Possible permissions problem and home user directory

[rourke]

I have 2 folders /data/homer and /data/home-assistant. Both the folders and their content are owned by user victor and group victor. The permissions for the contents of the data folder is rw-rw-r-- or 664. I want to share the /data folder, but login with custom credentials. So I have the following docker command:

docker run -d -p 139:139 -p 445:445 \
  --hostname $HOSTNAME \
  -e TZ=Europe/Paris \
  -v /data:/data \
  elswork/samba \
  -u "1000:1000:victor:victor:RaNdOmPaSwOrD" \ # An existing user and group on my host filesystem, but a made up password
  -u "1001:1001:bob:bob:anotherpassword" \ # User and group does not exist on host filesystem, password is made up
  -s "Config:/data:rw:bob"

Some odd behaviour I don't understand:

• When I log in as user victor I can view and edit the files, but when I log in as user bob I can only view the files.
  I tried to get both users in the same group, but the container does error out saying the group already exists.
  So victor: 1000:100:victor:users:RaNdOmPaSwOrD and bob: 1001:100:bob:users:anotherpassword - existing group on host filesystem. I also did recursive chown to the /data folder for this test.
  How do I also get bob to be able to edit files?
• I also noticed if I log in with victor I also get a folder called victor, and for bob I get a folder called bob. I assume this is the user home directory which is set to not browsable in /etc/samba/smb.conf.
  When I commented out the [homes] share from this file the user directory was gone. Is this something you can change?
  

[rourke]

I've tested this command to escape the homes share and it seems to do the trick:

sed -i '/\[homes\]/,/writable/ s/^/;/' /etc/samba/smb.conf

[rourke]

Regarding the permissions issue, when I set the group owner of the files to users (GID 100) on the host filesystem and manually add my user bob to this group within the container with groupadd bob users, bob can also edit the files. So how would I be able to do this with the way the container works at the moment?

[wjiec]

Hi, I think you should try to change the permissions of your folder to rwxrwx---(i.e. 770)

For directories, execute permission allows you to enter the directory (i.e., cd into it), and to access any of its files.

I used the following command to simulate that your scenario is writable to a file

$ ls -alh .
drwxr-xr-x  3 root   root   4.0K Dec  2 21:41 .
drwx------ 11 root   root   4.0K Dec  2 22:40 ..
drwxrwx---  4 jayson jayson 4.0K Dec  2 21:41 data

$ id -u jayson
1000

$ docker run -d -p 139:139 -p 445:445 \
  -e TZ=Europe/Paris \
  -v `pwd`/data:/data \
  elswork/samba:3.2.7 \
  -u "1000:1000:victor:victor:nice" \
  -u "1001:1000:bob:victor:bobpwd" \
  -s "Config:/data:rw:victor,bob"

[rourke]

Ah yes, that should be a solutiuon. I'm not able to test it on my own setup since I started using crazy-max/docker-samba. But I assume this will work. Thanks.