Read encrypted file is "fstab"
Hello.
I want mount a network location automatically via "fstab" and I did below commands : //IP/share /mnt/network cifs auto,gid=source,file_mode=0664,dir_mode=0775,iocharset=iso8859-15,credentials=/etc/sambapasswords 0 0 $ cat /etc/sambapasswords username = myuser password = mypass But as you see my "sambapasswords" file is clear text. How can I encrypt it and "fstab" can read it? Thank you. |
Hi
I don't think it makes sense to crypt it. Somehow root needs to decrypt it at boot without asking for a password, and the password for decrypting needs to be stored somewhere. If you "chmod 600 /etc/sambapasswords" only root can read it. |
Also: you can configure servers (of any flavor) to use LDAP ... a.k.a. OpenDirectory ... or other credentials to identify each other. You need to do this if you intend to mount the share permanently. Then, you must configure Linux to participate in a "single sign-on" sort of arrangement so that users obtain access to specific resources hosted by those shares, either by virtue of "who they logged-in as" and/or in response to a password challenge.
Good security should be transparent, and should never rely upon "shared secrets" such as usernames and passwords. Have a look at PAM = the Programmable Authentication Modules system, which is intrinsic to Linux. |
Maybe I misunderstood the question? I saw everyone can read, only owner/source group can write. Without proper permissions on the sambapasswords file, everyone else could just read the password and mount again or change files with the smbclient command. I thought this was the issue here. If you want finer control over who has access to what, you need LDAP or similar. But you can't really hide anything from root. If users must provide login credentials that are passed on to some other system, root can still get it. Root can always bypass anything.
|
All times are GMT -5. The time now is 11:12 PM. |