Is it possible to mount a CIFS volume using a credentials file against the LOCAL driver?

Question

Is it possible to mount a CIFS volume using a credentials file against the LOCAL driver?

I'm aware that plugins like docker-volume-netshare exist and I've used them in the past but for this project I am constrained to the local driver only.

I can successfully create and use a CIFS volume with the local driver in the traditional sense (passing it the username/password inline) but now I want to pass the credentials via a credentials file. The Docker documentation says it supports similar commands as mount so, to that end, I've been trying to pass the credentials like I would if I were mounting it via the mount command.

I have a /root/.cifs file.

username=myusername
password=mypassword

Then I tested it by mount manually

mount -t cifs \
-o credentials=/root/.cifs,vers=3.0 \
//192.168.76.20/docker_01 /mnt

It works successfully and I can read/write data. So now I try to create the docker volume using the same logic.

docker volume create \
--driver local \
--name persistent \
--opt type=cifs \
--opt device=//192.168.76.20/docker_01 \
--opt o=credentials=/root/.cifs,vers=3.0

However, when I try to use the volume I get CIFS VFS: No username specified in the Docker log file.

I tried modifying the volume parameters by including the username (--opt o=credentials=/root/.cifs,username=docker01,vers=3.0) but that just results in 0xc000006d STATUS_LOGON_FAILURE

Is there a way to create a CIFS volume without having to specify the credentials inline?

docker

asked on Stack Overflow Jan 5, 2019 by

Brian Mitchell • edited Jan 5, 2019 by

Brian Mitchell

1 Answer

I just digged into this to find out why it does not work. It seems the issue here is that the credentials-file is a feature of the wrapper binary "mount.cifs" while docker uses the systemcall SYS_MOUNT itself for mounting the volume:

If you look into the linux kernel's cifs extension it says:

When using the mount helper mount.cifs, passwords may be specified via alternate mechanisms, instead of specifying it after -o using the normal "pass=" syntax on the command line:

You can trace this down to the source code of the mount.cifs executable where you find the code to read the credentials file.

From this I conclude that unless you change the docker source code to use the mount.cifs executable instead of the linux system call this will not work.

answered on Stack Overflow May 27, 2021 by

knorx

User contributions licensed under CC BY-SA 3.0