The following lines were added (+) and removed (-):
Samba was developed in the early 1990s as a way for Linux users to access windows shares as well as enabling the use of a Linux file server to emulate a Windows file server. In over 20 years a lot of exciting things have happened in the development of SMB/CIFS networking protocol support in Linux. However, one major achievement has been completely neglected. If a user wishes to have seamless mounting and access to a Windows share, under his own linux desktop login name to the windows network share of the same login name, independent of each login, and persistent after reboot, then there is no simple solution.Samba was developed in the early 1990s as a way for Linux users to access windows shares as well as enabling the use of a Linux file server to emulate a Windows file server. In over 20 years a lot of exciting things have happened in the development of [[Linux CIFS Utils and Samba]]. However, one major achievement has been completely neglected. If a user wishes to have seamless mounting and access to a Windows share, under his own linux desktop login name to the windows network share of the same login name, independent of each login, and persistent after reboot, then there is no simple solution.So it is possible in operating systems such as Ubuntu 14.04 to use the built in file manager Nautilus (Nautilus is the name of the file manager in Ubuntu identified only as "Files" from the desktop GUI - and it should also be noted that Ubuntu devs plan to replace Nautilus in a future distro release) and browse the Microsoft Network with native CIFS support - no need to install Samba. Furthermore, when using this method, the user is prompted for a username and password to access the Windows CIFS share. This way now Nicole can access her own shares on the network and not as Tom. However, the access is not persistent after reboot, even when the option to make the mount saved. It is buggy. Also, the mount path is ugly! So it is possible in operating systems such as Ubuntu 14.04 to use the built in file manager Nautilus (''Nautilus is the name of the file manager in Ubuntu identified only as "Files" from the desktop GUI - and it should also be noted that Ubuntu devs plan to replace Nautilus in a future distro release'') and browse the Microsoft Network with native CIFS support - no need to install Samba. Furthermore, when using this method, the user is prompted for a username and password to access the Windows CIFS share. This way now Nicole can access her own shares on the network and not as Tom. So, we have discussed two methods of accessing Windows shares from the linux desktop (in reverse order):# Browse Network with Nautilus and click to mount via gvfs# Persistent static mounts in /etc/fstab Note: The creation of persistent mounts using fstab will work in any distribution. Discussion on GVFS applies to the GNOME desktop and thus distributions using GNOME and gvfs. For KDE users the equivalent is KIO (kio). KIO does not make mount points available to non-KIO applications. Relates to: dolphin / konqueror / kio-smb == Ubuntu Nautilus Click to Mount ==This seems pretty slick. Just click, supply credentials and mount. However, the access is not persistent after reboot, even when the option to make the mount saved. It is buggy. Also, the mount path is ugly! What the hell is that? Who's going to want to find that or type all that in? It cannot be accessed directly in console as root.What the hell is that? Nautilus uses GVFS to connect on-demand to the windows share. GVFS is the virtual filesystem for the GNOME desktop. GVFS and CIFS work together to mount the share in a temporary gvfs path. Who's going to want to find that or type all that in? It cannot be accessed directly in console as root.Again, this is ugly.Again, this is ugly. To solve the ugliness problem a process called gvfs-fuse-daemon is supposed to create a pretty symlink to a subfolder of the user home folder. It should be under /home/nicole/gvfsIt should be accessible when typing something like this: cd ~/.gvfsHowever, in our fresh install of Ubuntu 14.04 no such symlink was created and the tidy little path is unavailable. Again, buggy. It is possible this isn't even a bug, perhaps the feature was simply dropped. We can create symlinks for these ugly paths. The symlinks will be persistent. However, the symlinks will appear broken until the share is manually browsed using Nautilus. Again, this is going to depend on what mood Nautilus is in and CIFS. == Mount via manual execute of mount command ==CLI solution, execute the mount command or create a shell script that mounts multiple network drives. This way passwords need not be present in fstab or somewhere easily readable by other system users. examples: sudo mount -t cifs -o username= //WIN_SHARE_IP/ /mnt/WIN_SHARE sudo mount -t cifs -o username=nicolep //192.168.1.10/public /mnt/public sudo mount -t cifs -o username=nicolep //servername/public /mnt/public == Persistent Mount in fstab == The process for making a persistent mount by editing the /etc/fstab involves supplying the Windows network login credentials, including password, in this text file readable by all system users. {{:Example of cfis fstab}} The above example comes from our Mythbuntu configuration page. As you can see, besides the problem with all system users having access to the share as the one specific network user, that network username and password are exposed in this public readable file. Any user of the desktop now knows the username and password of the windows share owner. /etc/fstab is readable by everyone and so is your Windows password in it. Another problem with the Mythbuntu example above is that you will not have write permissions to the mounted shares. To have write permissions it is necessary to specify the UID. We also should specify the workgroup name to speed up the process. //athena/public/ /mnt/public cifs domain=workgroup,username=nicole,password=mythtv,uid=1001,iocharset=utf8,sec=ntlm 0 0 //athena/media/ /mnt/media cifs domain=workgroup,username=nicole,password=mythtv,uid=1001,iocharset=utf8,sec=ntlm 0 0 Lets assume our workgroup/domain name is "workgroup". Nicole now has the ability to both read and write to the shares. We still have the exposing of your windows network security credentials issue. By using a credentials file we can hide the password. vi ~/.smbcredentialsEnter the username and password username=nicole password=mythtvChange the permissions of the file to prevent unwanted access to your credentials: chmod 600 ~/.smbcredentialsNow edit fstab vi /etc/fstabUse: //athena/public/ /mnt/public cifs domain=workgroup,credentials=/home/ubuntuusername/.smbcredentials,uid=1001,iocharset=utf8,sec=ntlm 0 0 //athena/media/ /mnt/media cifs domain=workgroup,credentials=/home/ubuntuusername/.smbcredentials,uid=1001,iocharset=utf8,sec=ntlm 0 0 Another security implementation to explore is using libpam_mount which may not work in Ubuntu 14.04 and is not covered here. We still have the problem of all of our linux desktop users having access to the windows share as the one windows network user. One workaround is to mount during the login process rather than at boot. However, the mount then remains even after the user logs off. The system would need to be rebooted or the mount manually removed before logging out. == Hybrid Solution == Some users implement a hybrid of both systems to achieve a working solution. Consider that there may be public shares that you are indifferent as to whether all users have read write permission and there are personal or restricted shares that you want to limit access to. Lets define an example. You may have a music share that you wish to have publicly accessible to all network users, read-only so that they do not delete any of your favorite songs. You also have a private share that you wish only to be accessible by you. This is a simple example. Considering this and the examples above, you should be able to construct any combination you desire for your own network needs. Lets create a user on the file server or NAS device called music. Music can have read-only or read-write access defined on the file server as we will further restrict by the way we mount on our workstation. On the workstation we modify fstab. vi /etc/fstabAnd we add the following line: //fileserver/media/ /mnt/media cifs domain=workgroup,username=music,password=music,iocharset=utf8,sec=ntlm 0 0 Our file server or NAS name is "fileserver" and our mp3 files are on a share called "media." Our domain is called "WORKGROUP" which is where "fileserver" resides. Our username and password are both set to "music." Now with execution of the mount -a mount -aWe have a persistent share to access our music accessible on /mnt/media. No matter what user is on our workstation using his own login, he will have access to the music. Access is restricted to read-only since no UID was set. For our own private share we will access it via Nautilus. Lets use nicole as our username. Nicole has a user id as defined in /etc/passwd as 1001. We need to know this. With Nautilus (identified only as Files in Unity) we do the following:* Files -> Browse Network -> Windows Network -> WORKGROUPFind the share called "nicoleshome" and click. Nicole (you) supplies her username and password. The connection is made (if there is no glitch.) If the share is not visible, close and try again. Now that we have established the temporary connection, lets create a symbolic link from the ugly path to a nice tidy one in our own home folder. ln -s /run/nicole/1001/gvfs/smb-share:server=fileserver,share=nicoleshome/My\ Documents /home/nicole/My\ Documents Now, from nicole's own home directory we have access to all of her personal files in the network share "My Documents." The path for her to access them is simply: /home/nicole/My Documents However, the My Documents symlink will be broken after a new desktop session or of a timeout occurs until Nicole manually opens Nautilus and brows the path manually, supplying her username and password once again. Then the symbolic link in her home directory ones again becomes active. This is a hybrid system utilizing both methods. == Mounting shares on local workstation login == Use ~/.xprofile, this is sourced by at least the GDM, LDM, LightDM and LXDM login managers. Ubuntu 14.04 uses upstart tasks. ~/.config/upstart/desktopOpen.conf ~/.config/upstart/desktopClose.conf Goal: When user 'nicole' logs into her linux desktop x session a script mounts all her cifs shares using her network security credentials. Now, during her x session she has access to the shares throughout the duration of the session. When she logs out then a script unmounts the shares. Status: Theoretical. I have not had time to put this together and test. Once done I will document the configuration here. Another option to try is to use the "gvfs-mount" command on login. gvfs-mount smb://servername/share/ more to come... == Development Changes ==Ubuntu devs plan to discontinue use of Nautilus soon, mostly because the folks that make Nautilus have gone astray. KDE uses Konqueror and before that KFM. Each have different ways of handling network browsing. Some of the documentation here may remain current longer than other parts. Readers are invited to edit this page to help maintain up-to-date documentation. [[Category:Computer_Technology]][[Category:Linux]][[Category:Ubuntu]]