I've done a lot of work with autofs
and mounting a variety of different types of resources using it. You can check out the man page for autofs
which does answer some of your questions if you can keep straight that when they're referring to $USER
in the documentation, they're referring to the user that's running the autofs
daemon. These are the variables that you get by default:
Variable Substitution
The following special variables will be substituted in the key and location fields of an automounter map if prefixed with $ as customary from shell scripts (Curly braces can be used to separate the field name):
ARCH Architecture (uname -m)
CPU Processor Type
HOST Hostname (uname -n)
OSNAME Operating System (uname -s)
OSREL Release of OS (uname -r)
OSVERS Version of OS (uname -v)
autofs provides additional variables that are set based on the user requesting the mount:
USER The user login name
UID The user login ID
GROUP The user group name
GID The user group ID
HOME The user home directory
HOST Hostname (uname -n)
Additional entries can be defined with the -Dvariable=Value map-option to automount(8).
You'd probably be tempted to use the -DUSER=$USER
but this will only set $USER
inside the autofs
map file to the user that started the autofs
daemon. The daemon is usually owned by a user such as root
or a chrooted
user specifically setup for autofs
.
NOTE #1: a autofs
file is comprised of a key
and a value
. The variables are only allowed for use within the value
portion of a entry.
NOTE #2: If the -D=...
switch does not override a built-in variable then $USER
or $UID
would contain the value of the person's $USER
& $UID
that is accessing the mount.
Limiting access to the CIFS share
Regarding your question of how to limit access to a CIFS
mount, I don't see a way to accomplish this with autofs
.
The credentials used to mount a CIFS
share are used throughout the duration that the share is mounted. In effect, autofs
, running it's daemon automount
as say root
, is "equivalent" to the credentials of the CIFS
user.
This isn't what I would consider typical behavior for autofs
and is a by-product of using mount.cifs
. Typical autofs
behavior would respect the permissions on the other end of the mount, whereas with mount.cifs
it does not.
Bottom-line
I think you're out of luck accomplishing your setup using autofs. I think you're going to have to use fuse
if you truly want each user to be accessing CIFS
shares using their own credentials.
As for you trying to do SSHFS with Dropbear: the question is that SSHFS needs SFTP, while Dropbear only supports SCP.
So there is not much a point in debugging why it is happening.
From the dd-wrt wiki: https://www.dd-wrt.com/wiki/index.php/Sshfs
Since Dropbear (the default ssh server) apparently does not support
sshfs, you will need to install and run Openssh instead.
So indeed, SSHFS is not supported by Dropbear as you suspected.
P.S. For the benefit of other readers, Dropbear is a lightweight replacement for OpenSSH used widely in embedded systems/routers/ iOTs.
Best Answer
I do not think you can have
autofs
prompt you for a password. You typically have to store it in a credentials file and reference it in automount file. This is how I've dealt with it in the past.Example
This file is then locked down like so:
containing this:
It's not ideal but is the best you can get with
autofs
. The other approach is to defer mounting to the users themselves and let them do it on demand usinggvfs
.You can also use
pam_mount
which I cover in detail in this U&L Q&A titled: Proper way to mount samba share.References