4

I have the following bash script to mount a couple of shared directories in a NAS drive:

sudo mount -t cifs //server/dir1 /mnt/nas/dir1 -o username=raf
sudo mount -t cifs //server/dir2 /mnt/nas/dir2 -o username=raf
sudo mount -t cifs //server/dir3 /mnt/nas/dir3 -o username=raf

Each of these mount commands will ask for a password. I want to avoid having to enter the same password multiple times.

From mount.cifs manual, it says that it can use the variable PASSWD for the password.

That's where my bash skills fail me: how can I update the script to ask and set the PASSWD variable, call the mount commands, and finally unset the PASSWD variable?

So far I could go as far as reading something without echoing back to screen using

read -s PASSWD

But I'm not sure how to incorporate that into the script.

Note 1: The mount argument -o password=password is a no go for me. I don't want hard coded passwords in a text file.

Note 2: Similarly, I'd rather not go for the mount argument credentials=filename

Raf
  • 1,628
  • 3
  • 21
  • 40
  • See: [How do I pass credential file to mount.cifs?](https://serverfault.com/q/367934/234750) – Cyrus Sep 30 '18 at 18:58

1 Answers1

3

Most likely the variable is not seen by child process. You can export the PASSWD using export

read -s PASSWD
export PASSWD

Note: This makes it available to all the child process. For your purposes, what you need is simply export the variable only to concerned child process.

sudo PASSWD="$PASSWD" mount -t cifs //server/dir3 /mnt/nas/dir3 -o username=raf
apatniv
  • 1,771
  • 10
  • 13
  • `sudo` complicates matters; you can't put the assignment before `mount`, and `sudo` doesn't (by default) pass its own environment onto the program it runs. – chepner Sep 30 '18 at 19:24
  • @chepner: It seems you can. @Vivek's suggestion in the note worked perfectly fine for me: `sudo PASSWD="$PASSWD" mount ...` – Raf Sep 30 '18 at 19:28
  • Now, at the end, do I need to `unset PASSWD` ? – Raf Sep 30 '18 at 19:31
  • @Raf Ah, I didn't read `man sudo` closely enough; I assumed that since the command had to be an executable (not a shell function or arbitrary shell command), that precommand modifiers weren't permitted either. – chepner Sep 30 '18 at 20:58
  • 2
    Since `PASSWD="$PASSWD"` is part of the command line now, it ends up being visible in the process table for all users (e.g. `ps` output). It is safer to move the variable definition in front of `sudo` and use the `-E` option to inherit it, i.e. `PASSWD="$PASSWD" sudo -E mount ...` – Grisha Levit Oct 01 '18 at 09:14
  • 1
    @GrishaLevit thanks for pointing that out, this is an important security flaw. However when doing a `ps -A`, or `ps -e`, I can see only the main process name, and not the `PASSWD` variable definition. Which syntax did you use exactly to be able to see it? – Raf Oct 04 '18 at 16:42
  • @Raf the variable definition shows up as part of the `sudo` process entry, not the child process that sudo launches. I tried with `sudo var=foo sleep 60 &`. – Grisha Levit Oct 05 '18 at 01:42