5

I would like to mount a cifs drive for 2 user accounts on a Linux server.

I have no trouble mounting the cifs drive for me, or for sudo, but I need to mount it so that two users can access it:

sudo mount -t cifs -o username=BLAH,password=BLAH,uid=1000,gid=1000 //192.168.168.200/home /mnt/officenas

This works fine for my access, and:

sudo mount -t cifs -o username=BLAH,password=BLAH //192.168.168.200/home /mnt/officenas

works fine for sudo.

How do I allow 2 separate users who don't have sudo access to have read/write access of the same mounted drive?

There are a lot of settings in the man pages which I frankly don't understand, so any help would be appreciated.

Improve this question
1

1 Answer 1

Reset to default
5

Use the multiuser mount option. Also enable the pam_keyinit.so and pam_cifscreds.so PAM modules. The latter will store the users' OS login passwords in the kernel, so that the cifs driver can use them to log in to the server.

If the usernames or passwords don't match between client & server, pam_cifscreds won't work, but users can manually log in using cifscreds add (which also requires pam_keyinit). Either way, keyctl show can be used to check the keyring contents.

Alternatively, just mount the same share in two different places with different UIDs.

Improve this answer
5
  • 1
    After many hours investigating this, I have managed to get this to work by running:- keyctl session then cifscreds add server then sudo mount.cifs //server/share -o username=userx,password=pwdx,multiuser But the mount command will fail on the next reboot because the credentials were not persistent. How can I make the credentials be persisted across reboots?
    – Daniel Ellis
    Commented Aug 21, 2017 at 8:45
  • 1
    There are PAM modules for both steps (pam_keyinit and pam_cifscreds).
    – grawity_u1686
    Commented Aug 21, 2017 at 9:19
  • 1
    Thanks. I have now added these two modules to /etc/pam.d/common-auth and /etc/pam.d/common-session as described in the man pages, and this is now allowing access after a reboot. But I have noticed both mechanisms (pam_cifscreds and cifscreds) do not work as I expected. After mounting, it is as if the session is root rather than the user. The user can access directories it shouldn't be able to, and new files are created as root. Any ideas?
    – Daniel Ellis
    Commented Aug 21, 2017 at 22:29
  • setuids option seemed to fix it for me, but I think my main problem was due to a very old samba version on my Tomato router. Moving to a Debian server with an up to date samba version has resolved all my issues.
    – Daniel Ellis
    Commented Aug 25, 2017 at 9:52
  • @DanielEllis can you describe the exact files changed and those changes? Especially pam changes.
    – JamesThomasMoon
    Commented Sep 23, 2017 at 2:50

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .