Nethserver 8 - Temporarily disabling individual or all shares

yummiweb · May 24, 2025, 10:35am

Dear community,

I need to perform certain maintenance work on a Nethserver 8 share and disable it beforehand – but without shutting down the other services and, above all, without shutting down the samba-ad as a whole.

Is there a planned solution for this?

For my maintenance, I need to temporarily unmount a specific file system – which I mounted to /home/samba1/.local/share/containers/storage/volumes/shares/_data/MYSHARE.

According to “lsof,” the mount isn’t blocked, but the samba1 container at least logically continues to use the path.

I know how to perform my maintenance, but I’m not entirely sure how to temporarily disable individual shares – apparently, only “removal” is provided. “Removing” is not only impractical but perhaps also risky, because the container might then remove the share path, which I’ll need to remount later.

Any advice is welcome.

As far as I can tell, it would be more practical for my project to have a completely separate Samba-AD container here and the Samba shares in another one. I don’t know if that’s possible, but it might not be the worst goal.

Regards, Yummiweb

mrmarkuz · May 25, 2025, 8:49am

I think it’s the simplest way to remove it from the configuration and readd it again after the maintenance.
This could be done using net conf in the samba-dc container.
Another approach could be to set permissions so clients can’t access the share anymore but I think it’s cleaner when the share isn’t available at all.

Enter the samba-dc container:

runagent -m samba1 podman exec -ti samba-dc bash

Remove share testfolder from config:

net conf delshare testfolder

Readd testfolder to config: (The description could be empty like “” but is required to list the shares in the cluster-admin without error)

net conf addshare testfolder /srv/shares/testfolder writeable=y guest_ok=N "Description"

Please test it on a testshare first…

davidep · May 25, 2025, 9:39am

You can also consider the share “available” parameter. We leverage it in the acl reset procedure:

github.com/NethServer/ns8-samba

samba-dc%2Fusr%2Flocal%2Fsbin%2Fsamba-reset-acls

main


      
          
          sid_group="$(wbinfo -n "${group_name}" | awk '{print $1}')"
          if [[ -z "${sid_group}" ]]; then
              echo "SID not found for ${group_name}" 1>&2
              exit 3
          fi
          
          if [[ -z "${is_home_dir}" ]]; then
              # Disable/Enable the share during ACLs reset
              trap 'net conf delparm "${sharename}" available || :' EXIT
              net conf setparm "${sharename}" available no
          fi
          
          # Reset settings if coming from NS7 migration
          if [[ "$(net conf getparm "${sharename}" 'acl_xattr:ignore system acls' 2>/dev/null)" == no ]]; then
              # This share was imported from NS7 and still relies on Posix ACLs:
              echo "Upgrading \"${sharename}\" permissions for Windows ACL compatibility"
              # Disable the override setting used by migration:
              net conf delparm "${sharename}" 'acl_xattr:ignore system acls'
              # Reset ACLs, ownership and permissions:
              setfacl -R -b "${share_root}"

Fernando_Moser · June 22, 2025, 9:12am

Título: Desativando a Criação Automática de Diretórios Home no Samba (NethServer 8 – Container rootless)

Cliente/Projeto: Fernacom Informática Corporativa

Objetivo

Registrar o procedimento definitivo para impedir que o Samba, executando em container rootless (usuário samba4) no NethServer 8, crie automaticamente os diretórios home (/srv/homes/<usuário> ) para novos usuários.

Cenário Detectado

Distribuição base: Rocky Linux 9.5 (Blue Onyx) – host do NethServer 8.
Serviço de arquivos: Samba rodando em container rootless (podman ) como usuário samba4 .
Arquivo de configuração gerado: /home/samba4/.local/share/containers/storage/volumes/config/_data/smb.conf .
O cabeçalho do arquivo exibe:
# Generated by expand-config. Manual changes to this file are lost!
➜ A configuração é regerada por um script /usr/local/sbin/expand-config dentro do container.
A seção [homes] é reinserida a cada “expand”, recriando o compartilhamento homes.

Passo a Passo

1 – Localizar o script gerador (expand-config)

nano /home/samba4/.local/share/containers/storage/overlay/<ID>/diff/usr/local/sbin/expand-config

O caminho <ID> varia; descubra com: podman inspect --format '{{.GraphDriver.Data.UpperDir}}' <NOME_DO_CONTAINER>

2 – Editar o template para comentar a seção `[homes]`

No final do expand-config , localize o bloco:

cat >>/etc/samba/smb.conf <<EOF
[homes]
comment = zu home directory
browseable = no
writeable = yes
EOF

Altere para:

cat >>/etc/samba/smb.conf <<EOF
# [homes]
# comment = zu home directory
# browseable = no
# writeable = yes
EOF

Mantemos as linhas, porém comentadas, garantindo que mesmo após cada “expand” o compartilhamento não será recriado.

3 – Salvar e sair

Ctrl + O ➜ Enter ➜ Ctrl + X

4 – Reiniciar o container Samba

# Descobrir o nome do container
podman ps --format "{{.Names}}" | grep samba

# Reiniciar
podman restart <NOME_DO_CONTAINER>

5 – Validar

Checar se a seção [homes] não reapareceu:

podman exec -it <NOME_DO_CONTAINER> grep -A1 "\[homes\]" /etc/samba/smb.conf || echo "[homes] não encontrado"

Criar/Logar com um usuário de teste – verifique que nenhum diretório é criado em /srv/homes/ .

Observações Importantes

Caso o script expand-config seja atualizado por um update do NethServer, revisar se o bloco comentado persiste.
Para ambientes com Active Directory interno (nsdc), o procedimento difere e deve ser documentado separadamente.

Resultado Esperado

O compartilhamento homes deixa de existir nos arquivos de configuração finais do Samba.
Novos usuários não mais geram diretórios home automaticamente, evitando poluição em /srv/homes/ .

Documento registrado na Base de Conhecimento – Fernacom.

mrmarkuz · June 22, 2025, 8:59pm

Thanks for your great howtos. As this forum is in English language, please, if possible, post your howtos in the Howto category and in English language.