Try the users suggestion from the other post and run "ls -an" to see the numeric user IDs rather than the names you're assigning. I've recently been building a new server with proxmox and learned this same lesson already as user "1000" gets assigned as user "100000" inside containers there to prevent it from having host permissions automatically from my understanding.
this post was submitted on 27 Mar 2025
14 points (93.8% liked)
Selfhosted
46265 readers
302 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Do I need to enter the container bash and change something then? I tried adding UID and GID to the docker compose file, but it still fails. I updated the google docs notes if you want to see my steps.
Don't do this
Samba was not designed to be containerized. Install Samba native and try again. I'm almost certain the problem will go away.
Anyway, I would recommend you read this page https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Samba was not designed to be containerized.
There are some things that shouldn't be containerized even tho they can be. I can see the benefit of a user wanting to containerize everything....it's one neat little package. I look at on a case by case basis. For instance, Caddy I installed on bare metal instead of a container even tho there is one for Caddy.
I would suggest adding "UID" and "GID" environment variables to the container, and set them to the numeric values for user and group numbers that show in place of your name when you use "ls -an" inside of the "mount" folder (they will probably be the same number).
For example, if inside your mount folder you see:
ls -an
total 12
drwx------ 2 1001 1001 4096 Mar 27 13:54 .
drwxr-xr-x 3 1000 1000 4096 Mar 27 13:51 ..
-rwx------ 1 1001 1001 0 Mar 27 13:54 hello.txt
-rwx------ 1 1001 1001 4 Mar 27 13:54 test.txt
Then set UID: 1001 and GID: 1001
I get the same error as you when I copy your docker-compose and try to access a folder owned by my user. When I add the UID and GID of my user id to the docker-compose (1001 for me), the error goes away.
Thanks for the suggestion. I tried and it still doesn't work. I updated the google docs notes with my steps if you want to see what I did.
Hmm, well it doesn't seem to be any problem with the docker compose then as best as I can tell. I picked a random ext4 flash drive and replicated your setup with the UID and GID set and it seems to work fine:
# /etc/fstab
/dev/sda1 /home/<me>/mount/ext_hdd_01 ext4 defaults 0 2
~/mount % ls -an
total 12
drwxr-xr-x 3 1000 1000 4096 Mar 27 16:22 .
drwx------ 86 1000 1000 4096 Mar 27 16:31 ..
drwxrwxrwx 3 0 0 4096 Mar 27 16:26 ext_hdd_01
~/mount/ext_hdd_01 % ls -an
total 6521728
drwxrwxrwx 3 0 0 4096 Mar 27 16:26 .
drwxr-xr-x 3 1000 1000 4096 Mar 27 16:22 ..
-rw-r--r-- 1 1000 1000 6678214224 May 5 2024 PXL_20240504_233345242.mp4
drwxrwxrwx 2 0 0 16384 May 5 2024 lost+found
-rwxr--r-- 1 1000 1000 5 Mar 27 16:27 test.txt
# ~/samba/docker-compose.yml
services:
samba:
image: dockurr/samba
container_name: samba
environment:
NAME: "Data"
USER: "user"
PASS: "pass"
UID: "1000"
GID: "1000"
ports:
- 445:445
volumes:
- /home/<me>/mount:/storage
restart: always
I was able to play the PXL.mp4 video from my desktop and write back the test.txt file
Have you checked the logs with docker logs -f samba to see if there's anything there?
Also you could try to access the HD from within the container, using docker exec -it samba bash and then cd into /storage and see what happens.
I'm CURSED I tells ya! I'll look at the logs tomorrow. Good to know that you can get it working. Maybe I'm close then.
What displays when you run "id" as your user? You'll want it to match what your inputting in the docker compose. I may have missed it but I didn't see you identify what your personal UID and GID are in the Google doc.
As a janky fallback, what if you just added a new smb user and password and see if that one connects: sudo smbpasswd -a
OK let's run through some debug steps.
Test to see if samba is working by using a docker volume instead of trying to mount a file path.
If that works we can then assume its purely a file permission issue. U can check/test that by opening a shell inside the docker container and doing investigation from their.
If from the container shell u have perm issues then u will probably need to use the docker parameter to specify the user id of the container to match that of ur host or alternativly set the filesystem to match that of the container (this will lock u out of ur servers user access to the filesystem as u will no longer be owner).
If the container shell has perms to do shit in the mounted volume then it's a samba config issue. I've never done it myself but I've heard that samba is a bitch to configure.
Does the docker user have permission to that folder?
How do I tell? In the docker-compose.yml file I put the user and password for my server user. I thought that was going to make it work?
In case you haven't realized, the user and pass in the docker compose are for setting the user/pass that you will enter on windows to access the share. It doesn't have to be the same as the Linux server user account - though mine is the same because it's easier to remember.
That's the old style of doing things.
These days everything is set via extended attributes.
I did the same. Not because I knew, but because I was unsure if permissions would fail if I didn't.