[systemd-devel] systemd/automount for multiple users using Kerberos

Sebastian Treiber sebastian.treiber at gns-systems.de
Wed Apr 5 14:28:50 UTC 2017


Dear members of the Systemd mailing list,

for a long time I have been struggling with a problem which sounds
relatively easy:
I have a cifs file server and a Linux (CentOS 7) client. On the client I
want to mount a share from the file server using Kerberos.
Only the root user can perform the mount but typically it has no
Kerberos ticket. A user, on the other hand, has a Kerberos ticket but
must not mount anything.
That means the mount has to be done by the root user and the uid of a
user who has a valid Kerberos ticket has to be used as an option. For
example:
mount.cifs //path_to_file_server/share /mount_point -o sec=krb5,cruid=123456
So far so good. However, on the client there are multiple users and each
one wants to be able to mount the share to the same directory.
As to my knowledge, autofs is the only tool which provides a solution
for that (you can use something like "$USER" in the autofs configuration
file).

Systemd has a automount functionality as well and I was hoping to
replace autofs by systemd/automount since autofs is very unstable (as to
my experience).
Despite heavy googling I could not find a solution using
systemd/automount (or any other than autofs). My problem is that I
cannot specify the user-ID dynamically but only as a static string in
the ".mount" unit file (or fstab).
Does anyone of you know if this is possible with systemd?

Kind regard,

Sebastian

-- 

Mit freundlichen Grüßen
*Dr. Sebastian Treiber* | Systemanalytiker


GNS Systems - IT Dienstleistungen für Engineering
<http://www.gns-systems.de>

GNS Systems GmbH
Fronäckerstraße 36/1
71063 Sindelfingen
Tel.: +49 (0)7031/68838-66
Fax: +49 (0)7031/68838-11


Geschäftsführer: Christopher Woll
Sitz des Unternehmens: Braunschweig
Registergericht: Amtsgericht Braunschweig
Registernummer: HRB 4890
gns-systems.de <http://www.gns-systems.de>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170405/626c424e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7030 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170405/626c424e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 1444 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170405/626c424e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170405/626c424e/attachment.sig>


More information about the systemd-devel mailing list