How to use my login password to do two things

Question

I have a CIFS drive that I mount regularly, and it requires a password for it. Since it's annoying to type my password every time, I wrote a script that sets the PASSWD environment variable, mounts the drive, and then I clear it (CIFS checks the PASSWD environment variable before asking).

It works, and the script with my password is on an encrypted partition, but I don't like it.

What I would like to do instead is, since my box and the remote drive have the same plain-text password, the login manager use the password I type to try and mount the drive as well. That way my password isn't written in plain-text on my computer but I avoid having to answer yet-another-password.

Other suggestions to improving the CIFS mount login are welcome, keeping in mind I don't have root access to the server hosting the drive.

EDIT:

I have to clear up somethings:

• I have root access to the client (my box), I just don't have access to the server. So all solutions must be client side.

• My concern is having a plain text copy of my password for anyone who gets physical access to my laptop. Currently my /home partition is encrypted so my script is fairly secure when the laptop is off.

This is why I'd like a solution, if possible, that uses the fact that I'm typing those exact credentials to log into my user account.

Answer 1

I generally use the automount service for shares like this that I'll periodically want to mount and use. Setting this up, once you understand how, is fairly trivial.

Step #1 - setup automounting

You'll need to make sure that packages are installed. On CentOS 6 that would be autofs. Most likely other distros will use a similar name. You'll then need to create the following files:

# /etc/auto.master
/mymountpt          /etc/auto.mymountpt --timeout=600 --ghost

# /etc/auto.mymountpt
someshare                  -fstype=cifs,rw,noperm,netbiosname=${HOST},credentials=/etc/credentials.txt ://cifsserver/sharename

# /etc/credentials.txt
username=mydom\myuser
password=somepassword

You'll need to make the permissions on this last file like so:

$ sudo chmod 600 /etc/credentials.txt

You'll also need to make sure that NSS (Name Service Switch) is aware of this setup:

# /etc/nsswitch.conf
automount:  files nisplus

With these files in place you should now be able to start the autofs service.

$ sudo service autofs start

Step #2 - testing it out

Once the service has been started, you'll be able to access this path at will:

$ cd /mymountpt/someshare

The mounting of this share is now governed by autofs which will watch for 600 seconds of inactivity, at which point it will unmount the share.

This approach may seem a bit heavy handed but by doing things this way, you've alleviated your system from having to be dependent on a particular CIFS share as being available at boot. You've moved it so that it's now on demand when it's actually being used.

What to do if you don't have root login?

If you find you don't have these packages installed and aren't able to install them then your options become far fewer.

I would take a look at the Samba article in the ArchLinux Wiki, it covers other methods as well. You could also make use of FUSE to mount a variety of types of media as local directories, including SMB/CIFS. This is covered in the FUSESmb article on the Ubuntu Wiki.

References

• How to Mount a SMB/CIFS Share as an Automount on CentOS/Fedora/RHEL
• ArchLinux Wiki - Samba