mount nfs with password file

[zackiv31]

I want to mount my nfs drives with passwords but I don't want to store them plaintext in my /etc/fstab file..

How do I encrypt a password into a file so I can pass it as the password parameter to mount?

 

[chipperMDW]

I was unaware that NFS exports could be configured to require a password, and I can't find any documentation suggesting it's possible. Are you using some nonstandard version of NFS that allows this?


Perhaps you mean CIFS (Samba)? If so, you can add the mount option: [tt]credentials=<filename>[/tt], then stick the username and password into that file like so:

username = [i]user[/i]
password = [i]password[/i]

Whatever you pick for [tt]<filename>[/tt] should be somewhere under your home directory (or [tt]/root[/tt] if that's possible) and you should make sure its permissions prevent it from being read by regular users. That is, [tt]chmod 600[/tt] it.

 

[pansophic]

If you are worried about someone (like root) viewing the file, you can install truecrypt and encrypt the partition where the file is located. You would have to log in and decrypt that partition long enough to mount the drive so automount would not be possible, but it would protect the credentials.


pansophic

 

[zackiv31]

Well I'm under linux... and I want to restrict access to people who want to mount using NFS, but I want to allow access to certain users (me)..

How would I go about doing this if there is no way to user usernames/passwords?

 

[chipperMDW]

[tt]sudo[/tt] can be used to allow a certain subset of users to run a command with administrative privileges. Putting something like this in your [tt]/etc/sudoers[/tt] might work for your situation:

Cmnd_Alias	MOUNT_NFS = mount [i]fstab-entry[/i]

[i]your-username[/i]	ALL = MOUNT_NFS

Make sure you have your fstab entry set up properly. You (and only you) should then be able to run [tt]sudo mount fstab-entry[/tt] and enter your password to run that command as root.

[tt]man sudo[/tt] and [tt]man sudoers[/tt] for more about what sudo can do.

 

[smah]

Would restricting by IP address be any help?

 

[zackiv31]

IP address wouldn't help because IP's are being assigned dynamically..

As for sudoers, I am not able to mount the drives, even as root... so I do not believe that addresses my problem.

Maybe a step by step from step 1 would help me... or suggestions still

 

[chipperMDW]

As for sudoers, I am not able to mount the drives, even as root... so I do not believe that addresses my problem.

I believe it does address the problem you asked about.

You hadn't suggested until your last post that you couldn't mount the shares at all. I'm going to assume that's the problem you want addressed now.

Is this you? If so, see if you can find out why mount gave you that error. Run your mount command with the [tt]-v[/tt] option to make it operate in verbose mode. Also, [tt]tail -f /var/log/messages[/tt] and see if anything useful shows up in the log output when you try the mount.

 

[zackiv31]

mount -v 192.168.1.222:/c/laballa /mnt/laballa/
mount: no type was given - I'll assume nfs because of the colon
mount: trying 192.168.1.222 prog 100003 vers 3 prot udp port 2049
mount: trying 192.168.1.222 prog 100005 vers 3 prot udp port 645
mount.nfs: Input/output error

tail -f /var/log/messages
Jun 15 10:50:36 localhost kernel: portmap: server localhost not responding, timed out
Jun 15 10:50:36 localhost kernel: RPC: failed to contact portmap (errno -5).
Jun 15 10:51:11 localhost kernel: portmap: server localhost not responding, timed out
Jun 15 10:51:11 localhost kernel: RPC: failed to contact portmap (errno -5).
Jun 15 10:51:46 localhost kernel: portmap: server localhost not responding, timed out
Jun 15 10:51:46 localhost kernel: RPC: failed to contact portmap (errno -5).

 

[zackiv31]

I solved my mounting problems... But I'm still unable to mount them the way I want.. I think I'll bring this to the NAS device forum though, thanks for all the help.