Samba is a free and open source interoperability suite of programs which allows us to share files and printers between machines running Linux or Windows. A Samba share is pretty easy to configure and can easily be accessed on clients, since the vast majority of Linux file explorers has built-in support samba. In certain situations, however, we may want to mount a Samba share at boot, just like a normal filesystem on a specified mountpoint.
In this tutorial we are going to see how to use cifs-utils to mount a Samba shared directory on Linux.
In this tutorial you will learn:
- How to install cifs-utils on some of the most used Linux distributions
- How to mount a credential-protected Samba shared at boot
- How to mount a guest accessible Samba share at boot
Software requirements and conventions used
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Distribution-independent |
| Software | cifs-utils |
| Other | An accessible Samba share |
| Conventions | # – requires given linux-commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux-commands to be executed as a regular non-privileged user |
Introduction
In the course of this tutorial I will assume a Samba shares already exists and is accessible on the local network. I will assume the IP of the Samba server to be 192.168.0.39, and the name of the Samba share to be shared_data. Setting up a Samba share is not a difficult task, but in case you should need assistance, you can take a look at this tutorial, and in a short time you should be good to go. Although the majority of graphical file managers on Linux support Samba by default, and is easy to access and bookmark a shared directory, in some cases we may want to mount the share automatically when the system boots, so that it is treated as a part of the local filesystem. Let’s see how we can do it in few, easy steps.
Installing cifs-utils
The cifs-utils package, which is available in the repositories of all the most used Linux distributions, contains a series of tools to manage directories shared via Samba, as if they were standard Linux filesystems. To install the software on Fedora, all we have to do is to run the following command:
$ sudo dnf install cifs-utils
On Debian and its many derivatives like Ubuntu and Linux Mint, instead, the “modern” way to install packages is to use the apt wrapper which simplifies the use of lower level tools like apt-get:
$ sudo apt install cifs-utils
If Archlinux is our favorite distribution, we can perform the installation by using the pacman package manager. The cifs-utils package is available in the Extra repository:
$ sudo pacman -Sy cifs-utils
Once the cifs-utils package is installed on our system, we can use it to automount the samba share at boot. Let’s see how.
Step 1 – Creating a mountpoint
To be able to mount the Samba share at boot, as a first thing we need to create a mountpoint on our local filesystem. For the sake of this article we will create and use the /mnt/samba directory for this purpose. To create the directory we can run:
$ sudo mkdir /mnt/samba
Our mountpoint is now ready. What we need to do now, is to create an entry in the /etc/fstab file for the Samba share.
Step 2 – Creating an /etc/fstab entry
On any Linux system, the /etc/fstab file contains the instructions needed to mount filesystems at boot. We examined the fstab syntax in detail in a previous article, which you can take a look at if you are not familiar with it. Depending on how it is set server-side, a Samba share can be either protected by username/password credentials, or accessible as a guest user. The mount options we need use in /etc/fstab depend on this factor.
Creating an entry for a password-protected Samba share
On the vast majority of cases, Samba shares are protected, and to access them, an username and a password should be provided. Since we need to automount the Samba share at boot, we don’t want those credentials to be asked interactively. There are two ways we provide credentials without interaction, one slightly more “secure” than the other.
The first, and less secure of the two is to specify the username and password needed to access the Samba share as values of the dedicated cifs mount options directly in the /etc/fstab file. Let’s see an example. Here is how our fstab entry could look like:
//192.168.0.39/shared_data /mnt/samba cifs username=myusername,password=mypassword 0 0
In the first entry field we reference the filesystem we want to mount. Normally, when dealing with standard filesystems, we reference them by using their UUID, LABEL or path. In this case, however, we need to provide the IP of the samba server together with the name of the Samba share.
In the second field of the entry we specify the mountpoint for the filesystem. The third field, instead, is used to specify the filesystem type: we need to use “cifs” as value here.
The fourth field is where we specify mount options: here, as we said above, we used the username and password options to pass our Samba share credentials. This way of specifying credentials has its obvious flaws, since everyone in the system is be able to read the file. Even if the file had more strict permissions, the mount options would be visible in the output of the mount command, which, when invoked without options returns a list of the mounted filesystems and the associated mount options.
The last two field of the fstab entry are used to specify whether the filesystem should be dumped (boolean value) and in what order filesystem should be checked (a value of 0 disables the check altogether).
The second and slightly more secure option is to store the Samba credentials for the shared directory in a dedicated file and then use its path as the value of the credential mount option. For the sake of this tutorial we will create the file as /root/smbcredentials. Here is what we write inside of it:
user=mysambauser password=mysambapassword
After we save the file, we can set its permissions so that is only readable by its owner, which at this point is the root user (this could be superfluous, since in this case the file is under the /root directory, which by default is itself owned by the root user and the root group, and has permissions set to 550, so only root can access it and list its content). With the file in place, here is how we change our fstab entry:
//192.168.0.39/shared_data /mnt/samba cifs credentials=/root/smbcredentials 0 0
After we save the entry in the fstab file, to check that the Samba share is mounter without problesm, we can simply run:
$ sudo mount -a
After we launch the command above, the Samba share should be mounted on/mnt/samba, however, it seems that we can only read the content of the directory, and if we try to create, modify or delete a file inside it as an unprivileged user we receive an error message (even if the “real” filesystem where the exported files are doesn’t support UNIX permissions, like NTFS); why this happens? If you list the directory content and examine the permissions of the directory itself, you will see they are owned by the root user! This happens because of the uid and gid cifs mount options.
The
uid and gid mount options are used to set, respectively, the uid and gid of the files inside the shared directory in the client system when the Samba server does not provide ownership information. The default value used for these options is 0, which as we know is the uid and gid of the root user. How do we solve this problem? One solution is to set the value of these options to the uid and gid of the local user that should be allowed to write on the share (it goes by itself that writing should be allowed in the share configuration on the server in the first place, with the read only option set to “no”). Supposing the uid and primary gid of the user which should be allowed to write on the shared directory are both 1000, we would write:
//192.168.0.39/shared_data /mnt/samba cifs credentials=/root/smbcredentials,uid=1000,gid=1000 0 0
Another solution is to use the noperm cifs option instead. When this option is used, the client (so our local system), does not perform permission checks on the Samba share (permissions are enforced only server-side). This solves the problem, but has the drawback of potentially allowing all users on the local system to write to the share once it is mounted:
//192.168.0.39/shared_data /mnt/samba cifs credentials=/root/smbcredentials,noperm 0 0
Creating an entry for a guest-allowed Samba share
On certain cases, the samba server can be set to allow guest access to a share, this is called anonymous access. How can we mount such share at boot? Before we see this, we should take the time to say that when a Samba share is set to allow access as unauthenticated users, it is a good habit to allow only access to those, and don’t use the share with authentication, as it stated in the official Samba documentation. Such setup can be achieved by setting the guest only option to “yes” in the share configuration: this will force all users to access the share with the guest account, which by default is mapped to the “nobody” UNIX user. This is an example of a guest accessible share as reported on the aforementioned documentation:
[shared_data]
# This share allows anonymous (guest) access
# without authentication!
path = /srv/samba/data
read only = no
guest ok = yes
guest only = yes
Assuming we have this configuration in place on the server, and our user on the client is still identified by uid and gid 1000, our fstab line becomes:
//192.168.0.39/shared_data /mnt/samba cifs uid=1000,gid=1000,guest 0 0
As you can notice, we used a new option: guest. When this option is used we will not be asked for a password interactively. That should be enough to mount a Samba share accessed as an anonymous user.
Conclusions
In this tutorial we saw how to mount a directory shared via Samba at boot, just as it was a standard Linux filesystems. To achieve our goal we used the software provided by cifs-utils package and we saw how to install it in some of the most used Linux distributions. In the tutorial, we learned how to mount both a credential protected and a guest-accessible Samba share, and discussed some cifs mount options.
