fstab and cifs mounting, possible to store authentication information outside of fstab?

Question

I am currently using cifs to mount some network shares (that require authentication) in /etc/fstab. It works excellently, but I would like to move the authentication details (username/pass) outside of fstab and be able to chmod it 600 (as fstab can have issues if I were to change its permissions). I was wondering if it is possible to do this (many-user system, don't want these permissions to be viewable by all users).

from:

//server/foo/bar /mnt/bar cifs username=user,password=pass,r 0 0

to:

//server/foo/bar /mnt/bar cifs <link to permissions>,r 0 0

(or something analogous to this). Thanks.

score 22 · Accepted Answer · answered Jan 13 '11 at 16:21

From the mount.cifs manpage:

credentials=filename
    specifies a file that contains a username and/or password. The format of the file is:

                         username=value
                         password=value
   This is preferred over having passwords in plaintext in a shared file, such as /etc/fstab. Be sure to protect any credentials file properly.

score 9 · Answer 2 · edited Dec 08 '19 at 23:11

Use the credentials option such as:

http://www.justlinux.com/nhf/Filesystems/Mounting_smbfs_Shares_Permanently.html

Example from the website:

cd
echo username=mywindowsusername > .smbpasswd
echo password=mywindowspassword >> .smbpasswd
chmod 600 .smbpasswd

Substitute your Windows username and password in the commands. No one else except root would be able to read the contents of this file.

Once that is created, you would modify the line in the /etc/fstab file to look like this:

//servername/sharename /mountdirectory smbfs credentials=/home/myhomedirectory/.smbpasswd 0 0

example from /etc/fstab:

//server/share/   /mnt/localmountpoint   cifs   credentials=/root/.creda

janneb's post and the link to man page show what needs to be present in the credentials file.

score 6 · Answer 3 · answered Nov 18 '16 at 09:03

So I'm accumulating both answers

Create file, e.g. /root/.cifs

username=value
password=value
domain=value (optional)

set permission 600 (rw- permission) to protect your credentials
```
# chmod 600 /root/.cifs
```
pass credentials=/root/.cifs to your command instead of username= and password=

score 4 · Answer 4 · edited Aug 06 '23 at 09:42

4

Could try cifscloak:

python3 -m pip install cifscloak

... and see the README at https://github.com/sudoofus/cifscloak

edited Aug 06 '23 at 09:42

0xC0000022L

1,576
2
24
42

answered Sep 13 '21 at 15:40

Darren Chambers

41

fstab and cifs mounting, possible to store authentication information outside of fstab?

4 Answers4

Linked