Chapter 12. Performing a multi-user SMB mount
The credentials you provide to mount a share determine the access permissions on the mount point by default. For example, if you use the
DOMAIN\example user when you mount a share, all operations on the share will be executed as this user, regardless which local user performs the operation.
However, in certain situations, the administrator wants to mount a share automatically when the system boots, but users should perform actions on the share’s content using their own credentials. The
multiuser mount options lets you configure this scenario.
To use the
multiuser mount option, you must additionally set the
sec mount option to a security type that supports providing credentials in a non-interactive way, such as
krb5 or the
ntlmssp option with a credentials file. For details, see Accessing a share as a user.
root user mounts the share using the
multiuser option and an account that has minimal access to the contents of the share. Regular users can then provide their user name and password to the current session’s kernel keyring using the
cifscreds utility. If the user accesses the content of the mounted share, the kernel uses the credentials from the kernel keyring instead of the one initially used to mount the share.
Using this feature consists of the following steps:
cifs-utilspackage is installed.
12.1. Mounting a share with the multiuser option
Before users can access the share with their own credentials, mount the share as the
root user using an account with limited permissions.
To mount a share automatically with the
multiuser option when the system boots:
Create the entry for the share in the
/etc/fstabfile. For example:
//server_name/share_name /mnt cifs
multiuser,sec=ntlmssp,credentials=/root/smb.cred 0 0
Mount the share:
# mount /mnt/
If you do not want to mount the share automatically when the system boots, mount it manually by passing
-o multiuser,sec=security_type to the
mount command. For details about mounting an SMB share manually, see Manually mounting an SMB share.
12.2. Verifying if an SMB share is mounted with the multiuser option
To verify if a share is mounted with the
multiuser option, display the mount options.
# mount ... //server_name/share_name on /mnt type cifs (sec=ntlmssp,
multiuser entry is displayed in the list of mount options, the feature is enabled.
12.3. Accessing a share as a user
If an SMB share is mounted with the
multiuser option, users can provide their credentials for the server to the kernel’s keyring:
# cifscreds add -u SMB_user_name server_name Password: password
When the user performs operations in the directory that contains the mounted SMB share, the server applies the file system permissions for this user, instead of the one initially used when the share was mounted.
Multiple users can perform operations using their own credentials on the mounted share at the same time.