Autofs

Have you ever wondered how inconvenient it is to use smb (windows) shares in a linux box. Yeah, I know all contemporary versions are loaded with cifs and all you need is some entries in fstab and you feel the windows share as part of your file-system.

But how can one have entries to all the shares in fstab cuz obviously you can’t know all the smb shares you may access beforehand.

Moreover, there is one more problem with this mount and use workflow. You either mount everything at boottime or you have root access when you need to access the mount.

Autofs comes to rescue for exactly these scenarios. The direct outcome of autofs is to mount when required i.e. as soon as someone accesses an autofs’ed folder, it mounts the pre-configured device. There are configuration about timeout etc when autofs would unmount in case of non-use.

So, autofs has a configuration file which tells is what is to mounted where. But, that is basically the same as lazy-loaded fstab. What about the first problem that we have. Autofs has a very clean solution for this as well. If the configuration file is an executable, autofs would execute it and treat its output as its configuration file.

This link: http://www.greenfly.org/tips/autofs.html details how can you setup your windows server access in a general way.

Moreover, by the end you would realise that this is not restricted to smb, you can basically do a similar stuff to any remote share which can be mounted.

BTW, I used the script given in the site and modified it a bit to suit my purposes. The modified version of the script is:

#!/bin/bash# This file must be executable to work! chmod 755!

mode=”ro”

key=`expr match “$1” ‘\([^:]*\)’`
argMode=`expr match “$1″ ‘.*:\([^:]*\)’`

[ -z $argMode ] || mode=”$argMode”

opts=”-fstype=cifs,credentials=/etc/smb.auth,$mode”

for P in /bin /sbin /usr/bin /usr/sbin
do
if [ -x $P/smbclient ]
then
SMBCLIENT=$P/smbclient
break
fi
done

[ -x $SMBCLIENT ] || exit 1

$SMBCLIENT -A /etc/smb.auth -gNL $key 2>/dev/null| awk -v key=”$key” -v opts=”$opts” -F’|’ — ‘
BEGIN { ORS=””; first=1 }
/Disk/ {
if (first)
print opts; first=0
dir = $2
loc = $2
# Enclose mount dir and location in quotes
# Double quote “$” in location as it is special
gsub(/\$$/, “\\$”, loc);
print ” \\\n\t \”/” dir “\””, “\”://” key “/” loc “\””
}
END { if (!first) print “\n”; else exit 1 }

This script when saved to handle your smb would receive $1as the the name of the server. The script would be default declare everything to be mounted read-only. Although, you can prefix the server name with “:rw” to have a read-write mount.

BTW, the motivation to do this was this (http://amarok.kde.org/wiki/Samba) problem with amarok and smb.

This entry was posted in linux, tech. Bookmark the permalink.

7 Responses to Autofs

  1. bhaskar says:

    so the autofs can execute the config file?
    the question is which user credentials are used to launch the process?

    to allow every user ts customize what shares he wants mounted there has to be some file which the user will have write access to.

    This then might expose folder.htt like vulnerabities.

  2. So, the current configuration on my system uses a static credential to access. Its a global static. But as you might figure it could very well have been a user specific with a global default as well.

    As it would be apparent from the “rw” modification, we can obviously take the credential as part of the server name and the script can filter it out to get the authentication corrent.

    In the end all it does is the same old mount thing, just a bit lazily and generate the configuration automatically (according to the access).

    e.g. /smb/b-vista would run this script which would enlist a config with allowed shares (no mounts done still). If I go into one of those folders then the actual mount happens.

  3. Ohh…btw, the only script that is executed is deployable by root and hence sort of ‘trusted’ (as against folder.htt, where the script was executed from the folder being viewed).

  4. bhaskar says:

    when the mount actually happens the script runs in the current user mode, but the current user might not be an admin. who takes care Of mounting then?
    I mean when does the user switch takes place. e.g. sudo

  5. The script and the current user doesn’t have common. There is an autofs daemon which runs as root. It is the one which traps a request to folder registered to be ‘autofsed’.

    This daemon then does the trick.

    BTW, there is a script which gets argument from the end user. So, it should be cleverly crafted and MUST always verify the inputs.
    For me, I am very lenient and a bad admin. Moreover, mine is not a production system anyways.

  6. bhaskar says:

    btw the comments ate my “>Cmd<”

    seems like text escaping issue

  7. bhaskar says:

    oops i meant <cmd>

Leave a Reply

Your email address will not be published. Required fields are marked *