samba - Nov 2021 - How do users access shares?

What I would want is for all users to have a mnt directory in their home
that these shares would mount to.  So user 'tester' would have
/home/tester/mnt/Photos /home/tester/mnt/Videos /home/tester/mnt/Music.  I
guess I could create a standard mount point like /mnt/Photos /mnt/Videos
/mnt/Music but then, how do I restrict access to what the share
says @HOME\"Media Users"?  And how do I do I give write access to
only @HOME\"Media Admins"?

I used gio mount smb://fs01/Photos and that created the share in Nautilus
but I can't use my programs with that.  I tried the symlink ln -s
/run/user/2002/gvfs/smb-share\:server\=fs01\,share\=Photos but that symlink
didn't work at all.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Mon, Nov 8, 2021 at 11:57 PM Robert Marcano via samba <
samba at lists.samba.org> wrote:
> I forgot to add that if you only want one simple mount, to a fixed
> directory but restricted, so not everyone could read or write to it, you
> can still indicate which user, group, file mode bits, etc, the mounted file
> appear so you can control who can access them.
>
> The options from mount.cifs works for the mount command directly or to be
> set on fstab.
>
> On Mon, Nov 8, 2021, 9:02 PM Robert Marcano <robert at
marcanoonline.com>
> wrote:
>
> >
> >
> > On Mon, Nov 8, 2021, 7:02 PM Rob Campbell <robcampbell08105 at
gmail.com>
> > wrote:
> >
> >> Thanks Robert.  I have tried that but it requires root or sudo. 
OR
> chmod
> >> u+s /bin/mount /bin/umount /usr/sbin/mount.cifs.  But then it
requires I
> >> put it in /etc/fstab.  If I do that, it will mount for all users,
right?
> >> That's not what I want.
> >>
> >
> > If you want users to be able to mount a share, specially if you want
the
> > target directory to be private to each user, you probably will need to
> > check how desktop environments do it for their file managers. I can
only
> > talk about GNOME that it is what I use every day.
> >
> > When you use a file manager like GNOME Files (Nautilus) to access a
smb
> > share with a the smb URL scheme (smb://hostname/share), it mounts a
FUSE
> > filesystem (file system in userspace) that access the share via a
process
> > that uses Samba client libraries.
> >
> > Maybe you could use gnome-mount or the newer "gio mount", or
you can use
> > desktop agnostic FUSE filesystems like smbnetfs or fusesmb.
> >
> >
> >
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> In all things, Be Intentional.
> >>
> >>
> >> On Mon, Nov 8, 2021 at 3:08 PM Robert Marcano via samba <
> >> samba at lists.samba.org> wrote:
> >>
> >>> On 11/8/21 11:40 AM, Rob Campbell via samba wrote:
> >>> > I am able to smbclient //host/share -U redhat -c
'ls' and view the
> >>> files
> >>> > but how do I mount that [as a user]?  All links I find
say I need to
> >>> put it
> >>> > in /etc/fstab.  If I do that, won't everyone have
access?  I don't
> want
> >>> > that.  You know how you would 'net use' to map in
Windows, is this
> not
> >>> > possible in Linux?
> >>> >
> >>>
> >>> Whe you mount a share on Linux, you are using another client
that is
> >>> part of the kernel, not smbclient that is a user space
implementation.
> >>>
> >>> Try
> >>>
> >>> mount -t cifs -o username=redhat //host/share /mnt/target_dir
> >>>
> >>> You will need to have installed the mount.cifs utility. Read
the manual
> >>> page of that command if you want to automate more parameters
like the
> >>> password.
> >>>
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read
the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >>>
> >>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 11/9/21 9:21 AM, Rob Campbell wrote:
> What I would want is for all users to have a mnt directory in their home 
> that these shares would mount to.? So user 'tester' would have 
> /home/tester/mnt/Photos /home/tester/mnt/Videos /home/tester/mnt/Music.  
> I guess I could create a standard mount point like /mnt/Photos 
> /mnt/Videos /mnt/Music but then, how do I restrict access to what the 
> share says?@HOME\"Media Users"?? And how do I do I give write
access to
> only?@HOME\"Media Admins"?
> 
> I used gio mount smb://fs01/Photos and that created the share in 
> Nautilus but I can't use my programs with that.? I tried the symlink ln
> -s /run/user/2002/gvfs/smb-share\:server\=fs01\,share\=Photos but that 
> symlink didn't work at all.
> 
Please provide more details about "I can't use my programs with
that"
and "symlink didn't work at all" because here any program can use
files
on the mounted directory at /run/user/<uid>/gvfs and even the a link 
testing it here.

What will not happen is the link to automount, you will always need to 
do the gio mount thing, Maybe from a login script.

The idea of these FUSE based tools is for the drives to be mounted on 
demand. The problem start with programs that don't use the current 
desktop way of mounting things, so they don't know how to show these 
mounted directories on their Load/Save dialogs. So I get why you want 
some kind of way to have a known directory inside the user home for 
these files.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
> 
> 
> On Mon, Nov 8, 2021 at 11:57 PM Robert Marcano via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>>
wrote:
> 
>     I forgot to add that if you only want one simple mount, to a fixed
>     directory but restricted, so not everyone could read or write to it,
you
>     can still indicate which user, group, file mode bits, etc, the
>     mounted file
>     appear so you can control who can access them.
> 
>     The options from mount.cifs works for the mount command directly or
>     to be
>     set on fstab.
> 
>     On Mon, Nov 8, 2021, 9:02 PM Robert Marcano
>     <robert at marcanoonline.com <mailto:robert at
marcanoonline.com>>
>     wrote:
> 
>      >
>      >
>      > On Mon, Nov 8, 2021, 7:02 PM Rob Campbell
>     <robcampbell08105 at gmail.com <mailto:robcampbell08105 at
gmail.com>>
>      > wrote:
>      >
>      >> Thanks Robert.? I have tried that but it requires root or
sudo.
>     OR chmod
>      >> u+s /bin/mount /bin/umount /usr/sbin/mount.cifs.? But then it
>     requires I
>      >> put it in /etc/fstab.? If I do that, it will mount for all
>     users, right?
>      >> That's not what I want.
>      >>
>      >
>      > If you want users to be able to mount a share, specially if you
>     want the
>      > target directory to be private to each user, you probably will
>     need to
>      > check how desktop environments do it for their file managers. I
>     can only
>      > talk about GNOME that it is what I use every day.
>      >
>      > When you use a file manager like GNOME Files (Nautilus) to access
>     a smb
>      > share with a the smb URL scheme (smb://hostname/share), it mounts
>     a FUSE
>      > filesystem (file system in userspace) that access the share via a
>     process
>      > that uses Samba client libraries.
>      >
>      > Maybe you could use gnome-mount or the newer "gio
mount", or you
>     can use
>      > desktop agnostic FUSE filesystems like smbnetfs or fusesmb.
>      >
>      >
>      >
>      >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>      >> In all things, Be Intentional.
>      >>
>      >>
>      >> On Mon, Nov 8, 2021 at 3:08 PM Robert Marcano via samba <
>      >> samba at lists.samba.org <mailto:samba at
lists.samba.org>> wrote:
>      >>
>      >>> On 11/8/21 11:40 AM, Rob Campbell via samba wrote:
>      >>> > I am able to smbclient //host/share -U redhat -c
'ls' and
>     view the
>      >>> files
>      >>> > but how do I mount that [as a user]?? All links I
find say I
>     need to
>      >>> put it
>      >>> > in /etc/fstab.? If I do that, won't everyone
have access?? I
>     don't want
>      >>> > that.? You know how you would 'net use' to
map in Windows, is
>     this not
>      >>> > possible in Linux?
>      >>> >
>      >>>
>      >>> Whe you mount a share on Linux, you are using another
client
>     that is
>      >>> part of the kernel, not smbclient that is a user space
>     implementation.
>      >>>
>      >>> Try
>      >>>
>      >>> mount -t cifs -o username=redhat //host/share
/mnt/target_dir
>      >>>
>      >>> You will need to have installed the mount.cifs utility.
Read
>     the manual
>      >>> page of that command if you want to automate more
parameters
>     like the
>      >>> password.
>      >>>
>      >>>
>      >>> --
>      >>> To unsubscribe from this list go to the following URL and
read the
>      >>> instructions:
https://lists.samba.org/mailman/options/samba
>     <https://lists.samba.org/mailman/options/samba>
>      >>>
>      >>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>     <https://lists.samba.org/mailman/options/samba>
>

On 11/9/21 07:21, Rob Campbell via samba wrote:
> What I would want is for all users to have a mnt directory in their home
> that these shares would mount to.  So user 'tester' would have
> /home/tester/mnt/Photos /home/tester/mnt/Videos /home/tester/mnt/Music.  I
> guess I could create a standard mount point like /mnt/Photos /mnt/Videos
> /mnt/Music but then, how do I restrict access to what the share
> says @HOME\"Media Users"?  And how do I do I give write access to
> only @HOME\"Media Admins"?
> 
Are all the Photos, Videos, and Music folders the same folder on the 
file server for all users? If separate, are they all in the same share?

If you have a share that looks like this:

    ls /srv/samba/my_share

    user1
      Photos
      Videos
      Music

    user2
      Photos
      Videos
      Music

The easiest solution is to mount my_share to, say /mnt/my_share

and then just set up soft links for folder access, using the server 
filesystem to control access:

   cd /home/user1
   ln -s /mnt/my_share/user1/Photos .

and so on.  If what you want to mount isn't organized like this, what 
Robert said: ssh-fuse mounts are probably your best best, but this will 
be high maintenance.  I would consider using NFS, at this point.
> I used gio mount smb://fs01/Photos and that created the share in Nautilus
> but I can't use my programs with that.  I tried the symlink ln -s
> /run/user/2002/gvfs/smb-share\:server\=fs01\,share\=Photos but that symlink
> didn't work at all.
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
> 
> 
> On Mon, Nov 8, 2021 at 11:57 PM Robert Marcano via samba <
> samba at lists.samba.org> wrote:
> 
>> I forgot to add that if you only want one simple mount, to a fixed
>> directory but restricted, so not everyone could read or write to it,
you
>> can still indicate which user, group, file mode bits, etc, the mounted
file
>> appear so you can control who can access them.
>>
>> The options from mount.cifs works for the mount command directly or to
be
>> set on fstab.
>>
>> On Mon, Nov 8, 2021, 9:02 PM Robert Marcano <robert at
marcanoonline.com>
>> wrote:
>>
>>>
>>>
>>> On Mon, Nov 8, 2021, 7:02 PM Rob Campbell <robcampbell08105 at
gmail.com>
>>> wrote:
>>>
>>>> Thanks Robert.  I have tried that but it requires root or sudo.
OR
>> chmod
>>>> u+s /bin/mount /bin/umount /usr/sbin/mount.cifs.  But then it
requires I
>>>> put it in /etc/fstab.  If I do that, it will mount for all
users, right?
>>>> That's not what I want.
>>>>
>>>
>>> If you want users to be able to mount a share, specially if you
want the
>>> target directory to be private to each user, you probably will need
to
>>> check how desktop environments do it for their file managers. I can
only
>>> talk about GNOME that it is what I use every day.
>>>
>>> When you use a file manager like GNOME Files (Nautilus) to access a
smb
>>> share with a the smb URL scheme (smb://hostname/share), it mounts a
FUSE
>>> filesystem (file system in userspace) that access the share via a
process
>>> that uses Samba client libraries.
>>>
>>> Maybe you could use gnome-mount or the newer "gio mount",
or you can use
>>> desktop agnostic FUSE filesystems like smbnetfs or fusesmb.
>>>
>>>
>>>
>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>> In all things, Be Intentional.
>>>>
>>>>
>>>> On Mon, Nov 8, 2021 at 3:08 PM Robert Marcano via samba <
>>>> samba at lists.samba.org> wrote:
>>>>
>>>>> On 11/8/21 11:40 AM, Rob Campbell via samba wrote:
>>>>>> I am able to smbclient //host/share -U redhat -c
'ls' and view the
>>>>> files
>>>>>> but how do I mount that [as a user]?  All links I find
say I need to
>>>>> put it
>>>>>> in /etc/fstab.  If I do that, won't everyone have
access?  I don't
>> want
>>>>>> that.  You know how you would 'net use' to map
in Windows, is this
>> not
>>>>>> possible in Linux?
>>>>>>
>>>>>
>>>>> Whe you mount a share on Linux, you are using another
client that is
>>>>> part of the kernel, not smbclient that is a user space
implementation.
>>>>>
>>>>> Try
>>>>>
>>>>> mount -t cifs -o username=redhat //host/share
/mnt/target_dir
>>>>>
>>>>> You will need to have installed the mount.cifs utility.
Read the manual
>>>>> page of that command if you want to automate more
parameters like the
>>>>> password.
>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and
read the
>>>>> instructions: 
https://lists.samba.org/mailman/options/samba
>>>>>
>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

Am 09.11.21 um 14:21 schrieb Rob Campbell via samba:
> What I would want is for all users to have a mnt directory in their home
> that these shares would mount to.  So user 'tester' would have
> /home/tester/mnt/Photos /home/tester/mnt/Videos /home/tester/mnt/Music.  I
> guess I could create a standard mount point like /mnt/Photos /mnt/Videos
> /mnt/Music but then, how do I restrict access to what the share
> says @HOME\"Media Users"?  And how do I do I give write access to
> only @HOME\"Media Admins"?
> 
> I used gio mount smb://fs01/Photos and that created the share in Nautilus
> but I can't use my programs with that.  I tried the symlink ln -s
> /run/user/2002/gvfs/smb-share\:server\=fs01\,share\=Photos but that symlink
> didn't work at all.
You have two options I think:

pam_mount:

https://wiki.archlinux.org/title/pam_mount

https://www.bu.edu/engit/knowledge-base/linux/opensuseatbu-pam_mount/

or autofs:

https://www.unixmen.com/how-to-mount-a-smbcifs-share-as-an-automount-on-centosfedorarhel/

https://itectec.com/ubuntu/ubuntu-cifs-mounts-and-kerberos-permissions-on-access-or-best-practice/


I used to use pam_mount but switched to autfs as ist was more convenient.

Regards

-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen