Samba Configuration setup - Act 3 - Auto-mounting a Samba Share

So here is ACT 3 of the Samba configuration setup. If you have yet to read ACT 2 that details how to enabled samba throught SELinux, click here Samba setup ACT 2. Now we are going to look at the process of auto-mounting a samba share on a CentOS 7 client machine making that share accessible after boot. In Windows 10, we were able to auto-mount a samba share by simply creating a mapped drive to the share. To auto-mount a samba share on a linux client machine during the boot process will require a different approach.

What is auto-mounting anyway? Auto-mounting is having your operating system take a filesystem (storage device, network folder, or other)  and place it in some location on your local filesystem. Every time the system boots, that filesystem will always be accessible from that location. A filesystem is a structure your computer uses to manage files and data stored on a disk. To access that data, simply open a "file manager" program and navigate to the folder that has your data. When a computer auto-mounts a filesystem, it places in a folder or some other location on your local disk the user can access using a "file manager".

Samba considers a shared resource a network filesystem or a filesystem that is accessible from a network. Such a filesystem is represented by "cifs"(common internet filesystem) filesystem.

What we are going to do is auto-mount a samba share on a CentOS 7 client machine so we can access the resources in it the moment our client machine boots. Auto-mounting in Linux is interesting. We literally have to write a mounting command in a text file the system reads to get an idea of what filesystems to mount. The file that holds these commands is known as "/etc/fstab". The "/etc/fstab" holds the filesystems that are to be mounted at boot time. The picture below an example of an "/etc/fstab" file.

If we examine the line that begins with "/dev/sdal", this row has 6 fields separated by spaces.  

The first field is the resource itself, the filesystem, device or network filesystem to be mounted. The second field is the mount point, in otherwords, where on the local filesystem this new filesystem is going to be placed. The third field is the filesystem type; linux wants to know if this is an ext4, ntfs, cifs, or other filesystem so it knows how it should write and copy to and from it. The fourth field holds rules to apply to the mount. We are telling linux how this filesystem is going to behave. The fifth value tells linux if it should dump filesystem information to a log file for troubleshooting purposes. This value is either "1" for yes, "0" for no. The sixth value tells linux if it should run a filesystem integrity check to insure there are no errors. Filesystem checks are done in order from first to last. If this value is a "1", it means check this filesystem first before checking the filesystems of other mounts. The manpage for "fstab" explains the fields in this file in more depth.

$man fstab

Lets take a look at what a samba mount procedure looks like without writing to the "/etc/fstab" file.

Here I am mounting a samba share non-persistently from a terminal. I am telling the system to mount a network accessible filesystem "CIFS" located at "//192.168.1.8/sambashare" to my local directory "/mnt/sambashare". Once this command completes, the samba share will be accessible from our client machine's "/mnt/sambashare" folder. Unfortunately, this will not survive a reboot. We will need to add this to our client machine's "/etc/fstab" file.

Lets take a look at a persistent mount from the "/etc/fstab".

Now this looks interesting. What is this "credentials" value doing there? Remember when we created our samba share, we created it with user security clearance. That share cannot be accessed by anyone except an authorized user. Our client machine cannot mount that share unless it proves it has that authority. Otherwise, no auto-mount. 

The username and password will have to be placed somewhere. The fifth value of our mount line that controls how our mount behaves, will hold those credentials.  The mounted filesystem will not allow anything to access the resources in it unless it gives permission. For our client machine to submit these credentials at boot-time will require us to input these values, "username=(samba username), password=(samba password)". Once our client machine submits these credentials correctly, the share will be mounted and resources accessible.

The line should look something like this(check below picture). Once your client system reads this line during the boot process the share will be mounted even before we login. Writing out the share location looks similar to the way we mapped that share in windows. The difference, we have to use forward slashes instead of back slashed, two to name the server, one to name the share.

Now placing "username" and "password" values, in plain text, in the "/etc/fstab" may be frowned upon. The "fstab", by default, can be read by other users. We don't want our evil twin exacting revenge on us for that loss they took in COD:WWII. We can do one of three things, always let our evil twin win, take away the "read" right from users who are not the owner of this file or who are part of the owner's group, or, create a separate file that only has owner and group owner "read" privileges, and have the "fstab" file read from that file. We are going to remove the "read" right permission from everyone esle "fstab".

$ll /etc/fstab

$sudo chmod o-r /etc/fstab 

Only the owner of this file, which is "root" can read what's inside. Only users who are part of the owner's group, which is also "root", can read this file. Only users who were granted "root" authority can read this file. We could leave the file in this form. Every time our client system boots, the share is available.

We can also put the "username" and "password" values in a separate file called "creds.txt", place it in the samba folder under "/etc/samba", and again, remove the "read" permission. Lets create the file. We could also place this file in one of our profile directories. For now, lets just keep it in the "/etc/samba" folder. Navigate to the "/etc/samba" folder and create the "creds.txt" as indicated below.

$sudo vim /etc/samba/creds.txt

Inside the file, write these lines. Replace "username" and "password" with the username and password you created for the samba share.

username = samba username

password = samba username password

Once the file is created, remove the "read" permission from "other" and "group". Only the owner which is you or "root" can read that file.

$sudo chmod go-r /etc/samba/creds.txt

Now in the fstab file, in the fourth section, input the line as indicated below.

credentials=/etc/samba/creds.txt

This line will direct linux to the "creds.txt" file location to retrieve the username and password for the samba mount. Once everything performs as it should, your samba share will be mounted on your linux client the moment it boots.

Keep in mind we are accessing a samba share that requires user authentication. We can however create a share for public use which does not require user authentication. That will be our fourth ACT. May the open source be with you. 

Feel free to send me an email on my website should you need any additional services.