Friday, May 9, 2008

Permanently mount a Samba (or Windows) share in Linux

Samba shares are easy enough to browse to, with the gui, but it's a lot more convenient having it mounted in a local folder. Also, I've found many programs that aren't able to see samba shares, even though the OS can.

First, let's test and see if it will do a temporary mount with this command....

mount -t smbfs //servername_or_IP/file_store /home/user/Desktop/file_storage
Use sudo above, if you're using Ubuntu, or other distros that don't have root active by default.

This will prompt for username and password. Enter one if necessary, or leave blank if you have anonymous access. Once you enter credentials, you should be able to browse to your local folder and see all your files.

To mount it permanently, you will have to add a line to your file /etc/fstab.
This file is what tells Linux what drives you want mounted on bootup. Use gedit, nano, or similar program of your preference to open and edit fstab. You need to add a line similar to these, depending on your exact setup......

For anonymous access, add a line like this. Your Samba share has to be setup to allow anyone to access it. (I'll provide that config at the end) This allows you to mount the share without providing credentials.

//servername_or_IP/file_store /home/user/Desktop/file_storage smbfs guest

To mount a samba share with credentials, you just need to provide the username and password like so.

//servername_or_IP/file_store /home/user/Desktop/file_storage smbfs username=username, password=password

If you're a security nut, or just plain paranoid, you may want to provide your credentials in a separate file.

//servername_or_IP/file_store /home/user/Desktop/file_storage smbfs credentials=/root/.smbcredentials

You can also place dmask=777, fmask=777 at the end of the fstab line to alter the credentials it mounts the folders and files with.

Here's how a typical samba share configuration should look to access it anonymously. This is typically stored in the file /etc/samba/smb.conf

[global]
workgroup = workgroup_name
local master = yes
preferred master = yes
netbios name = storage
server string = storage
security = SHARE
max log size = 1000
dns proxy = No
wins support = Yes
wins server = localhost

[File_Storage]
comment = file-storage
path = /mnt/hda/share/file_storage/
read only = No
writeable = Yes
create mask = 0777
directory mask = 0777
guest ok = Yes

In the global section, "security = SHARE" is the main key to anonymous browsing.
The other line that's key is in the individual share cofiguration of File_Storage.
"guest ok = Yes"
Without those two lines, you'll be banging your head against the wall for hours trying make your share work for anyone, without requiring credentials.

Note: This really isn't the best way to do things as far as security goes. But in my case, convenience wins over security. I have a firewall. My wife wants quick easy access to a large storage drive, as do I. I don't feel the data we're storing on there is of high value to anyone else. But, you'll have to evaluate these things for yourself.

4 comments:

Anonymous said...

Thanks for sharing useful info. I'm trying to permanently mount server shares on a multi-user Ubuntu computer. I've actually succeeded in doing this, but the share of one user mounts on the desktop of EACH user. This is not what I want, since I don't want a user to be able to read another user's documents. I edited fstab to include the server share mount...and it does work fine, except for the above caveat. Any ideas? thanks, Sr. Dorothy

Happy Linux Guy said...

You can specify a umask in fstab, to limit access. You can also change permissions on the folder that it's mounting to.

Maybe a better option would be to write a script that mounts each user's share when they login. That way each user would only see the files they have access to, instead of having a folder on their desktop that they can't access.

Dolly said...

Thanks for writing this.

Roland said...

Could you give us the information on how to write this script and how to invoke it upon login?