Auto-mounting network shares per user
There are probably several solutions possible; here's is how I would do it. (Disclaimer: untested!)
The mount.cifs
command can read the username and password from the USER and
PASSWD environmental variables, but it can also read them from a
"credentials" file, that you specify on the command line with the -o
cred=/path/to/credentials/file option.
The credentials-file approach is IMHO simpler to implement.
-
Create a text file
$HOME/.Music.credto store the credentials; the file should have this format:user=your-username-on-cifs-server password=the-password domain=leave-this-blank-unless-really-using-windows-domains -
Protect the
$HOME/.Music.credfile; run this command in a terminal:chmod go-rw $HOME/.Music.cred -
Now you should be able to mount the CIFS share
//server/musicon directoryMyMusicFolderusing this command:sudo mount -t cifs -o cred=$HOME/.Music.cred //server/music $HOME/MyMusicFolderYou can enable each user to run this through passwordless sudo by adding a line to
/etc/sudoers: (one line per user)# replace every occurence of `user` with the actual account name user ALL= NOPASSWD: /bin/mount -t cifs -o cred=/home/user/.Music.cred //server/music /home/user/MyMusicFolder -
If the command from step 3. worked correctly, you can make it automatic in several ways:
- save it into a shell script into your home directory and make that script an auto-started application (you have to do this for every user that needs to mount CIFS shares);
- save it into a shell script
/etc/X11/Xsession.d/30mount-cifs-sharesso that it will work for any user.
Alternatively, you can replace steps 3. and 4. above with the use of pam-mount:
install package libpam-mount
-
configure
/etc/security/pam_mount.conf.xmlwith:<debug enable="1" /> <volume server="server" path="music" mountpoint="~/MyMusicFolder" options="cred=/home/%(USER)/.Music.cred" />
References:
Kent Boogaart
Microsoft MVP for Windows Platform Development 2009-2014 My blog is here Personal projects include: Workout Wotch KBCsv WPF Converters The Helper Trinity PCLMock Intuipic Kentis
Updated on September 18, 2022Comments
-
Kent Boogaart over 1 year
I have a server that has a number of CIFS shares that need to be accessed on a per-user basis. For example, I have a Music share which I have full access to, but my wife has read-only access.
When either myself or my wife log into our Ubuntu 11.04 laptop I would like these shares to be automatically mounted per user. Now I understand that if I mount as
-t cifswithout specifying a user then it will use theUSERenvironment variable. However, I also need to specify a password, so how can I do that when each user has a different password?I think my questions are:
- Is there a way for me to have a per-user /etc/fstab?
- If not, is there a way to specify that a mount is only applicable to a certain user?
- Also, the share password is always the same as the local password. Is there a way to specify that this password should just pass through from the client to server rather than having to specify it in a credentials file somewhere?
Or maybe I'm missing something and there's a completely different solution. Can anyone help?
-
Kent Boogaart over 12 yearsThanks, but step 3 only works for sudo. Therefore, if I script it then it will need to run as root, will it not?
-
Kent Boogaart over 12 yearsAlso, for step 4 is there any reason I can't just put this in /etc/fstab?
-
Kent Boogaart over 12 yearsUgh, I think that's because it runs as root so $HOME will refer to root's home. I seem to be in a bind here. If step 3 worked as non-root then I can see how this could work, but it doesn't.
-
Riccardo Murri over 12 years@KentBoogaart: You're right, you need passwordless sudo for that. I've edited the answer with some more suggestions.
-
Riccardo Murri over 12 years@KentBoogaart The reason it does not work in
/etc/fstabis that variables like$HOMEare not expanded there; variable content substitution is a feature of the shell. -
Kent Boogaart over 12 yearsI just tried both options and neither worked. This is doing my head in! I edited /etc/sudoers using
visudo, restarted, then tried running the mount withoutsudoand without a password. I got "only root can do that". Then I tried installinglibpam-mountand editing its config as suggested. I restarted and . . . nothing. The mount hadn't occurred. -
Kent Boogaart over 12 yearsOddly, all PAM seems to be doing is removing my mount point directory! I tried turning on debug and checking
dmsg, but saw nothing from PAM at all. -
Riccardo Murri over 12 years@KentBoogaart sorry there were a couple typos in the pam_mount.conf file, can you try again? Also, you need to explitcitly turn on debugging. As for the sudo: on my PC, "sudo mount" does not give any error (but I do not have a CIFS share to test here).
-
Kent Boogaart over 12 yearsNope, still no go. I checked dmesg again and noticed something I missed the first time. [ 13.605194] CIFS VFS: Error connecting to socket. Aborting operation [ 13.605199] CIFS VFS: cifs_mount failed w/return code = -101 Any idea what would cause this? If I take out my
<volume .../>from the PAM config then the above does not appear in the log. Also, why on earth would it remove the mountpoint? -
Riccardo Murri over 12 years@KentBoogaart seems like a network-related error. Is your network up before you login? (e.g., wired connection) Or do you need NetworkManager and a password to connect? (e.g., WPA wireless access point)
-
Kent Boogaart over 12 yearsIt's wireless, and I can confirm that all my googling has led me to believe it's a startup order problem. However, I've not found a solution and I find it difficult to believe that PAM wouldn't already deal with this somehow, but I haven't found any workarounds through its documentation either :S
-
Kent Boogaart over 12 yearsEven though I haven't got this working, I'm accepting this as the answer because it should work. The only thing (I think) preventing it is another issue in that the wireless network is not started before libpam kicks in. I will start a separate question for that issue.
-
devius almost 12 yearsI should add that the pam_mount method even allows easy mounting of shares with spaces in the name and target folders also with spaces in the name, which is awesome. No more fiddling around with \040, %20 or \ trying to guess which one is the correct. -
Andre Miras about 10 yearsIn step 3 if you don't want to add one line per user, you can replace "user" by a wildcard "*". I've tested it, it works. Just mind for the security.
