This documentation is part of the "Projects with Books" initiative at zenOSmosis.

The source code for this project is available on GitHub.

Configuration Reference

Relevant source files

Purpose and Scope

This page provides a comprehensive reference for all configuration settings used by sshfs-mac-docker. The system requires three distinct types of configuration: Samba server configuration (for SMB protocol), FUSE configuration (for filesystem access permissions), and SSHFS mount options (for remote filesystem behavior).

For detailed explanations of specific configuration files and their parameters, see:

Samba server settings: 5.1)
FUSE access control: 5.2
SSHFS mounting parameters: 5.3

This page focuses on the relationships between configurations, their locations in the system, and how they interact to enable the protocol bridge between SSH and SMB.

Configuration Overview

The system uses a layered configuration approach with distinct build-time and runtime settings:

Configuration Type	Applied At	Purpose	Modifiable at Runtime
Samba Configuration	Build-time	Defines SMB share behavior, authentication, and file permissions	No (requires image rebuild)
FUSE Configuration	Build-time	Enables cross-user filesystem access	No (requires image rebuild)
SSHFS Mount Options	Runtime	Controls remote mount behavior, permissions, and ownership	Yes (per mount operation)

The build-time configurations are embedded in the Docker image via Dockerfile:17-24 while runtime options are specified when executing the sshfs command inside the container.

Sources: Dockerfile:17-24 README.md:49-53

Configuration File Locations

Configuration File Mapping

Diagram: Configuration File Locations and Build Process

The diagram shows how configuration files move from the repository into the container filesystem during the build process, and how they control different aspects of the system at runtime.

Sources: Dockerfile:1-34 smb.conf:1-20

Configuration Hierarchy and Application Points

Build-Time vs Runtime Configuration

Diagram: Configuration Application Timeline

This diagram shows the temporal relationship between configuration application points. Build-time configurations are immutable once the image is created, while runtime configurations can be changed with each mount operation.

Sources: Dockerfile:1-34 README.md:19-53

Configuration Dependencies

Inter-Configuration Dependencies

The three configuration types have strict dependencies that must be satisfied for the system to function:

Diagram: Configuration Dependency Graph

graph TB
    subgraph "FUSE Configuration Dependencies"
        FuseConf["user_allow_other\n/etc/fuse.conf:last line"]
AllowOther["allow_other option\nsshfs mount parameter"]
CrossUserAccess["Samba can access\nSSHFS-mounted files"]
end
    
    subgraph "User and Permission Dependencies"
        SSHUser["sshuser:sshpass\nUID 1000, GID 1000"]
ForceUser["force user = sshuser\nsmb.conf:19"]
UidGidOptions["uid=1000,gid=1000\nsshfs mount parameters"]
FileOwnership["Consistent file ownership\nacross protocols"]
end
    
    subgraph "Directory Permission Dependencies"
        SambaSharePerm["chmod 777 /samba-share\nDockerfile:21"]
Writable["writable = yes\nsmb.conf:12"]
CreateMask["create mask = 0777\nsmb.conf:17"]
WriteAccess["Write access\nfrom macOS"]
end
    
    subgraph "Guest Access Dependencies"
        MapToGuest["map to guest = bad user\nsmb.conf:4"]
GuestOk["guest ok = yes\nsmb.conf:13"]
GuestOnly["guest only = yes\nsmb.conf:14"]
NoAuth["No password required\nfrom macOS"]
end
    
 
   FuseConf -->|Enables| AllowOther
 
   AllowOther -->|Required for| CrossUserAccess
    
 
   SSHUser -->|Identity enforced by| ForceUser
 
   SSHUser -->|UID/GID matched by| UidGidOptions
 
   ForceUser --> FileOwnership
 
   UidGidOptions --> FileOwnership
    
 
   SambaSharePerm -->|Base permissions| WriteAccess
 
   Writable -->|Samba-level permissions| WriteAccess
 
   CreateMask -->|New file permissions| WriteAccess
    
 
   MapToGuest -->|Maps unknown users| NoAuth
 
   GuestOk -->|Allows guest login| NoAuth
 
   GuestOnly -->|Forces guest mode| NoAuth

This diagram illustrates critical dependencies between configuration parameters. If any dependency is missing, specific functionality (cross-user access, write access, or guest authentication) will fail.

Sources: smb.conf:1-20 Dockerfile:9-24 README.md:49-53

Critical Configuration Parameters

Parameter Reference Table

Parameter	File Location	Line Number	Value	Required	Purpose
`user_allow_other`	`/etc/fuse.conf`	Appended	N/A	Yes	Allows non-mounting users (Samba) to access FUSE filesystems
`allow_other`	`sshfs` command	Runtime option	N/A	Yes	Enables cross-user access to SSHFS mount
`uid=1000`	`sshfs` command	Runtime option	`1000`	Yes	Sets file ownership to sshuser for write access
`gid=1000`	`sshfs` command	Runtime option	`1000`	Yes	Sets group ownership to sshuser for write access
`force user`	`/etc/samba/smb.conf`	19	`sshuser`	Yes	Forces all Samba operations to use sshuser identity
`map to guest`	`/etc/samba/smb.conf`	4	`bad user`	Yes	Maps unknown/invalid users to guest account
`guest ok`	`/etc/samba/smb.conf`	13	`yes`	Yes	Allows guest access to share
`guest only`	`/etc/samba/smb.conf`	14	`yes`	Yes	Forces guest mode even if credentials provided
`writable`	`/etc/samba/smb.conf`	12	`yes`	Yes	Enables write access through Samba
`create mask`	`/etc/samba/smb.conf`	17	`0777`	No	Permissions for newly created files
`directory mask`	`/etc/samba/smb.conf`	18	`0777`	No	Permissions for newly created directories
`client min protocol`	`/etc/samba/smb.conf`	7	`SMB2`	No	Minimum SMB protocol version
`server min protocol`	`/etc/samba/smb.conf`	8	`SMB2`	No	Minimum SMB protocol version

Configuration Omission Impact

Diagram: Configuration Omission Impact

This diagram shows the direct consequences of missing critical configuration parameters. Each omission results in a specific failure mode.

Sources: Dockerfile24 README.md:49-53 smb.conf19

Configuration Interaction Model

Protocol Bridge Configuration Flow

Diagram: Configuration Interaction During Write Operation

This diagram traces how configuration parameters interact when a file write operation flows from macOS Finder through Samba, the filesystem layer, SSHFS, and finally to the remote server. Each layer consults its configuration to validate and process the operation.

Sources: smb.conf:1-20 Dockerfile:21-30 README.md:49-53

Configuration	Modifiable After Build	How to Modify	Requires Container Restart
Samba settings (`smb.conf`)	No	Rebuild image with modified `smb.conf`	N/A (new container)
FUSE settings (`fuse.conf`)	No	Rebuild image with modified `Dockerfile`	N/A (new container)
SSHFS mount options	Yes	Use different options in `sshfs` command	No (remount required)
User credentials (`sshuser:sshpass`)	No	Rebuild image with modified `Dockerfile`	N/A (new container)
Directory permissions (`/samba-share`)	No	Rebuild image with modified `Dockerfile`	N/A (new container)
Port mappings	No	Stop and restart with `docker run`	Yes (container restart)
Privileged mode	No	Stop and restart with `docker run`	Yes (container restart)

Changing SSHFS Mount Options

SSHFS mount options are the only runtime-configurable settings. To change them:

Unmount the existing mount: fusermount -u /samba-share
Mount with new options: sshfs -o [new-options] user@host:path /samba-share

Common option modifications:

Change ownership : Modify uid= and gid= values
Add compression : Include compression=yes
Adjust timeout : Include ServerAliveInterval=15
Enable debug : Include debug,sshfs_debug,loglevel=debug

Sources: README.md:49-77

Configuration Files Summary

Complete File Reference

Diagram: Configuration Files and Their Relationships

This diagram maps the repository files to the container filesystem files they create or modify. All configuration originates from the two repository files: smb.conf and Dockerfile.