I've done a lot of work with autofs and mounting a variety of different types of resources using it. You can check out the man page for autofs which does answer some of your questions if you can keep straight that when they're referring to $USER in the documentation, they're referring to the user that's running the autofs daemon. These are the variables that you get by default:
Variable Substitution
The following special variables will be substituted in the key and location fields of an automounter map if prefixed with $ as customary from shell scripts (Curly braces can be used to separate the field name):
ARCH Architecture (uname -m)
CPU Processor Type
HOST Hostname (uname -n)
OSNAME Operating System (uname -s)
OSREL Release of OS (uname -r)
OSVERS Version of OS (uname -v)
autofs provides additional variables that are set based on the user requesting the mount:
USER The user login name
UID The user login ID
GROUP The user group name
GID The user group ID
HOME The user home directory
HOST Hostname (uname -n)
Additional entries can be defined with the -Dvariable=Value map-option to automount(8).
You'd probably be tempted to use the -DUSER=$USER but this will only set $USER inside the autofs map file to the user that started the autofs daemon. The daemon is usually owned by a user such as root or a chrooted user specifically setup for autofs.
NOTE #1: a autofs file is comprised of a key and a value. The variables are only allowed for use within the value portion of a entry.
NOTE #2: If the -D=... switch does not override a built-in variable then $USER or $UID would contain the value of the person's $USER & $UID that is accessing the mount.
Limiting access to the CIFS share
Regarding your question of how to limit access to a CIFS mount, I don't see a way to accomplish this with autofs.
The credentials used to mount a CIFS share are used throughout the duration that the share is mounted. In effect, autofs, running it's daemon automount as say root, is "equivalent" to the credentials of the CIFS user.
This isn't what I would consider typical behavior for autofs and is a by-product of using mount.cifs. Typical autofs behavior would respect the permissions on the other end of the mount, whereas with mount.cifs it does not.
Bottom-line
I think you're out of luck accomplishing your setup using autofs. I think you're going to have to use fuse if you truly want each user to be accessing CIFS shares using their own credentials.
As for you trying to do SSHFS with Dropbear: the question is that SSHFS needs SFTP, while Dropbear only supports SCP.
So there is not much a point in debugging why it is happening.
From the dd-wrt wiki: https://www.dd-wrt.com/wiki/index.php/Sshfs
Since Dropbear (the default ssh server) apparently does not support
sshfs, you will need to install and run Openssh instead.
So indeed, SSHFS is not supported by Dropbear as you suspected.
P.S. For the benefit of other readers, Dropbear is a lightweight replacement for OpenSSH used widely in embedded systems/routers/ iOTs.
Best Answer
I do not think you can have
autofsprompt you for a password. You typically have to store it in a credentials file and reference it in automount file. This is how I've dealt with it in the past.Example
This file is then locked down like so:
containing this:
It's not ideal but is the best you can get with
autofs. The other approach is to defer mounting to the users themselves and let them do it on demand usinggvfs.You can also use
pam_mountwhich I cover in detail in this U&L Q&A titled: Proper way to mount samba share.References