13

I'm working on a software that needs to mount a smb/cifs share automatically.

The catch is that the share must be mounted using the user's login and password, and, AFAIK and for reasons completly unknown to me, looks like gio doesn't have an option to specify the password in the command line, only the user. If the user requires a password, it asks for it interactively. While this works for someone calling gio from the terminal, for a development... it's a pain.

I've already tried to call

gio mount smb://<user>:<password>@<server>/<share>/

but it just ignores the password and asks for it in the terminal. The (poor) documentation does not show any way to specify the password. Is waiting the password prompt and "emulating" an input the only way to set it?

Using mount -t cifs is not an option, since it requires root/sudo, and the software I'm working on isn't supposed to require elevated privileges.

Tyras
  • 131
  • This is a long shot, but I had more or less the same trouble to automatically mount a Webdav share. The mount program kept asking me for the password. It turned out that the password contained a "%" and that caused the mount to fail, unless I typed in the terminal. – Jos Apr 03 '18 at 17:00
  • I indeed use '%' in the passwords, but I just tried with an user with a password containing only numbers and letters and it still asked the password. But thanks anyway! – Tyras Apr 04 '18 at 11:16

3 Answers3

9

Create a file in your home directory. For example at /home/morbius/.servercreds

Into that file enter your credentials. You must specify the user name, workgroup, and password - one per line

<username>
<workgroup>
<password>

Then your gio command would look like this:

gio mount smb://<server>/<share> < /home/morbius/.servercreds
Morbius1
  • 8,502
  • Even useful on Fedora ... Instead of '/home/morbius/' you can use '$HOME' – Erich Kuester Jun 26 '20 at 20:00
  • 3
    Just to clarify: this is pretty hacky, as it just simulates user entering these details and pressing enter between them. If the command asks new questions and/or in different order, this breaks down. – joonas.fi Jan 31 '21 at 15:53
5

To avoid creating a new file, you can pipe the input into gio.

echo -e "USERNAME\nWORKGROUP\nPASSWORD\n" | gio mount smb://<server>/<share>

echo -e tells echo to allow special characters, and \n after each field is like pressing the enter key.

Brent
  • 165
  • 6
    Please note that giving a password on the command line is security concern because command line parameters of running commands can be seen with different tools. Better store it in a temp file only readable by yourself and pipe it into the gio command. – Daniel May 30 '22 at 17:51
1

There are three ways to get your credentials into a gio command

1) Safest: via gnome keyring

as a Gnome library, gio integrates with Gnome's keyring. If the SMB-password is present in the keyring, gio will automatically use it.
Important: for this to work, the Host in the keyring must match exactly with the URL you open with GIO (though subfolders work).

So, for the command gio mount smb://DOMAIN\;username@fileserver.your.lan/some/folder to work, the keyring must contain the credential for smb://fileserver.your.lan, for the exact user DOMAIN\username. (host-aliases like "fileserver" or "srv003.your.lan" won't match. It's effectively a dumb string-prefix match)

The easiest way to achieve this, is to manually open the SMB server once from Nautilus/File Manager GUI, and then copy the URL it gives into your gio script.

Example: my DOMAIN\;user@fileserver.my.lan/some/folder is listed in SeaHorse (gnome keyring manager GUI) as "smb://user@fileserver.my.lan". Domain is only in the details section. Other sub-paths (e.g. /other/random/folder) would also pick up this password.

  1. Somewhat safe: .credentials file via stdin

The most-repeated answer is to have the answers for gio in a .credentials text file, that is piped into GIO's stdin via gio mount smb://.... < .credentials.

This is somewhat safe: It's still better than echo-style solution below, but it requires that your plaintext, unencrypted password is lying around on the filesytem, stealable for anyone who has either:

  • file permissions (did you really remember to do chmod 0600 .credentials?)
  • root or sudo access (permissions? Pfah! sudo cat .credentials laughs at your silly permissions!)
  • a bootable live USB stick. (Unless you use disk-encryption, the bytes are there in plaintext on the physical storage, and live USBs have their own root powers)

3) Lazy, but terribly Unsafe: `echo PASSWORD > gio mount ...

This is the worst possible combination of all the above: Not only is your plaintext, unencrypted password readable in the script (all the downsides of .credentials above), but every user and/or logfile on your machine can see your password in the output of process-monitoring tools such as ps or top (command invocations are public).

This includes variations that encode the URL such as the example from the original question: gio mount smb://<user>:<password>@<server>/<share>/

misc note: specifying domain in URL

Finding the domain syntax took some digging, so I wanted to include it for completeness sake. (I only found it in one documentation link, that I can no longer find again)

As seen above: to specify the domain in the URL , prefix the username with YOURDOMAIN\; (replace the backslash in the windows-style DOMAIN\user with an escaped semicolon)

gio mount smb://DOMAIN\;username@fileserver.your.lan/some/folder

Note that if you use a URL in this form with interactive GIO, gio will ask for only the password. Adapt any stdin-piping to match.

Jules Kerssemakers
  • 151