safe automount with cifs at startup

[Bl4deRunner]

Hi people,

how can I safely automount a shared folder with Fedora Core 5 at startup?

I know as much as adding the following line to the startup-script

Code:

 mount -t cifs -o ro,user=user,workgroup=company,password=verysecret //server/shared /mnt/shared

but the problem is that the password is potentially readable.

Is there any safe way to mount a shared folder?

[foobar47]

Hi,

Why don't you add an account which is just able to share this folder ?
Cheers.

[Bl4deRunner]

How do you mean?
Note that I'm not running any kind of Xwindows/desktop.
Just plain -Bash.

[foobar47]

If you're afraid about the password, you just add an new user account and just allow this account to view this shared folder.

Like that, you can mount your share with this account and if someone take the password, it will juste be able to view the shared folder...

Do you understant what i mean... sorry to not be more clear...

[Bl4deRunner]

Ah, you mean to create an account with user "mounteneer" in Linux.
Have the windows-share "transfer" allow user "mounteneer" to connect.
And have a start-up script in Linux automatically mount to "transfer" with account "mounteneer"/
Right?
How would such a start-up script look like, and where do I place it?

[Northern]

You can use the 'credentials' option.

ie
mount -t cifs -o ro,credentials=/somewhere/.cred,workgroup=company //server/shared /mnt/shared

Then make /somewhere/.cred readable only by root.

Nick .

[Bl4deRunner]

Thanks a lot! Now I understand what credentials is used for.

But what's the best location to place the automount-command, when the mounted directory should be accessible for services? (.bash_profile is obviously not an option)

[Northern]

Why not just put it in /etc/fstab ?

Here's an entry from one of our servers -

lamda:/LAMDAFTP /db/code/lamda/lamdamp cifs credentials=/db/code/lamda/.cred,defaults 0 0

Works like a charm

[Bl4deRunner]

Great! Thanks!

What does your code do?
lamda doesn't exist in FC5, but I guess you meant lambda?
I read the man and the --help text, but it still doesn't give me a clue what it's for.
www.Google.com/linux is my next step.

[landoncz]

To be really secure you can use sshfs which is like NFS, but over SSH so it is encrypted and just as secure as SSH. I am using that and have had no problems with it whatsoever... Very secure...

[Bl4deRunner]

How does that work?

[landoncz]

http://fuse.sourceforge.net/wiki/index.php/SshfsFaq
There was a really easy to follow article in linux journal a couple of months ago. Basically it is just installable via yum, and you mount it like this:

Code:

sshfs -f user@ssh_server: /home/your_mount_point

And then you can see everything through the desktop but it is being transferred via SSH so it's secure. Then to unmount, its somehting like this:

Code:

fusermount -u /home/your_mount_point

I am leaving out a few SSH setup stuff like keys and such but if you have trusted SSH login with that server, then there is no additional setup needed...

[Northern]

Quote:

Originally Posted by Northern

Why not just put it in /etc/fstab ?

Here's an entry from one of our servers -

lamda:/LAMDAFTP /db/code/lamda/lamdamp cifs credentials=/db/code/lamda/.cred,defaults 0 0

Works like a charm

Hi again, sorry for the late reply.

lamda is the name of the windows server, so really its like this

wiindows_server_name:/windows_server_share_name /path_to_mount_on cifs credentials=/wherever/somefile 0 0

And the file that credentials= points to contains the username password for the windows share.

Hope that helps,
Nick .

[Bl4deRunner]

Oh really! I never realised it could also be written like that! I never saw anything like that in the manual... Linux is full of surprices.
So basically I can use
server:/shared /mnt/mydrive cifs credentials=/root/.cred,defaults (what does 0 0 stand for? can I just say rw)

[Bl4deRunner]

hmm.. maybe I misunderstood something, or I'm missing something...
when I type server:/shared I get the error:

Code:

-bash: server3:/buitendienst: No such file or directory