[Samba] how to mount shares as a user without mount.cifs setuid

Gary Dale garydale at rogers.com
Fri Apr 9 11:32:45 MDT 2010


Nico Kadel-Garcia wrote:
> On Thu, Apr 8, 2010 at 2:08 PM, Gary Dale <garydale at rogers.com> wrote:
>   
>> Christian PERRIER wrote:
>>     
>>> Quoting Gary Dale (garydale at rogers.com):
>>>
>>>
>>>       
>>>> Now perhaps I'm missing something, but I have no trouble with users
>>>> mounting nfs shares. The idea that users can't mount cifs shares
>>>> strikes me as odd and an unnecessary impediment.
>>>>
>>>>         
>>> How about turning the binary we provide in Debian to setuid on the
>>> systems where you want it to be this way, by using
>>> dpkg-statoverride(8)?
>>>
>>>       
>> Actually, I was just responding to Nico's assertion that disabling setuid is
>> a seatbelt. The idea that mounting shares should be restricted to root is,
>> imho, a cure that is worse than the disease.  :)
>>     
>
> It's safer *default* behavior. If you want non-root users to be able
> to mount, you can create a table of mounting options in auto.master or
> in another auto.cifs file that will translate the mounting options
> into something available to users, with wildcards to allow access to
> alternative servers or shares.
>   
I've been trying without success to get even a basic auto.cifs working 
following the howto at 
http://www.howtoforge.com/accessing_windows_or_samba_shares_using_autofs.

I installed autofs v5.0.4 from the Debian/Squeeze repository and created 
the /etc/auto.cifs file. I made it executable and changed the mountopts 
line to: 
mountopts="-fstype=cifs,file_mode=0644,dir_mode=0755,uid=garydale,gid=users".

I created a /etc/auto.smb.<filesever> file and gave it my credentials. 
Then I added the auto.cifs line to the auto.master file and restarted 
the autofs system.

I then fixed a few errors I was getting re. my domain name by adding an 
automount: nis files line to /etc/nsswitch.conf and also running 
domainname <mydomain>.

At this point I can run ls -als /cifs/<fileserver> and see all the 
exported shares, etc. from that server. However the shares are not 
mounted. Checking syslog I now find an error "Status code returned 
0xc000005e NT_STATUS_NO_LOGON_SERVERS".

Google only finds two hits on this message, neither of which was 
helpful. I know my Windows desktops are logging in to the domain as 
their profiles are updated when they do.

Anyway, this leaves me with some questions.
1) do you have any idea on how to fix the error?
2) even if I do, I think I need more information on how auto.cifs can 
help. If I replace the uid=garydale with something like uid=$USER, won't 
that just pick up the uid as root, the context in which the mount is 
running?
3) the credentials file for autofs seems to only allow a single 
username+password combo for each mount. Is there a way around this?
4) can the credentials be updated automatically when the user changes 
their password?



More information about the samba mailing list