3

Each user should be able to access a cifs group share using his own credentials when navigation to a specific folder ~/groupdrive inside his home folder. The credentials are stored in a ~/.cifs_credentials file.

I implemented this using pam_mount but I'm stuck with tons of duplicate and not properly unmounted mounts.

How can I implement this behaviour using autofs? Is it possible to mount share multiple times on the same mountpoint eg /mnt/groupdrive with different credentials and symlinking to it from the home folder?

Fab
  • 31
  • 1
  • 3

1 Answers1

2

You can use variables in autofs which may be a solution to your requirement. Everybody has their own way of doing autofs and this is mine. I just did this on Ubuntu 18.04 primarily to see if it still works at this release:

I edited /etc/auto.master and as the last line added:

/mnt/Samba /etc/auto.sambashares --timeout=30 --ghost

I purposely made the parent folder /mnt/Samba and not something under /media or the home directory because it results in mass confusion by the OS.

I edited /etc/auto.sambashares and added one line using the ${HOME} and in my case the ${UID} variables:

GroupShare -fstype=cifs,rw,credentials=${HOME}/.cifs_credentials,uid=${UID},iocharset=utf8 ://server/share

Then restarted the autofs service.

When usera accesses /mnt/Samba/GroupShare ( which can be bookmarked ) his credentials at /home/usera/.cifs_credentials will be used to access the share and userb will use his own credentials in his own home directory.

Alternate Method for Concurrent Users:

** Create a parent folder under /mnt for each user - example: /mnt/bob and /mnt/mary.

** Change ownership to each user ( i.e., sudo chown bob /mnt/bob )

** Limit access only to that user ( sudo chmod 0770 /mnt/bob )

** Replace the one line in auto.master to two:

/mnt/bob/Samba /etc/auto.sambashares-bob --timeout=30 --ghost
/mnt/mary/Samba /etc/auto.sambashares-mary --timeout=30 --ghost

** Then create the two auto.sambashares-xxx files each having the same line:

GroupShare -fstype=cifs,rw,credentials=${HOME}/.cifs_credentials,uid=${UID},iocharset=utf8 ://server/share
Morbius1
  • 7,261
  • 1
  • 15
  • 22
  • Tried this but the share will be mounted with the credentials of the first user A accessing it. When a second user B accesses the share the share won't be mounted again and user B accesses the share with the rights of user A which is a security issue. – Fab May 28 '18 at 13:10
  • The only way I can reproduce that is if I access the share by both users simultaneously - well, at least within the 30 second timeout specified by the auto.master file. Is this a desktop system? As a test specify the timeout with a short duration: timeout=5. Does the same thing happen? – Morbius1 May 28 '18 at 14:15
  • I have added an addendum to my original answer to accommodate concurrent user access which might be better if that is your requirement – Morbius1 May 28 '18 at 14:46
  • If B accesses the share after its unmounted due to the timout period, it gets remounted with B's creds. But that's no solution. Approx 50 desktop systems accessing a CIFS Server, so I need a more automated method. But you got me on the track: Maybe I could use a folder in the home folder of the users combined with a scripted map. – Fab May 29 '18 at 15:50
  • I don't think you read my addendum: Alternate Method for Concurrent Users. Each user has his own path and his own map file and the path for each user is isolated them the rest. – Morbius1 May 29 '18 at 16:49
  • And the Alternate Method is not dependent on anyone else unmouning. – Morbius1 May 29 '18 at 17:07
  • Hi, dont get me wrong I carefully read your addendum because you got me on the right track with it. I works perfectly but you have to add folders & maps for each new user and I was looking for a more dynamic way of getting the same. – Fab Jun 01 '18 at 13:38