How to properly mount SMB drive on demand in Linux?

Question

I mostly use my laptop, and when I'm at home I like to be able to access the SMB shares on my NAS. While I can easily do so in Thunar (I use XFCE) by simply typing smb://nas.address/share into the address bar, no other applications are able to access the files on the share. For example, if I double click on a video file in my /movies share, I would like it to start playing in my preferred video player (VLC), but instead I am presented with an insane smattering of error messages and have to force quit VLC. I know I can set up permanent mounts via fstab, but 1) I want to be asked for the credentials when mounting rather than store them permanently on my computer and 2) since it's a laptop I will often be using it when I am outside of my local network and I do not want it to try to mount drives at boot which are not available (and no, I have no intention of opening up my SMB shares to the Internet). I'm tired of having to copy everything I want to watch/listen to onto my laptop via Thunar first - how do people deal with this nuisance?

Edit: This is what the authentication popup in Thunar looks like

Very promising indeed, exactly what one would expect to see - except that an authentication that is "remembered until you log out" only applies to Thunar and no other applications. As far as I can see, an smb:// path is just like any other URL, and with the credentials stored in my user session any application running in that session should be able to use those credentials to access the URL - provided of course that the OS has a registered handler for SMB URLs.

Answer 1

I use autofs to mount my NFS shares on demand in my Kubuntu.

autofs is a program for automatically mounting directories on an as-needed basis. Auto-mounts are mounted only as they are accessed, and are unmounted after a period of inactivity. Because of this, automounting NFS/Samba shares conserves bandwidth and offers better overall performance compared to static mounts via fstab.

In your case this is useful:

When specifying a CIFS share in a map file, specify -fstype=cifs and precede the share location with a colon (:).

Example:

mntpoint -fstype=cifs ://example.com/shrname

Example: Mount read-write, specifying a user and group to own the files:

mntpoint -fstype=cifs,rw,uid=myuserid,gid=mygrpid ://example.com/shrname

Example: Mount read-write, specifying a username and password to use to connect to the share:

mntpoint -fstype=cifs,rw,username=myuser,password=mypass ://example.com/shrname

A map file is /etc/auto.master or /etc/auto.* or e.g. /etc/auto.master.d/*. Read the documentation and learn how to configure the daemon.

At the first glance it looks like this is not the perfect solution for you because it seems you have to store the credentials in a file. This would be a map file (like in the example above) or a separate file e.g. credentials.txt as you can see here. However there is this comment there:

I suppose you could make credentials.txt a named pipe and run a password prompting program to feed the pipe.

If this is right then I expect this "password prompting program" may be just a single echo or printf you invoke by hand.

---

EDIT:

What I'm asking for is an easy way to do this without having to manually invoke the command at a prompt, and without having to store (or fudge) the credentials in a file.

Linux can mount/unmount various filesystem via mount.* and umount.* executables. This credentials=/etc/credentials.txt option in the linked example is in fact an option to mount.cifs. I think if you use something like

mount -t foo …

or in autofs configuration:

mntpoint -fstype=foo …

it will try to find and run mount.foo, passing all other options to it.

So you should create mount.mycifs as a wrapper over mount.cifs. It should prompt you for your credentials somehow (straightforward xterm -e … maybe, use read or dialog or something else; but read this please), add -o username=…,password=… or -o credentials=… to the rest of options and pass them to mount.cifs (or mount -t cifs) which does the actual mounting.

If you have umount.cifs then make umount.mycifs a symlink to it.

Then use -fstype=mycifs in your map file without any options related to credentials.

---

The following /sbin/mount.mycifs is a quick and dirty proof of concept. Understand what it does before you run it in your OS because it will be run as root, I'm a random guy on the Internet and you shouldn't trust me.

#!/bin/bash

tmpf="`mktemp`"
DISPLAY=:0 XAUTHORITY=/home/ola/.Xauthority xterm -e /bin/bash -c '\
read -p "user:" u; \
read -sp "password:" p; \
printf "username=%s\npassword=%s" "$u" "$p" > "$0"; \
' "$tmpf"

mount -t cifs "$@" -o credentials="$tmpf"
rm "$tmpf"

It should be owned by root:root or whatever is proper for mount.* in your OS. Don't forget to make it executable (sudo chmod a+x /sbin/mount.mycifs), it won't work otherwise. Notice there's a nasty hack with DISPLAY and XAUTHORITY that allows the autofs daemon to display xterm window on your(?) screen but in general it shouldn't do it. The hack is only for the daemon, mount -t mycifs … should be able to display xterm without the hack if invoked from within your desktop environment.

To make it less dirty you should write yet another program or script and run it with your local user's limited permissions before you access a directory where your CIFS would be automounted. This script should wait for a signal from mount.mycifs, prompt you for the credentials (it can display windows etc. without nasty hacks) and pass them to mount.mycifs which shouldn't display any windows nor prompts on its own.

Answer 2

You stated that you will often be using it when outside of your local network but then you stated that you don't want to open your SMB shares to the internet. If you want to access your shares outside of your local network then you will have to open them up to the internet as there is no other way to do so.