【实战Docker】Samba服务
【参考】
----------------------------------------------------------------
// 下载镜像
docker pull dperson/samba
// 启动镜像,具体看文档,但重要的配置是以下的注释
docker run --name samba \
-it -p 139:139 -p 445:445 \
-v /home/technofiend:/home/technofiend \ #共享目录
-d dperson/samba \
-u "www;thisispasswd" \ #访问用户
-s "technofiend;/home/technofiend/;yes;no;no;all;none" #共享配置
// 密码跟本机一致,1001为用户id,具体查看你本机的/etc/passwd文件,设置为共享目录所属用户
docker exec -it samba sed -i 's/1000/1001/g' /etc/passwd
// 组跟本机一致,1001为组id,具体查看你本机的/etc/group文件,设置为共享目录所属组
docker exec -it samba sed -i 's/1000/1001/g' /etc/group
// 替换samba的启动用户,与权限有关
docker exec -it samba sed -i 's/force user = smbuser/force user = www/g' /etc/samba/smb.conf
// 替换samba的启动组,与权限有关
docker exec -it samba sed -i 's/force group = users/force group = www/g' /etc/samba/smb.conf
// 重启samba
docker restart samba
用户id那块看清楚了。但docker实例里面新建的第一个用户是1000.这里跟你主机的用户权限需要一直,所以得替换成同样的id,用户和组也得要
就是新进容器建这个用户
----------------------------------------------------------------
----------------------------------------------------------------
docker run -it --name samba -p 139:139 -p 445:445 -v /home:/mount -d dperson/samba -u "www;overkill" -s "www;/mount/;yes;no;no;all;none"
开放了139和445端口。 用服务器访问即可!
要是想把容器的权限与宿主主机的用户权限一致的话,则只需要把用户和组文件映射到容器里面即可:
docker run -it --name samba -p 139:139 -p 445:445 -v /home:/mount -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -d dperson/samba -s "www;/mount/;yes;no;no;all;none"
请注意 -s 参数后面的第一个;前面的是现已存在的用户名。
----------------------------------------------------------------
【实战】
----------------------------------------------------------------
2019.06.04
----------------------------------------------------------------
datadev@data-dev ~/xxxx/docker2019/samba$ cat run-samba.sh
#!/bin/bash
#
# ats-appserv up script
#
# using docker-compose to create all ats app containers
#
sudo docker run -it --name samba \
-p 139:139 -p 445:445 \
-v /data/docker-samba:/mount \
-d dperson/samba:20180228 \
-u "samba;samba" \
-s "pub;/mount/pub" \
-s "atsserv-release;/mount/atsserv-release;yes;no;yes;all;none"
exit
#-v /etc/passwd:/etc/passwd \
#-v /etc/group:/etc/group \
#-u "atssmb;badpass" \
#-u "samba;badpass" \
#-u "xxxx;badpass" \
#-u "samba;overkill" \
#-s "samba;/mount/;yes;no;no;all;none"
#-s "xxxx private;/home/xxxx;yes;no;no;xxxx"
#https://hub.docker.com/r/dperson/samba/
#sudo docker run -it -p 139:139 -p 445:445 -d dperson/samba \
# -u "example1;badpass" \
# -u "example2;badpass" \
# -s "public;/share" \
# -s "users;/srv;no;no;no;example1,example2" \
# -s "example1 private;/example1;no;no;no;example1" \
# -s "example2 private;/example2;no;no;no;example2"
exit
datadev@data-dev ~/xxxx/docker2019/samba$
----------------------------------------------------------------
2019.06.04
https://hub.docker.com/r/dperson/samba
dperson/samba
By dperson • Updated 6 months ago
------------------------------------------------------------------
docker pull dperson/samba:latest
Tags (5)
armhf 24 MB
Last update: 6 months ago (November 26, 2018 08:06 PM)
aarch64 24 MB
Last update: 6 months ago (November 26, 2018 08:06 PM)
latest 17 MB
Last update: 6 months ago (November 26, 2018 08:06 PM)
armv7hf 72 MB
Last update: 2 years ago
rpi 85 MB
Last update: 2 years ago
------------------------------------------------------------------
Dockerfile
FROM balenalib/armv7hf-alpine
MAINTAINER David Personette <dperson@gmail.com>
# Install samba
RUN ["cross-build-start"]
RUN apk --no-cache --no-progress upgrade && \
apk --no-cache --no-progress add bash samba shadow tini && \
adduser -D -G users -H -S -g 'Samba User' -h /tmp smbuser && \
file="/etc/samba/smb.conf" && \
sed -i 's|^;* *\(log file = \).*| \1/dev/stdout|' $file && \
sed -i 's|^;* *\(load printers = \).*| \1no|' $file && \
sed -i 's|^;* *\(printcap name = \).*| \1/dev/null|' $file && \
sed -i 's|^;* *\(printing = \).*| \1bsd|' $file && \
sed -i 's|^;* *\(unix password sync = \).*| \1no|' $file && \
sed -i 's|^;* *\(preserve case = \).*| \1yes|' $file && \
sed -i 's|^;* *\(short preserve case = \).*| \1yes|' $file && \
sed -i 's|^;* *\(default case = \).*| \1lower|' $file && \
sed -i '/Share Definitions/,$d' $file && \
echo ' pam password change = yes' >>$file && \
echo ' map to guest = bad user' >>$file && \
echo ' usershare allow guests = yes' >>$file && \
echo ' create mask = 0664' >>$file && \
echo ' force create mode = 0664' >>$file && \
echo ' directory mask = 0775' >>$file && \
echo ' force directory mode = 0775' >>$file && \
echo ' force user = smbuser' >>$file && \
echo ' force group = users' >>$file && \
echo ' follow symlinks = yes' >>$file && \
echo ' load printers = no' >>$file && \
echo ' printing = bsd' >>$file && \
echo ' printcap name = /dev/null' >>$file && \
echo ' disable spoolss = yes' >>$file && \
echo ' socket options = TCP_NODELAY' >>$file && \
echo ' strict locking = no' >>$file && \
echo ' vfs objects = acl_xattr catia fruit recycle streams_xattr' \
>>$file && \
echo ' recycle:keeptree = yes' >>$file && \
echo ' recycle:versions = yes' >>$file && \
echo '' >>$file && \
echo ' # Security' >>$file && \
echo ' client ipc max protocol = default' >>$file && \
echo ' client max protocol = default' >>$file && \
echo ' server max protocol = SMB3' >>$file && \
echo ' client ipc min protocol = default' >>$file && \
echo ' client min protocol = CORE' >>$file && \
echo ' server min protocol = SMB2' >>$file && \
echo '' >>$file && \
echo ' # Time Machine' >>$file && \
echo ' durable handles = yes' >>$file && \
echo ' kernel oplocks = no' >>$file && \
echo ' kernel share modes = no' >>$file && \
echo ' posix locking = no' >>$file && \
echo ' fruit:aapl = yes' >>$file && \
echo ' fruit:advertise_fullsync = true' >>$file && \
echo ' fruit:time machine = yes' >>$file && \
echo ' smb2 leases = yes' >>$file && \
echo '' >>$file && \
rm -rf /tmp/*
RUN ["cross-build-end"]
COPY samba.sh /usr/bin/
EXPOSE 137/udp 138/udp 139 445
HEALTHCHECK --interval=60s --timeout=15s \
CMD smbclient -L '\\localhost' -U '%' -m SMB3
VOLUME ["/etc", "/var/cache/samba", "/var/lib/samba", "/var/log/samba",\
"/run/samba"]
ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/samba.sh"]
------------------------------------------------------------------
logo
Samba
Samba docker container
What is Samba?
Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows,
OS/2, Linux and many others.
How to use this image
By default there are no shares configured, additional ones can be added.
Hosting a Samba instance
sudo docker run -it -p 139:139 -p 445:445 -d dperson/samba
OR set local storage:
sudo docker run -it --name samba -p 139:139 -p 445:445 \
-v /path/to/directory:/mount \
-d dperson/samba
Configuration
sudo docker run -it --rm dperson/samba -h
Usage: samba.sh [-opt] [command]
Options (fields in '[]' are optional, '<>' are required):
-h This help
-c "<from:to>" setup character mapping for file/directory names
required arg: "<from:to>" character mappings separated by ','
-g "<parameter>" Provide global option for smb.conf
required arg: "<parameter>" - IE: -g "log level = 2"
-i "<path>" Import smbpassword
required arg: "<path>" - full file path in container
-n Start the 'nmbd' daemon to advertise the shares
-p Set ownership and permissions on the shares
-r Disable recycle bin for shares
-S Disable SMB2 minimum version
-s "<name;>[;browse;readonly;guest;users;admins;writelist;comment]"
Configure a share
required arg: "<name>;</name></name;></path>"
<name> is how it's called for clients
<path> path to share
NOTE: for the default values, just leave blank
[browsable] default:'yes' or 'no'
[readonly] default:'yes' or 'no'
[guest] allowed default:'yes' or 'no'
[users] allowed default:'all' or list of allowed users
[admins] allowed default:'none' or list of admin users
[writelist] list of users that can write to a RO share
[comment] description of share
-u "<username;password>[;ID;group]" Add a user
required arg: "<username>;<passwd>"
<username> for user
<password> for user
[ID] for user
[group] for user
-w "<workgroup>" Configure the workgroup (domain) samba should use
required arg: "<workgroup>"
<workgroup> for samba
-W Allow access wide symbolic links
-I Add an include option at the end of the smb.conf
required arg: "<include>"
<include> in the container, e.g. a bind mount
The 'command' (if provided and valid) will be run instead of samba
ENVIRONMENT VARIABLES
CHARMAP - As above, configure character mapping
GLOBAL - As above, configure a global option
IMPORT - As above, import a smbpassword file
NMBD - As above, enable nmbd
PERMISSIONS - As above, set file permissions on all shares
RECYCLE - As above, disable recycle bin
SHARE - As above, setup a share
SMB - As above, disable SMB2 minimum version
TZ - Set a timezone, IE EST5EDT
USER - As above, setup a user
WIDELINKS - As above, allow access wide symbolic links
WORKGROUP - As above, set workgroup
USERID - Set the UID for the samba server
GROUPID - Set the GID for the samba server
INCLUDE - As above, add a smb.conf include
NOTE: if you enable nmbd (via -n or the NMBD environment variable), you will also want to expose port 137 and 138 with -p 137:137/udp -p 138:138/udp.
NOTE2: there are reports that -n and NMBD only work if you have the container configured to use the hosts network stack.
Examples
Any of the commands can be run at creation with docker run or later with docker exec -it samba samba.sh (as of version 1.3 of docker).
Setting the Timezone
sudo docker run -it -e TZ=EST5EDT -p 139:139 -p 445:445 -d dperson/samba
Start an instance creating users and shares:
sudo docker run -it -p 139:139 -p 445:445 -d dperson/samba \
-u "example1;badpass" \
-u "example2;badpass" \
-s "public;/share" \
-s "users;/srv;no;no;no;example1,example2" \
-s "example1 private share;/example1;no;no;no;example1" \
-s "example2 private share;/example2;no;no;no;example2"
User Feedback
Issues
If you have any problems with or questions about this image, please contact me through a GitHub issue.</username;password>
----------------------------------------------------------------
********* Add User for samba service ************************
----------------------------------------------------------------
----------------------------------------------------------------
datadev@data-dev ~/xxxx/docker2019/samba$ cat /etc/passwd | grep samba
datadev@data-dev ~/xxxx/docker2019/samba$ sudo useradd samba
datadev@data-dev ~/xxxx/docker2019/samba$ ls /home/
datadev jenkins lost+found
datadev@data-dev ~/xxxx/docker2019/samba$ sudo passwd samba
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
datadev@data-dev ~/xxxx/docker2019/samba$ cat /etc/passwd | grep samba
samba:x:1002:1002::/home/samba:
datadev@data-dev ~/xxxx/docker2019/samba$
----------------------------------------------------------------
datadev@data-dev ~/xxxx/docker2019/samba$ ll /data/samba-testdev/
total 16
drwxr-xr-x 4 root root 4096 Jun 4 21:22 ./
drwxr-xrwx 34 root root 4096 Jun 4 21:19 ../
drwxr-xr-x 2 root root 4096 Jun 4 21:22 public/
drwxr-xr-x 2 root root 4096 Jun 4 21:22 testdev/
datadev@data-dev ~/xxxx/docker2019/samba$
----------------------------------------------------------------
datadev@data-dev ~/xxxx/docker2019/samba$ sudo chown samba.samba /data/samba-testdev/testdev
datadev@data-dev ~/xxxx/docker2019/samba$ ll /data/samba-testdev/
total 16
drwxr-xr-x 4 root root 4096 Jun 4 21:22 ./
drwxr-xrwx 34 root root 4096 Jun 4 21:19 ../
drwxr-xr-x 2 root root 4096 Jun 4 21:22 public/
drwxr-xr-x 2 samba samba 4096 Jun 4 21:22 testdev/
datadev@data-dev ~/xxxx/docker2019/samba$
----------------------------------------------------------------
Can't write to testdev from windows.
----------------------------------------------------------------
datadev@data-dev ~/xxxx/docker2019/samba$ sudo chown samba.samba /data/samba-testdev -R
datadev@data-dev ~/xxxx/docker2019/samba$ ll /data/samba-testdev
total 16
drwxr-xr-x 4 samba samba 4096 Jun 4 21:22 ./
drwxr-xrwx 34 root root 4096 Jun 4 21:19 ../
drwxr-xr-x 2 samba samba 4096 Jun 4 21:22 public/
drwxr-xr-x 2 samba samba 4096 Jun 4 21:22 testdev/
datadev@data-dev ~/xxxx/docker2019/samba$ ll /data/
drwxr-xr-x 4 samba samba 4096 Jun 4 21:22 samba-testdev/
----------------------------------------------------------------
Can't write to testdev from windows.
----------------------------------------------------------------
datadev@data-dev ~/xxxx/docker2019/samba$ sudo chmod oa+w /data/samba-testdev/testdev
datadev@data-dev ~/xxxx/docker2019/samba$ ll /data/samba-testdev
total 16
drwxr-xr-x 4 samba samba 4096 Jun 4 21:22 ./
drwxr-xrwx 34 root root 4096 Jun 4 21:19 ../
drwxr-xr-x 2 samba samba 4096 Jun 4 21:22 public/
drwxrwxrwx 2 samba samba 4096 Jun 4 21:22 testdev/
datadev@data-dev ~/xxxx/docker2019/samba$
----------------------------------------------------------------
OK, it can write files to testdev from windows.
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
docker-compose_samba.yml
----------------------------------------------------------------
version: '2.1'
services:
samba:
image: dperson/samba:20180228
#images: harbor.ratp.com/library/dperson/samba:latest
hostname: samba
container_name: samba
restart: always
ports:
- "139:139"
- "445:445"
volumes:
- /data/samba-testdev:/mount
#- /etc/passwd:/etc/passwd:ro
#- /etc/group:/etc/group:ro
- /etc/timezone:/etc/TZ:ro
- /etc/localtime:/etc/localtime:ro
#environment:
command: samba.sh -u "samba;satp123" -s "public;/mount/public" -s "testdev;/mount/testdev;yes;yes;no;samba;none;samba"
#command: samba.sh -u "samba;satp123" -s "public;/mount/public" -s "testdev;/mount/testdev;yes;yes;yes;samba;none;samba"
#command: samba.sh -u "samba;samba" -s "public;/mount/public" -s "dev-satp;/mount/dev-satp;yes;no;yes;all;none"
#command: samba.sh -u "samba;samba" -s "public;/mount/public" -s "private;/mount/private;yes;yes;yes;samba;none;samba"
----------------------------------------------------------------
----------------------------------------------------------------
2020.02.28 setting samba service on 10.17.22.248
----------------------------------------------------------------
********* Add User for samba service ************************
----------------------------------------------------------------
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$ sudo useradd -m sys007
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$ ls /home/
datausr2 lost+found sys007
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$ ll /home/
total 32
drwxr-xr-x 5 root root 4096 Feb 28 08:49 ./
drwxr-xr-x 24 root root 4096 May 28 2019 ../
drwxr-xr-x 15 datausr2 datausr2 4096 Feb 27 15:10 datausr2/
drwx------ 2 root root 16384 Jan 17 2018 lost+found/
drwxr-xr-x 2 sys007 sys007 4096 Feb 28 08:49 sys007/
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$ sudo passwd sys007
Enter new UNIX password: 007@sys
Retype new UNIX password:
passwd: password updated successfully
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$ sudo chown sys007.sys007 /data/samba-sys007 -R
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$ sudo chmod oa+w /data/samba-sys007/sys007
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$ ll /data/samba-sys007/
total 16
drwxr-xr-x 4 sys007 sys007 4096 Feb 28 08:38 ./
drwxr-xr-x 14 root root 4096 Feb 28 08:37 ../
drwxr-xr-x 2 sys007 sys007 4096 Feb 28 08:38 public/
drwxrwxrwx 2 sys007 sys007 4096 Feb 28 08:38 sys007/
datausr2@datasvr2 ~/xxxx/docker2019/docker-fileserv/samba$
----------------------------------------------------------------
version: '2.1'
services:
samba:
#image: dperson/samba:20180228
image: harbor.ratp.com/library/dperson/samba:latest
hostname: samba
container_name: samba
restart: always
ports:
- "139:139"
- "445:445"
volumes:
- /data/samba-sys007:/mount
#- /etc/passwd:/etc/passwd:ro
#- /etc/group:/etc/group:ro
- /etc/timezone:/etc/TZ:ro
- /etc/localtime:/etc/localtime:ro
#environment:
command: samba.sh -u "sys007;pwd007" -s "public;/mount/public" -s "sys007;/mount/sys007;yes;yes;no;sys007;none;sys007"
----------------------------------------------------------------