Allow running the samba server not as root about samba HOT 5 CLOSED

thanks for the input, it might not work to simply remove the default user, but maybe I'm able to start the samba daemon as non root.

from samba.

Now that I think about it, it's also possible it has to run as root given the mount points, etc. it might need to interact with. I just generally try to keep things not running as root if I can so I was trying to figure out if that was possible here.

from samba.

what's you specific usecase in choosing the UID? or would it be enough if it runs with a default samba user?

from samba.

I've just read about this context.

It's not easily possible to run samba as non-root.
I've noticed, that samba already drops privileges to the user of a share in a subprocess, maybe there is only a small portion of samba running as root -> this is pure speculation I did not verify this.

also most of my script needs to run as root in order to configure samba itself within it's container.

some people might take the effort to have some stripped down configuration which can run as non root. see here: dperson/samba#170 (comment)
Might make sense if you really want to lock down a system - but I'd advice that samba is not the right choice if you need to secure/harden you file server.

also note, that the root user inside the container is not the same as outside the container. it just looks like a root user inside the container.

running the entrypoint etc. as non-root is out of scope of this container. I'm going to close this issue.

quick and easy workaround, use this container to generate your samba configuration, extract the config from the server.
create a new container from alpine, install samba, add the exported config start samba directly with unprivileged user on non root ports

from samba.

Yeah, I was reading a little more about this as well after creating this issue and I agree with your assessment, I don't think it makes sense.

I'm coming from a place of having run a bunch of other containers with things that are clearly user-level processes (Home Assistant, etc.) and having them run in user-space (even inside the container) feels more correct to me than having them run as root and was trying to follow the same playbook when adding a file server, but it just doesn't make sense here.

from samba.