Linux – How to enable access control for CIFS mount point available for multiple users

cifslinuxpermissionssamba

I have a samba server configured with multiple users.

By default, mounted cifs shares only use the credentials provided at mount. Everyone who can access the mount point accesses the files as the user whose credentials were used.

I am looking for a way to configure my clients to automatically use user's own credentials when the user is accessing the mount point.

The login user names and passwords are the same as used to access samba server.

Best Answer

With multiuser mount option, users use their own credentials to access the mount point. However, this still requires the mount be available when the user access the share, and to mount the share the client needs valid credentials (if the server does not allow anonymous (guest) access).

pam_cifscreds can be used to cache login password which is used to access the cifs share. Alternatively users can use cifscreds to provide password. In both cases, pam_keyinit.so should be used in pam session configuration to ensure a session keyring is established at login time.

On Debian based systems appending the following configuration should work:

/etc/pam.d/common-session (replace {SAMBA_SERVER} with IP address or host name):

session required    pam_keyinit.so
session optional    pam_cifscreds.so host={SAMBA_SERVER}

/etc/pam.d/common-auth:

auth    optional            pam_cifscreds.so
Related Question