stoerdebegga


Mounting Network Shares

Posted on Thu, Nov 30 2023

This post is the result of some long pending clean ups of my laptop and desktop setups which led to delving into mounting options for network storage (served by CIFS) as I relied on fstab based auto mounts on both devices and figured they were not necessarily the way to go in some of my use cases, i.e. on the laptop an on demand mount would be preferable.

In any case, while automatically mounting a share is very convenient, you might want to spend a thought or two on your particular threat model as auto mounting can have security implications such as a rogue process or a malicious program wiping out, modifying or encrypting all data on the share. There is no generic answer to how likely these kind of events are as they highly depend you personally, but to bust a myth, using Linux is not a silver bullet and you can still fell prey to bad actors which means you still have to apply common security best practices to prevent disasters.

Mounting via fstab

Adding a corresponding line to /etc/fstab is kind of the traditional way of mounting a device, like network resources (if you're not using something like nfs), and is often the way to go when using minimal distributions such as Alpine Linux. For a network share such a line could look like this

# device        mountpoint      type    mount options
//nas/share     /mnt/nas-share  cifs    credentials=/etc/.credentials,uid=1000,gid=1000,nofail

The credentials file being used here simply consists of the username and password of the share to mount, like so

username=THISISME
password=MYSUPERSAFEPASSWORD

You might want to consider to check on the file permissions and ownership to ensure not everyone is able to read or modify the credentials file as the password is in clear text.

At times you will read comments that discourage the use of fstab and favor systemd instead as the first is a legacy method. I wasn't able to find a legit reason why you should favor systemd over fstab unless you have to deal with complex dependencies on when a particular device should be mounted.

Anyway, fstab entries are being dynamically converted to systemd-based mounts upon boot when systemd is the init system as per fstab section of systemd.mount.

Mounting via systemd

As you might know there are different kinds of systemd unit files, each serving a particular purpose. Among these types there is one by which you can mount a network share (or any other filesystem) and one to perform the mount in a automatic fashion.

Let's convert our fstab example to a systemd based automount. The mount unit file should be named after the mount point, with slashes replaced by hyphens and the .mount extension added (e.g. mnt-nas-share.mount). You have to create the file in /etc/systemd/system/.

# contents of mnt-nas-share.mount
[Unit]
Description=NAS Share

[Mount]
What=//nas/shared$
Where=/mnt/nas-share
Type=cifs
Options=credentials=/etc/.credentials,uid=1000,gid=1000,rw

[Install]
WantedBy=multi-user.target

Automount units must be named after automount directories they control. Example: the automount point /home/user must be configured in a unit file home-user.automount. To enable automounting, create a corresponding automount unit file with the .automount extension in /etc/systemd/system.

# contents of mnt-nas-share.automount
[Unit]
Description=Automount NAS Share
ConditionPathExists=/mnt/nas-share

[Automount]
Where=/mnt/nas-share
TimeoutIdleSec=10

[Install]
WantedBy=multi-user.target

Afterwards you will have to enable both units by invoking:

sudo systemctl enable mnt-nas-share.mount
sudo systemctl enable mnt-nas-share.automount

On systems utilizing SELinux you might receive an error message suggesting that the unit file cannot be found. In such cases you have to restore the context, which can be done by simply calling restorecon on the unit files in question.

Mounting via GIO

When you are a Gnome user you can mount a network share by the Files application (fka Nautilus) by simply pointing it to:

smb://nas/shared

Provide the username and password in the dialog and you will see a new entry in the location pane. Files is using gio as it's backend and there is a command line utility by which you can mount the share as well.

gio mount smb://nas/shared

In case you have stored the password in Gnome's keyring - as it would happen when you pick the remember option in Files's dialog - you would be able to mount the share without any further interaction.

Unfortunately there is no option to mark this as to be auto mounted. So end of story?! Not quite much, but it's probably not that obvious.

Create a .desktop file (e.g. automount-nas-share.desktop) which needs to be placed in ${HOME}/.config/autostart

[Desktop Entry]
Type=Application
Name=Automount NAS Share
Exec=/usr/bin/gio mount smb://nas/shared
Comment=Automatically mount the share on the NAS

Whenever you login into your Gnome desktop the network will be automatically mounted and is accessible via Files and any other application that makes use of the environment.

#technology #gnome #samba #nautilus #mount #systemd #fstab #gio