728 shaares
1 result
tagged
UserNS
Build a tailored configuration:
mkdir -p ~/.config/samba
vi .config/samba/samba.json
In this file paste the following structure:
{
"samba-container-config": "v0",
"configs": {
"config1": {
"instance_name": "SAMBA",
"instance_features": [],
"shares": [
"share1",
"share2"
],
"globals": [
"default"
]
}
},
"shares": {
"share1": {
"options": {
"path": "/share1",
"valid users": "username"
}
},
"share2": {
"options": {
"path": "/share2",
"valid users": "username"
},
"permissions": {
"method": "initialize-share-perms",
"status_xattr": "user.share-perms-status",
"mode": "0755"
}
}
},
"globals": {
"default": {
"options": {
"security": "user",
"server min protocol": "SMB2",
"load printers": "no",
"printing": "bsd",
"printcap name": "/dev/null",
"disable spoolss": "yes",
"guest ok": "no"
}
}
},
"users": {
"all_entries": [
{
"name": "username",
"uid": 1000,
"gid": 1000,
"password": "password_cleartext"
}
]
},
"groups": {
"all_entries": [
{
"name": "usergroup",
"gid": 1000
}
]
}
}
Make sure uid and gid match the uid and gid of the file owner on the host. If you have files with deviating ownership you might have change ownership before the service comes up otherwise it might fail.
Now create the corresponding podman quadlet:
mkdir -p ~/.config/containers/systemd/
vi ~/.config/containers/systemd/samba.container
Paste the following content:
[Unit]
Description=Podman samba.service
Wants=network-online.target
After=network-online.target
[Service]
Restart=on-failure
TimeoutStartSec=900
[Container]
Image=quay.io/samba.org/samba-server:latest
AutoUpdate=registry
PublishPort=10445:445
#UserNS=keep-id:uid=1000,gid=1000
Environment=SAMBACC_CONFIG=/etc/samba-container/samba.json
Environment=SAMBA_CONTAINER_ID=config1
Volume=%h/.config/samba:/etc/samba-container:Z
# Folders to share
Volume=%h/path/to/share1:/share1:Z
Volume=%h/path/to/share2:/share2:Z
[Install]
WantedBy=default.target
Now test the quadlet:
systemctl --user daemon-reload
systemctl --user start samba
If the container comes up as expected you need to forward the firewall from the priviledged low port to the unprivileged low port and open the samba port in the firewall:
firewall-cmd --add-service=samba --permanent
firewall-cmd --add-forward-port=port=445:proto=tcp:toport=10445 --permanent
This should be it.
mkdir -p ~/.config/samba
vi .config/samba/samba.json
In this file paste the following structure:
{
"samba-container-config": "v0",
"configs": {
"config1": {
"instance_name": "SAMBA",
"instance_features": [],
"shares": [
"share1",
"share2"
],
"globals": [
"default"
]
}
},
"shares": {
"share1": {
"options": {
"path": "/share1",
"valid users": "username"
}
},
"share2": {
"options": {
"path": "/share2",
"valid users": "username"
},
"permissions": {
"method": "initialize-share-perms",
"status_xattr": "user.share-perms-status",
"mode": "0755"
}
}
},
"globals": {
"default": {
"options": {
"security": "user",
"server min protocol": "SMB2",
"load printers": "no",
"printing": "bsd",
"printcap name": "/dev/null",
"disable spoolss": "yes",
"guest ok": "no"
}
}
},
"users": {
"all_entries": [
{
"name": "username",
"uid": 1000,
"gid": 1000,
"password": "password_cleartext"
}
]
},
"groups": {
"all_entries": [
{
"name": "usergroup",
"gid": 1000
}
]
}
}
Make sure uid and gid match the uid and gid of the file owner on the host. If you have files with deviating ownership you might have change ownership before the service comes up otherwise it might fail.
Now create the corresponding podman quadlet:
mkdir -p ~/.config/containers/systemd/
vi ~/.config/containers/systemd/samba.container
Paste the following content:
[Unit]
Description=Podman samba.service
Wants=network-online.target
After=network-online.target
[Service]
Restart=on-failure
TimeoutStartSec=900
[Container]
Image=quay.io/samba.org/samba-server:latest
AutoUpdate=registry
PublishPort=10445:445
#UserNS=keep-id:uid=1000,gid=1000
Environment=SAMBACC_CONFIG=/etc/samba-container/samba.json
Environment=SAMBA_CONTAINER_ID=config1
Volume=%h/.config/samba:/etc/samba-container:Z
# Folders to share
Volume=%h/path/to/share1:/share1:Z
Volume=%h/path/to/share2:/share2:Z
[Install]
WantedBy=default.target
Now test the quadlet:
systemctl --user daemon-reload
systemctl --user start samba
If the container comes up as expected you need to forward the firewall from the priviledged low port to the unprivileged low port and open the samba port in the firewall:
firewall-cmd --add-service=samba --permanent
firewall-cmd --add-forward-port=port=445:proto=tcp:toport=10445 --permanent
This should be it.
