LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-16-2016, 02:33 AM   #1
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,261

Rep: Reputation: Disabled
Post Read encrypted file is "fstab"


Hello.
I want mount a network location automatically via "fstab" and I did below commands :

//IP/share /mnt/network cifs auto,gid=source,file_mode=0664,dir_mode=0775,iocharset=iso8859-15,credentials=/etc/sambapasswords 0 0

$ cat /etc/sambapasswords
username = myuser
password = mypass

But as you see my "sambapasswords" file is clear text. How can I encrypt it and "fstab" can read it?

Thank you.
 
Old 02-16-2016, 02:40 AM   #2
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,317

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
Hi

I don't think it makes sense to crypt it. Somehow root needs to decrypt it at boot without asking for a password, and the password for decrypting needs to be stored somewhere.

If you "chmod 600 /etc/sambapasswords" only root can read it.
 
Old 02-16-2016, 07:57 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170
Also: you can configure servers (of any flavor) to use LDAP ... a.k.a. OpenDirectory ... or other credentials to identify each other. You need to do this if you intend to mount the share permanently. Then, you must configure Linux to participate in a "single sign-on" sort of arrangement so that users obtain access to specific resources hosted by those shares, either by virtue of "who they logged-in as" and/or in response to a password challenge.

Good security should be transparent, and should never rely upon "shared secrets" such as usernames and passwords.

Have a look at PAM = the Programmable Authentication Modules system, which is intrinsic to Linux.
 
Old 02-16-2016, 08:29 AM   #4
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,317

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
Maybe I misunderstood the question? I saw everyone can read, only owner/source group can write. Without proper permissions on the sambapasswords file, everyone else could just read the password and mount again or change files with the smbclient command. I thought this was the issue here. If you want finer control over who has access to what, you need LDAP or similar. But you can't really hide anything from root. If users must provide login credentials that are passed on to some other system, root can still get it. Root can always bypass anything.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] fstab options for "write once, read many times" partition? tigerflag Linux - Hardware 6 07-10-2013 11:47 AM
What are the options "Nosuid" "mode" "size" in /etc/fstab? tuxfiles.org does not help pstein Linux - Newbie 1 11-16-2012 12:58 AM
[SOLVED] "data=writeback" in fstab mounts root partition as "read-only" holister Linux - General 7 11-28-2011 09:47 PM
Edit "read-only" /etc/fstab from "System Recovery#" (without boot cd?) charlweed Linux - General 1 12-31-2006 05:57 PM
"block device /dev/sda2 is write-protected, mounting read-only" - fstab problem blanks77 Linux - Hardware 1 04-28-2006 06:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration