Mounting Windows Shares in Linux

I’ve needed to mount CIFS shares (Windows network shares) from Linux before, and it’s usually not a problem. It’s as easy as the mount command with a few options – for example:

mount -t cifs //windowsbox/sharename /mnt/point

That command will use the caller’s username – since root is typically the only one allowed to mount file systems, it will try to authenticate with the Windows machine with the username “root.” You’ll be prompted for a password as well.

To specify a username to use for Windows authentication, use the ‘-o’ flag with a string of arguments, without spaces:

mount -t cifs -o username=ben //windowsbox/sharename /mnt/point

You can also throw the password in there, separating it from the username with a comma:

mount -t cifs -o username=ben,password=myP@ss\&ord //windowsbox/sharename /mnt/point

Note that you will need to escape any reserved characters from this command, such as the ampersand ‘&’ I have escaped in the example above.

However, if you wanted to mount this automatically, you’d have to add a new line to /etc/fstab to include the filesystem you want to mount. The line in /etc/fstab to mount the filesystem mentioned above would be something like

//windowsbox/sharename  /mnt/point  cifs  username=ben,password=myP@ss&ord  0  0

This will work all day long. However, there’s a problem: your password is in plain text in /etc/fstab, which is a file any user on the system can read. The best way to solve this is to put your credentials in a text file readable only by root, and then having /etc/fstab refer to this credentials file rather than including the username and password in the fstab line. According to the man page, the credentials file can have three lines in it:

username=value
password=value
domain=value

Another note: you don’t need to escape reserved characters in fstab or in the credentials file. You might want to store the file somewhere in root’s home directory or somewhere else that isn’t globally readable. Ownership should be root:root and permissions would be best at 600. If I stored the file at /root/creds.crd, the fstab line would then be

//windowsbox/sharename  /mnt/point  cifs  credentials=/root/creds.crd  0  0

Standard users would be able to see where the credentials were stored, but they would not be able to see those credentials.

Of course, if I missed anything you’ll let me know, right?