We have a Windows (AD) domain which a RHEL/CentOS 7 server has joined (SSSD / realmd). The users log into the server via SSH with their AD credentials. Now the users should be able to mount some of their Windows shares on the RHEL server. However, I want to avoid granting all the users sudo rights for (u)mount and setting the SUID flag for (u)mount.
I have discovered the gvfs-mount command which seems to be what I need, so I went ahead and installed the necessary packages. As the application needs to have access to a session DBus, the variable DBUS_SESSION_BUS_ADDRESS needs to be exported. To be able to start a DBus-Daemon (dbus-launch), I installed the dbus-x11 package.
Running the commands
export $(dbus-launch)
gvfs-mount smb://DOMAIN\;USER@HOST/SHARE
mounts the share successfully.
My initial thought was to just put the first line into the .bash_profile. There are, however, two major problems related to that solution:
- Every time someone logs in, a new instance of
dbus-daemonis created that is not killed upon logout. Even worse, the packagedbus-x11installed the script/etc/X11/xinit/xinit.rc.d/00-start-message-bus.shthat starts already an instance per login, but how do I get the address variable? - If the user forgets to unmount the share, it can't be unmounted at a later login as the address variable is unknown.
Ideally, the dbus-daemon should be started upon login and the address variable should be exported. When the SSH session is terminated (logout is optional) all shares that are still mounted should be unmounted and the daemon should be killed. How do I achieve this in an elegant way?
Related, but old and essentially not answered: Reuse D-Bus sessions across login sessions
request-keycallback, which is defined in/etc/request-key.d/cifs.spnego.conf. Its all part of the cifs-utils package. – jsbillings Jan 23 '16 at 04:00