[Samba] How to stop mount.cifs remembering password

Jeff Layton jlayton at samba.org
Mon Apr 12 10:43:42 MDT 2010 

On Thu, 1 Apr 2010 09:44:04 +0200
"Andy Gibbs" <andyg1001 at hotmail.co.uk> wrote:

> Dear all,
> 
> I'm fairly new to Samba and CIFS and, for that matter, Linux in general.
> I'm having a problem with "mount.cifs" as provided with Debian 5.  I'm
> afraid I cannot say what version of mount.cifs I have since doing
> "mount.cifs -V" does not (contrary to the message it shows when I do this)
> actually show the version, but rather how to use the program.
> 
> The problem I have is that having successfully logged into a Windows shared
> folder, I can subsequently log in *without* the correct password.
> 
> So...
> 
> mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=correct
> umount /mnt
> mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=incorrect
> 
> At this point it has remounted and given me full access, even though I've
> got my password wrong the second time (and each subsequent time).  I can
> even do "-o user=user,guest".  If I change user, then I must get the
> password right at least once, but then once I have got it right, I then no
> longer need to get it right.  The problem is that anyone using the computer
> after someone has accessed the Windows share, can also then access it
> without knowing the password.
> 
> As far as I can see, and I'm no expert, this is not a Windows problem since
> in Windows, connecting to the folder requires the correct password every
> time.
> 
> Is there any way I can force mount.cifs to forget the correct password so
> that it requires it to be correct each time?
> 
> I'm sorry if I have not provided the correct information: I will happily do
> so if told what to provide!  I have tried the Samba website and Google for
> answers, but haven't found the right search phrase.  If I've missed
> something, I'll happily just receive a link to the right page.
> 
> Thanks for any help!
> 
> Andy
> 

The Linux cifs client aggressively shares connections to the server,
and isn't very careful about making sure that the mount options for new
mounts are considered when matching existing connections to the server.

This is a kernel bug, but not one that's trivial to fix. It's also
another good reason why it's not prudent to allow unprivileged users to
mount shares not listed in /etc/fstab.

You'll probably get more response from these sorts of questions on the
linux-cifs-client at samba.org mailing list. Fixing this will likely mean
significant design changes in how CIFS deals with connections to the
server.

Cheers,
-- 
Jeff Layton <jlayton at samba.org>

More information about the samba mailing list