PDA

View Full Version : NAS - Simple mount using credentialsfile



sea
21st February 2014, 05:49 PM
Heyas

Mounting the NAS can be a pita, and sometimes one just doesnt want to type a full command.


The script requires a one-time-all-info step, see screenshot and info below, and creates a credentials file according to your povided info:

nas (0.1) - NAS Mount Helper

Usage: nas [options] [//]SERVERNAMEORIP/SHARENAME /local/mount/location [USERNAME PASSWORD [DOMAIN]]
Where options are:
-h This screen
-u Unmount provided nas/share/s
-d Delete provided nas/share/s
-e Edit provided nas/share/s settings
-o Overwrite provided nas/share/s settings
-m Displays a TUI/CLI menu to select from
Examples:
First time: nas //192.168.xx.yy/Example /mnt/examples MyName MyPassword MyDomain
Later times: nas [192.168.xx.yy/]Example
Delete single share: nas -d [//]192.168.xx.yy/Example
Delete nas configuration: nas -d [//]192.168.xx.yy


Script requires cifs-utils as well as TUI (https://github.com/sri-arjuna/tui) (Installation (https://github.com/sri-arjuna/tui/wiki/Installation)) to be installed!
* cifs-utils are required as its used for the mount command
* TUI (text user interface) provides some nice commands that will be used (read: TODO) in the menu section

Download the script and remove extension (.sh) and move it to /usr/sbin.
Dont forget to make it executeable: chmod +x /usr/sbin/nas
By default it stores the files in $HOME/.config/nas, which is /root/.config/nas

NOTE / TODO:
* '-m' (menu) and '-d' (delete info) is not yet ready

Hope it is of help

jpollard
21st February 2014, 06:51 PM
Note: your password is available to anyone else on the system that does a "ps" at the right time... or puts a "watch" on the nas utility to catch it...

sea
22nd February 2014, 05:57 PM
Probably - on the very first call.
But once the files are written, there should be no way of the password to appear in memory (other than the use of mount does anyway (?)).

I didnt say it makes it safer alltogether, though, credentials generaly does so, however i dont want to make it unsafe.
Would you happen to have an idea how to avoid that?

jpollard
22nd February 2014, 06:40 PM
It would require the nas utility to read the password from a terminal then create the credential for subsequent use.

It may not be possible, unless the "-e" option allows creating the credentials by doing that.

sea
22nd February 2014, 07:51 PM
Like 'read'?
Since i cant reproduce what you've said, i have no urge to change something 'mount' is handling just the same way i do, while beeing the main application 'nas' uses.
Well maybe later, for now i have to improve and optimize argument handling/parsing.

Either way, if anyone else is on your system running something, you have other issues for sure ;)

sea
24th February 2014, 05:07 PM
Either way, i might have found the regarding code part that might be a security risk, as it was a redirection to stderr, i simply removed it.
However, since i was not able to reproduce, i dont know if it truely is 'solved'.

Non the less, here's version 0.2, now, after you have set up the NAS credentials and diffrent shares, you can call it by:
nas SHARENAME
which will mount the share SHARENAME of every NAS configured.

It should work on multiple findings, (un-)mounting all findings matching your passed argument (SHARENAME).

Also, some argument catching was changed, if you had any errors - it should be fixed now.
Further, it exits now with proper exit code of mount (the stderr redirection caused the script to return successfully either way)

hth
(see first post for download of nas 0.2 (nas2.sh))