Linux mount with user and password

Include password when mounting a drive using cifs

but then I didn’t have modify access or ownership to the shared drive so this was solved using this question by mounting the shared drive using: sudo mount.cifs -o username=myuser,uid=youruser,gid=yourgroup //xxx.xxx.xx.xx/myfolder /mnt/windowsshare/ : it then asks for the password of the network share and then it works. But when I tried doing this: sudo mount.cifs -o username=myuser,password=mypassword,uid=youruser,gid=yourgroup //xxx.xxx.xx.xx/myfolder /mnt/windowsshare/ by including the password in the command, it says permission denied, not sure why? Also how I can make this permanent so that I don’t have to rewrite the command every time I lose connection or restart the computer?

What is your definition of permanent? Mounting from fstab ? Either way, man mount and google mounting Windows shares. The gist is that you create a separate credentials file and reference it from fstab line for the share you want to mount.

1 Answer 1

BEWARE: all options that automate mounting of remote file systems possess some level of risk. See note at the end of this answer.

To make it permanent and automatically connect/reconnect as needed, use the kernel automounter. This will handle connection dropouts, access timeouts, etc.

Install autofs and configure as follows:

/mounts/ /etc/auto.mymounts --ghost 

The —ghost option keeps the mountpoint folder visable on the file system, which makes things smoother for some programs.

The autofs config string would be something like:

/mnt/windowsshare/ -fstype=cifs,rw,credentials=/etc/credentials.autofs ://xxx.xxx.xx.xx/myfolder 

This may need extended for some enviornments. NOTE: The vers=2\.1 option will need to be specified if SMB 1 has been turned off on the remote server.

dom=TARGETDOMAIN user=TARGETUSER password=TARGETPASSWORD 

WARNING! Make that file readable only by root, because the target password is stored in plain text. There are security implications with storing this password in plain text, particularly if you cannot trust root users. These implications must be carefully weighed to assure that there are mitigating controls that adequately address the root level user(s) access risk. One possible option would be to have a separate user created with limited rights to instantiate this connection, and make sure that adequate, auditable logging is enabled so that activities can be traced.

Источник

Как в Linux монтировать шару CIFS

Обновлено: 01.05.2023 Опубликовано: 18.07.2016

Что такое Linux и CIFS простыми словами. Работа с общими папками Windows происходит с использованием протокола CIFS (SMB). Все примеры в данном руководстве выполняются на Linux Ubuntu и CentOS.

Подготовка

Установка пакетов

Сетевые порты

Синтаксис

* вместо mount.cifs можно написать mount -t cifs.

mount.cifs //192.168.1.1/public /mnt

* простой пример монтирования папки public на сервере 192.168.1.1 в локальный каталог /mnt.

Если нам не известны расшаренные папки на сервере, мы можем воспользоваться утилитой smbclient. Для начала установим ее.

а) на RPM (Rocky Linux / РЕД ОС / Red Hat / CentOS / Fedora):

б) на Deb (Debian / Ubuntu / Astra Linux / Mint):

или, при необходимости авторизоваться на файловом сервере:

smbclient -L 192.168.1.1 -U username

Ручное монтирование

Теперь монтирование можно выполнить следующей командой:

mount.cifs //192.168.1.10/share /mnt -o user=dmosk

* в данном примере будет примонтирован каталог share на сервере 192.168.1.10 в локальную папку /mnt под учетной записью dmosk.

То же самое, с использованием домена:

mount.cifs //192.168.1.10/share /mnt -o user=dmosk,domain=dmosk.local

Автоматическое монтирование CIFS через fstab

Для начала создаем файл, в котором будем хранить данные авторизации при подключении к общей папке:

И добавляем в него данные следующего вида:

username=dmosk
password=dPassw0rd
domain=dmosk.local

* в этом примере создана пара логин/пароль — dmosk/dPassw0rd; domain указывать не обязательно, если аутентификация выполняется без него.

Задаем права на созданный файл, чтобы доступ был только у пользователя, скажем, root:

chown root:root /root/.smbclient

Теперь открываем конфигурационный файл fstab:

и добавляем в него следующее:

//192.168.1.10/share /mnt cifs user,rw,credentials=/root/.smbclient 0 0

* в данном примере выполняется монтирование общей папки share на сервере с IP-адресом 192.168.1.10 в каталог /mnt. Параметры для подключения — user: позволяет выполнить монтирование любому пользователю, rw: с правом на чтение и запись, credentials: файл, который мы создали на предыдущем шаге.

Чтобы проверить правильность настроек, вводим следующую команду:

Примеры использования опций

Версии SMB

Если на стороне Windows используется старая или слишком новая версия протокола SMB, при попытке монтирования мы можем получить ошибку mount error(112): Host is down. Чтобы это исправить, указываем версию:

mount.cifs //192.168.1.10/share /mnt/ -o vers=1.0

* монтирование по протоколу SMB1.0

Монтирование от гостевой учетной записи

Если сервер принимает запросы без логина и пароля, то клиент подключается, как гость:

mount.cifs //192.168.1.10/share /mnt -o guest

//192.168.1.10/share /mnt cifs guest 0 0

Права на примонтированные каталоги

При монтировании папки мы можем указать определенные права:

mount.cifs //192.168.1.10/share /mnt -o file_mode=0777,dir_mode=0777

Для указания владельца, который будет назначен для примонтированного каталога, используем:

mount.cifs //192.168.1.10/share /mnt -o uid=33,gid=33

* чтобы посмотреть идентификаторы пользователя, вводим id -u и id -g .

Источник

Thread: Mounting NFS with username/password

First Cup of Ubuntu

Mounting NFS with username/password

The situation is that my workplace has a Synology diskstation NAS. In order to connect to it, I need to be on my workplace’s VPN. I can access the server once on the VPN in my web browser by going to http://1.2.3.4:5000 (where the IP address is 1.2.3.4). In Windows, I’d map a drive using http://serverURL/NAS01Shared, and then I’d be prompted for my username and password. I can map the server using smb, but I can’t access the files as if they were local (specifically, I’d to run Matlab code that accesses server files, but from what I gather SMB won’t allow that, whereas NFS would).

Based on what I’ve read of how to mount NFS, these are what I’ve attempted and the error messages I’ve received:

sudo mount 1.2.3.4:/NAS01Shared /mnt/share mount.nfs: access denied by server while mounting 1.2.3.4:/NAS01Shared sudo mount 1.2.3.4:5000/NAS01Shared /mnt/share mount.nfs: access denied by server while mounting 1.2.3.4:5000/NAS01Shared man mount sudo mount 1.2.3.4:/NAS01Shared -o username=foo,password=bar /mnt/share mount.nfs: an incorrect mount option was specified sudo mount //1.2.3.4:/NAS01Shared -o username=foo,password=bar /mnt/share mount.nfs: Failed to resolve server //1.2.3.4: Name or service not known sudo mount //1.2.3.4:5000/NAS01Shared -o username=foo,password=bar /mnt/share mount.nfs: Failed to resolve server //1.2.3.4: Name or service not known sudo mount \\serverURL\NAS01Shared -o username=foo,password=bar /mnt/share mount: special device \serverURLNAS01Shared does not exist sudo mount //serverURL/NAS01Shared -o username=foo,password=bar /mnt/share mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) sudo mount -t cifs //serverURL/NAS01Shared -o username=foo,password=bar /mnt/share mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) sudo mount //1.2.3.4/NAS01Shared -o username=foo,password=bar /mnt/share mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

sudo mount -t cifs //1.2.3.4/NAS01Shared -o username=foo,password=bar /mnt/share mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) sudo mount -t cifs \\serverURL\NAS01Shared -o username=foo,password=bar /mnt/share mount.cifs: bad UNC (\serverURLNAS01Shared) sudo mount -t cifs /serverURL/NAS01Shared -o username=foo,password=bar /mnt/share mount.cifs: bad UNC (/serverURL/NAS01Shared) sudo mount -t cifs //serverURL/NAS01Shared -o username=foo,password=bar /mnt/share mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) sudo mount -t cifs //serverURL/NAS01Shared /mnt/share -o username=foo,password=bar mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) sudo mount -t cifs //serverURL/NAS01Shared /mnt/share -o username=foo,password=bar,iocharset=utf8,file_mode=0777,dir_mode=0777 mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

What do I need to try in order to be able to access my files on diskstation server as if they were local on my machine?

Источник

Mount network share with nfs with username / password

I am trying to mount a NAS using nfs for an application. The Storage team has exported it to the host server and I can access it at /nas/data. I am using containerized application and this file system export to the host machine will be a security issue as any container running on the host will be able to use the share. So this linux to linux mounting will not work for me. So the only alternate solution I have is mounting this nas folder during container startup with a username /password. The below command works fine on a share supporting Unix/Windows. I can mount on container startup

mount -t cifs -osec=ntlmv2,domain=mydomain,username=svc_account,password=password,noserverino //nsnetworkshare.domain.company/share/folder /opt/testnas 

I have been told that we should use nfs option instead of cifs. So just trying to find out whether using nfs or cifs will make any difference. Specifying nfs option gives below error.

 mount -t nfs -o nfsvers=3,domain=mydomain,username=svc_account,password=password,noserverino //nsnetworkshare.domain.company/share/folder /opt/testnas mount.nfs: remote share not in 'host:dir' format 

 mount -t nfs -o nfsvers=3,domain=mydomain,username=svc_account,password=password,noserverino nsnetworkshare.domain.company:/share/folder /opt/testnas mount.nfs: an incorrect mount option was specified 

I couldn’t find a mount -t nfs option example with username /password. So I think we can’t use mount -t nfs with credentials. Please pour in ideas. Thanks,
Vishnu

2 Answers 2

CIFS is a file sharing protocol. NFS is a volume sharing protocol. The difference between the two might not initially be obvious.

NFS is essentially a tiny step up from directly sharing /dev/sda1. The client actually receives a naked view of the shared subset of the filesystem, including (at least as of NFSv4) a description of which users can access which files. It is up to the client to actually manage the permissions of which user is allowed to access which files.

CIFS, on the other hand, manages users on the server side, and may provide a per-user view and access of files. In that respect, it is similar to FTP or WebDAV, but with the ability to read/write arbitrary subsets of a file, as well as a couple of other features related to locking.

This may sound like NFS is distinctively inferior to CIFS, but they are actually meant for a different purpose. NFS is most useful for external hard drives connected via Ethernet, and virtual cloud storage. In such cases, it is the intention to share the drive itself with a machine, but simply do it over Ethernet instead of SATA. For that use case, NFS offers greater simplicity and speed. A NAS, as you’re using, is actually a perfect example of this. It isn’t meant to manage access, it’s meant to not be exposed to systems that shouldn’t access it, in the first place.

If you absolutely MUST use NFS, there are a couple of ways to secure it. NFSv4 has an optional security model based on Kerberos. Good luck using that. A better option is to not allow direct connection to the NFS service from the host, and instead require going through some secure tunnel, like SSH port forwarding. Then the security comes down to establishing the tunnel. However, either one of those requires cooperation from the host, which would probably not be possible in the case of your NAS.

Mind you, if you’re already using CIFS and it’s working well, and it’s giving you good access control, there’s no good reason to switch (although, you’d have to turn the NFS off for security). However, if you have a docker-styled host, it might be worthwhile to play with iptables (or the firewall of your choice) on the docker-host, to prevent the other containers from having access to the NAS in the first place. Rather than delegating security to the NAS, it should be done at the docker-host level.

Источник