shift $(( OPTIND - 1 )) shift $(( OPTIND - 1 ))
[[ "${CHARMAP:-""}" ]] && charmap "$CHARMAP" [[ "${CHARMAP:-""}" ]] && charmap "$CHARMAP"
while read i; do
parse_args "$i"; generic "${PARSED_ARGS[@]}"
done < <(env | awk '/^GENERIC[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}')
while read i; do while read i; do
global "$i" global "$i"
done < <(env | awk '/^GLOBAL[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}') done < <(env | awk '/^GLOBAL[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}')
@@ -330,6 +327,10 @@ done < <(env | awk '/^GLOBAL[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}')
while read i; do while read i; do
parse_args "$i"; share "${PARSED_ARGS[@]}" parse_args "$i"; share "${PARSED_ARGS[@]}"
done < <(env | awk '/^SHARE[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}') done < <(env | awk '/^SHARE[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}')
# Process GENERIC after SHARE so share sections exist
while read i; do
parse_args "$i"; generic "${PARSED_ARGS[@]}"
done < <(env | awk '/^GENERIC[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}')
[[ "${SMB:-""}" ]] && smb [[ "${SMB:-""}" ]] && smb
[[ "${TIMEMACHINE:-""}" ]] && timemachine [[ "${TIMEMACHINE:-""}" ]] && timemachine
while read i; do while read i; do