Remote identification and storage

Developing an environment of remote home folders under Linux with NFS and LDAP auth is a common task. But there are some cases in which this approach might not be the best one, as you might find some issue to workaround.

I’m commenting here my experience with thiskind of environment,, using just samba. And… what about homes… We’ll use pam_mount for that

In order for the remote auth a collegue had installed and configured sssd (thx bencer for let me know it, I just knew pam_ldap) I won’t come into details on configuration for this service, but if you are interested you can checkthe documentation .

Once solved the remote auth, only the remote homes issue remained. Pam_mount, for those that do not know, is a PAM module that allows you to configure automatic mounts through PAM, using the logged user credentials, without writing them in any file (avoiding this way any security issue)

In order to install it just issue:

sudo apt-get install libpam-mount cifs-utils

Once installed, we’ll have to edit file /etc/security/pam_mount.conf.xml like this:

<!-- The <mntoptions> elements determine which options *may* be specified for <volume>. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,workgroup,nosetuids,noexec,nosuid" />

<!-- All options listed in require must appear in the option list of per-user mounts. -->
<mntoptions require="nosuid,nodev" />

<!-- Programs exist that do not terminate when the session is closed. pam_mount can be configured to kill

these processes and optionally wait before sending signals. -->
<logout wait="2" hup="0" term="yes" kill="0" />
<!-- Controls automatic creation and removal of mountpoints. -->
<mkmountpoint enable="1" remove="true" />

<volume fstype="cifs" server="server" path="share" mountpoint="~/share/" options="uid=%(USER),dir_mode=0700,file_mode=700,nosuid,nodev" />

Just to keep you attention on this

<volume fstype="cifs" server="server" path="homes" mountpoint="~/" options="uid=%(USER),dir_mode=0700,file_mode=700,nosuid,nodev" />

which is the place where ‘magic’ takes place

Logically fstype refers to the filesystem, although it can be used with other fs’s (not only cifs) like sshfs, cryptoluks, etc
server refers as it may be guessed to the remote address where the files to mount are
path refers in our case to the share we want to mount
mountpoint refers to the folder where we will mount the resource

Just a reboot and.. voilá tutto listo!

An easy and quick solution… don’t you think?

Deja un comentario