Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to mount a CIFS volume using a credentials file against the LOCAL driver?

Tags:

docker

I'm aware that plugins like docker-volume-netshare exist and I've used them in the past but for this project I am constrained to the local driver only.

I can successfully create and use a CIFS volume with the local driver in the traditional sense (passing it the username/password inline) but now I want to pass the credentials via a credentials file. The Docker documentation says it supports similar commands as mount so, to that end, I've been trying to pass the credentials like I would if I were mounting it via the mount command.

I have a /root/.cifs file.

username=myusername
password=mypassword

Then I tested it by mount manually

mount -t cifs \
-o credentials=/root/.cifs,vers=3.0 \
//192.168.76.20/docker_01 /mnt

It works successfully and I can read/write data. So now I try to create the docker volume using the same logic.

docker volume create \
--driver local \
--name persistent \
--opt type=cifs \
--opt device=//192.168.76.20/docker_01 \
--opt o=credentials=/root/.cifs,vers=3.0

However, when I try to use the volume I get CIFS VFS: No username specified in the Docker log file.

I tried modifying the volume parameters by including the username (--opt o=credentials=/root/.cifs,username=docker01,vers=3.0) but that just results in 0xc000006d STATUS_LOGON_FAILURE

Is there a way to create a CIFS volume without having to specify the credentials inline?

like image 365
Brian Mitchell Avatar asked Jan 05 '19 20:01

Brian Mitchell

1 Answers

I just digged into this to find out why it does not work. It seems the issue here is that the credentials-file is a feature of the wrapper binary "mount.cifs" while docker uses the systemcall SYS_MOUNT itself for mounting the volume:

If you look into the linux kernel's cifs extension it says:

When using the mount helper mount.cifs, passwords may be specified via alternate mechanisms, instead of specifying it after -o using the normal "pass=" syntax on the command line:

You can trace this down to the source code of the mount.cifs executable where you find the code to read the credentials file.

From this I conclude that unless you change the docker source code to use the mount.cifs executable instead of the linux system call this will not work.

like image 87
knorx Avatar answered Nov 11 '22 07:11

knorx

Sign in to Comment

Related questions

python: PyPi public modules: How to determine if secure and safe?
Update docker container when new image is getting released
docker-compose up : Encountered errors while bringing up the project
how to increase docker build's volume size
Docker-ized Consul, Zookeeper and Kafka in Amazon-ECS
Docker force overwrite last tag and pushing on AWS ECR
How to use wkhtmltopdf with Docker
Maven inside docker container horribly slow
Docker Oracle12c Enterprise image created from container symlink broken
Build docker image from Dockerfile using Bazel
Docker container can't curl, SSL wrong version number
mkdir: cannot create directory '/ffa_app': Permission denied
Libreoffice gives "Application Error" when called from R
Redis sentinel failover configuration in docker swarm
Run MySQL a prefilled docker container as random (non-root) linux user?
How to add containers to a Kubernetes pod on runtime
Reclaim disk space after removing file from Docker container
`docker start` in parallel?
docker error in windows container read tcp : wsarecv: An existing connection was forcibly closed by the remote host
Local Development Best Practices: Java, Docker, Kubernetes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!