on

Mounting a Remote CIFS/SMB Share at Boot — /etc/fstab vs cron @reboot

If you need a remote SMB/CIFS share (e.g., a StorageBox or NAS) to be reliably available after reboots, /etc/fstab with systemd integration is the recommended approach. Using cron @reboot can work, but it lacks network awareness, retries, and proper secret handling.

Quick comparison

Aspect/etc/fstabcron @reboot
Network readinessRespects network ordering (_netdev, systemd targets)May run before network is up
Retries & resilienceAutomount and retry handled by systemdNo built‑in retries/backoff
SecurityCredentials file with strict permissionsPassword often exposed via process list
DiagnosticsFailures visible in system journalSilent unless you add logging
Operational fitSingle canonical source of truth for mountsSimple but fragile

Best practice: fstab + systemd‑friendly options

Use fake credentials in these examples: fakeuser123 / FakePassw0rd!. Replace with your real values.

1) Create the mount point

sudo mkdir -p /mnt/backupbox

2) Create a secure credentials file

sudo tee /root/.smbcredentials >/dev/null <<'EOF'
username=fakeuser123
password=FakePassw0rd!
EOF
sudo chmod 600 /root/.smbcredentials

3) Add the CIFS entry to /etc/fstab

Example for a remote share //backup.example.net/data mounted at /mnt/backupbox:

//backup.example.net/data  /mnt/backupbox  cifs  \
credentials=/root/.smbcredentials,iocharset=utf8,vers=3.0,uid=0,gid=0,\
_netdev,x-systemd.requires=network-online.target,x-systemd.automount,nofail  0  0

Option highlights

  • credentials= — keeps secrets out of the process list and fstab.
  • _netdev + x-systemd.requires=network-online.target — wait for the network to be fully up.
  • x-systemd.automount — on‑demand mount (no boot hang if remote is slow).
  • vers=3.0 — modern SMB dialect; adjust if your server requires 3.1.1 or 2.1.

4) Apply and test

sudo systemctl daemon-reload
sudo systemctl restart remote-fs.target
# or test the line syntax safely
sudo mount -a
mount | grep /mnt/backupbox

If you must use cron @reboot (not recommended)

Use a wrapper script that waits for network readiness, avoids plain‑text password in the command line, and retries gracefully.

Script: /root/bin/mount-remote-cifs.sh

#!/bin/bash
set -euo pipefail
MP="/mnt/backupbox"
SRC="//backup.example.net/data"
CREDS="/root/.smbcredentials"

mkdir -p "$MP"

# wait up to 60s for network
for i in {1..12}; do
  if getent hosts backup.example.net >/dev/null; then break; fi
  sleep 5
done

# already mounted?
mountpoint -q "$MP" && exit 0

# attempt mount with retries
for i in {1..5}; do
  /sbin/mount.cifs "$SRC" "$MP" -o "credentials=$CREDS,iocharset=utf8,vers=3.0,uid=0,gid=0" && exit 0
  sleep 6
 done

exit 1

Cron entry

@reboot /root/bin/mount-remote-cifs.sh >>/var/log/mount-remote-cifs.log 2>&1
Caveats: Even with a wrapper, cron lacks strong dependency management. You won’t get automount behavior or systemd’s recovery mechanisms. Prefer fstab/systemd for production.

Optional: native systemd mount units

For very fine‑grained control, define a native mount + automount pair.

/etc/systemd/system/mnt-backupbox.mount

[Unit]
Description=Remote CIFS Share
After=network-online.target
Wants=network-online.target

[Mount]
What=//backup.example.net/data
Where=/mnt/backupbox
Type=cifs
Options=credentials=/root/.smbcredentials,iocharset=utf8,vers=3.0,uid=0,gid=0,_netdev

[Install]
WantedBy=multi-user.target

/etc/systemd/system/mnt-backupbox.automount

[Unit]
Description=Automount for /mnt/backupbox

[Automount]
Where=/mnt/backupbox

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable --now mnt-backupbox.automount
# use on demand, systemd will mount the share when accessed

Troubleshooting checklist

  • Credentials: chmod 600 /root/.smbcredentials and correct username/password.
  • Dialect: try vers=3.1.1 or vers=2.1 if the server enforces specific SMB versions.
  • DNS / network: ensure the host resolves: getent hosts backup.example.net.
  • Logs: check journalctl -u remote-fs.target and dmesg | grep CIFS.
  • SELinux/AppArmor: confirm policies are not blocking mounts (mostly on hardened systems).

Summary: For reliability, security and operability, prefer /etc/fstab with systemd-aware options over cron @reboot. Keep secrets in a credentials file and test with mount -a before rebooting.

Comments

Post a Comment