Samba File Server and Docker

Dan Seguin dan.seguin at Cord3Inc.com
Tue Mar 10 05:59:29 UTC 2020 

_______________________________________
From: Andrew Bartlett <abartlet at samba.org>
Sent: March 9, 2020 6:29 PM
To: Dan Seguin; samba-technical at lists.samba.org
Subject: Re: Samba File Server and Docker

On Mon, 2020-03-09 at 20:03 +0000, Dan Seguin via samba-technical
wrote:
> Hi all,
>
> I would have sworn I saw a snippet lately on the list about there
> being some issue with running Samba in a container because of
> required privileges (relating to namespaces?).
>
> I can't seem to find it. I may have seen it in the earlier archives
> when I was dredging for info.
>
> (I hope I'm not going senile here!)
>
> Either way, are there any issues with containerizing Samba (file
> server)?

Yes.  If you want to use vfs_acl_xattr, to store a full NT ACL, then
you will need the container to be privileged so it can store into the
root-only namespace.

Andrew Bartlett

--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
https://catalyst.net.nz/services/samba

Thanks.

I'm pretty sure it was you that responded to the phantom message I'm alluding to. Thank you for confirming I'm not totally gone yet.  ;-)

Also, thanks to all who have put up great docs, slides, and talks on Samba. 

Everything is so clean, and there is SO, SO much good stuff in the code that you discover after trying to do it yourself, and you realize, dammit, there's a HUGE call chain there that does *it all for* you correctly, ALREADY. (Big learning curve of cool and proper stuff in there that isn't always obvious)  

And that brings more questions, where do I look next for old school file stuff that I need to do at the VFS layer as a Unix C hack, that hasn't been handled upstream without stomping over what the server has done at that point? 

I'm writing a VFS module for a back end encryption and KMI system. I hope that I can provide something somewhat like the Scanner VFS does, i.e. an api for a plugable backend. 

I have a design in mind, not sure of the ramifications involving disconnected/reconnected sessions and statefulness. 

I hope there's interest out there on this, I'll outline how I'm approaching this.  I'll share what I have as things progress, and publish (if deemed solid).

More information about the samba-technical mailing list