How to set up an encrypted directory to be mounted only during samba access?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












7















(This is not about restricting client access, for which ext3 permissions do the trick)



I'd like to encrypt the data on my NAS drive (Buffalo LinkStation Pro with SSH access enabled, if that matters) in a user-friendly way. Currently, a truecrypt container has to be manually mounted via SSH and also unmounted again (unless you solve my timeout question). Using a passwordless (but EFS encrypted) SSH key this is reduced to two PuTTY desktop shortcuts and entering the truecrypt password (until simplified further) for mounting.



However, the ideal solution would be transparent. I first thought about trying to somehow have the share allow for EFS encryption, but that would probably involve more work and EFS for multiple users without an Active Directory server seems to be troublesome.



But now my idea is an automated mount of e.g. an EncFS encrypted directory triggered automatically by a samba access from authorized users (using Windows clients). How can that be achieved? (Bonus points for displaying a honeypot share for unauthorized users...)










share|improve this question
























  • I still don't understand who has the encryption credentials in the scenario: are they provided by the user when mounting? Does it have to be a password, or can it be a key file (which itself might be password-protected) on the client or the server (which)?

    – Gilles
    Oct 11 '12 at 9:48











  • @Gilles In this scenario, the Windows username/password transmitted to samba would also be used as encryption credentials (Ideally in such way that multiple users can mount the same volume with different credentials).

    – Tobias Kienzler
    Oct 11 '12 at 9:52






  • 1





    Server-side encryption then, to protect against attackers with physical access when the storage device is not in use? Ok.

    – Gilles
    Oct 11 '12 at 9:57











  • @Gilles Precisely that, thanks for the better wording

    – Tobias Kienzler
    Oct 11 '12 at 10:06















7















(This is not about restricting client access, for which ext3 permissions do the trick)



I'd like to encrypt the data on my NAS drive (Buffalo LinkStation Pro with SSH access enabled, if that matters) in a user-friendly way. Currently, a truecrypt container has to be manually mounted via SSH and also unmounted again (unless you solve my timeout question). Using a passwordless (but EFS encrypted) SSH key this is reduced to two PuTTY desktop shortcuts and entering the truecrypt password (until simplified further) for mounting.



However, the ideal solution would be transparent. I first thought about trying to somehow have the share allow for EFS encryption, but that would probably involve more work and EFS for multiple users without an Active Directory server seems to be troublesome.



But now my idea is an automated mount of e.g. an EncFS encrypted directory triggered automatically by a samba access from authorized users (using Windows clients). How can that be achieved? (Bonus points for displaying a honeypot share for unauthorized users...)










share|improve this question
























  • I still don't understand who has the encryption credentials in the scenario: are they provided by the user when mounting? Does it have to be a password, or can it be a key file (which itself might be password-protected) on the client or the server (which)?

    – Gilles
    Oct 11 '12 at 9:48











  • @Gilles In this scenario, the Windows username/password transmitted to samba would also be used as encryption credentials (Ideally in such way that multiple users can mount the same volume with different credentials).

    – Tobias Kienzler
    Oct 11 '12 at 9:52






  • 1





    Server-side encryption then, to protect against attackers with physical access when the storage device is not in use? Ok.

    – Gilles
    Oct 11 '12 at 9:57











  • @Gilles Precisely that, thanks for the better wording

    – Tobias Kienzler
    Oct 11 '12 at 10:06













7












7








7


2






(This is not about restricting client access, for which ext3 permissions do the trick)



I'd like to encrypt the data on my NAS drive (Buffalo LinkStation Pro with SSH access enabled, if that matters) in a user-friendly way. Currently, a truecrypt container has to be manually mounted via SSH and also unmounted again (unless you solve my timeout question). Using a passwordless (but EFS encrypted) SSH key this is reduced to two PuTTY desktop shortcuts and entering the truecrypt password (until simplified further) for mounting.



However, the ideal solution would be transparent. I first thought about trying to somehow have the share allow for EFS encryption, but that would probably involve more work and EFS for multiple users without an Active Directory server seems to be troublesome.



But now my idea is an automated mount of e.g. an EncFS encrypted directory triggered automatically by a samba access from authorized users (using Windows clients). How can that be achieved? (Bonus points for displaying a honeypot share for unauthorized users...)










share|improve this question
















(This is not about restricting client access, for which ext3 permissions do the trick)



I'd like to encrypt the data on my NAS drive (Buffalo LinkStation Pro with SSH access enabled, if that matters) in a user-friendly way. Currently, a truecrypt container has to be manually mounted via SSH and also unmounted again (unless you solve my timeout question). Using a passwordless (but EFS encrypted) SSH key this is reduced to two PuTTY desktop shortcuts and entering the truecrypt password (until simplified further) for mounting.



However, the ideal solution would be transparent. I first thought about trying to somehow have the share allow for EFS encryption, but that would probably involve more work and EFS for multiple users without an Active Directory server seems to be troublesome.



But now my idea is an automated mount of e.g. an EncFS encrypted directory triggered automatically by a samba access from authorized users (using Windows clients). How can that be achieved? (Bonus points for displaying a honeypot share for unauthorized users...)







linux samba encryption






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 13 '17 at 12:36









Community

1




1










asked Oct 11 '12 at 6:08









Tobias KienzlerTobias Kienzler

4,339104589




4,339104589












  • I still don't understand who has the encryption credentials in the scenario: are they provided by the user when mounting? Does it have to be a password, or can it be a key file (which itself might be password-protected) on the client or the server (which)?

    – Gilles
    Oct 11 '12 at 9:48











  • @Gilles In this scenario, the Windows username/password transmitted to samba would also be used as encryption credentials (Ideally in such way that multiple users can mount the same volume with different credentials).

    – Tobias Kienzler
    Oct 11 '12 at 9:52






  • 1





    Server-side encryption then, to protect against attackers with physical access when the storage device is not in use? Ok.

    – Gilles
    Oct 11 '12 at 9:57











  • @Gilles Precisely that, thanks for the better wording

    – Tobias Kienzler
    Oct 11 '12 at 10:06

















  • I still don't understand who has the encryption credentials in the scenario: are they provided by the user when mounting? Does it have to be a password, or can it be a key file (which itself might be password-protected) on the client or the server (which)?

    – Gilles
    Oct 11 '12 at 9:48











  • @Gilles In this scenario, the Windows username/password transmitted to samba would also be used as encryption credentials (Ideally in such way that multiple users can mount the same volume with different credentials).

    – Tobias Kienzler
    Oct 11 '12 at 9:52






  • 1





    Server-side encryption then, to protect against attackers with physical access when the storage device is not in use? Ok.

    – Gilles
    Oct 11 '12 at 9:57











  • @Gilles Precisely that, thanks for the better wording

    – Tobias Kienzler
    Oct 11 '12 at 10:06
















I still don't understand who has the encryption credentials in the scenario: are they provided by the user when mounting? Does it have to be a password, or can it be a key file (which itself might be password-protected) on the client or the server (which)?

– Gilles
Oct 11 '12 at 9:48





I still don't understand who has the encryption credentials in the scenario: are they provided by the user when mounting? Does it have to be a password, or can it be a key file (which itself might be password-protected) on the client or the server (which)?

– Gilles
Oct 11 '12 at 9:48













@Gilles In this scenario, the Windows username/password transmitted to samba would also be used as encryption credentials (Ideally in such way that multiple users can mount the same volume with different credentials).

– Tobias Kienzler
Oct 11 '12 at 9:52





@Gilles In this scenario, the Windows username/password transmitted to samba would also be used as encryption credentials (Ideally in such way that multiple users can mount the same volume with different credentials).

– Tobias Kienzler
Oct 11 '12 at 9:52




1




1





Server-side encryption then, to protect against attackers with physical access when the storage device is not in use? Ok.

– Gilles
Oct 11 '12 at 9:57





Server-side encryption then, to protect against attackers with physical access when the storage device is not in use? Ok.

– Gilles
Oct 11 '12 at 9:57













@Gilles Precisely that, thanks for the better wording

– Tobias Kienzler
Oct 11 '12 at 10:06





@Gilles Precisely that, thanks for the better wording

– Tobias Kienzler
Oct 11 '12 at 10:06










2 Answers
2






active

oldest

votes


















0














I'm seeing a sketch of a solution using Samba "logon scripts" - client-side code that runs after a samba login - but a complete solution needs to complete the sketch with details. Also related are "preexec scripts" - server-side code that runs during a samba login.



Referencing the smb.conf man page




logon script (G)



This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.



The script must be a relative path to the [netlogon] service. If the [netlogon] service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is:



/usr/local/samba/netlogon/STARTUP.BAT


The contents of the batch file are entirely your choice. A suggested command would be to add NET TIME SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE U: SERVERUTILS for commonly used utilities, or



NET USE Q: \SERVERISO9001_QA


for example.



Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached.



This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.




and also




preexec (S)



This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.



An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here is an example:



preexec = csh -c 'echo "Welcome to %S!" | /usr/local/samba/bin/smbclient -M %m -I %I' &



In your case, though, you really want logon scripts (unencrypted form is mounted on the client), so a solution sketch might involve:



  1. ensure that each computer has a EncFS equivalent installed

  2. write a logon script (.bat format) that calls encfs on the client and prompts the user for logon. The encfs command thus mounts the unencrypted form locally, with the remote store remaining encrypted.


  3. configure smb.conf so that the relevant users run the logon script. e.g. something like



    logon script = runencfs.bat



  4. For bonus points, your logon script might automate / prompt installation of Encfs (from the samba share) and only run the mount if it's installed!


Client-side scripts, though, are bound to give you headaches because of the cmd language, ensuring installation of encfs, and working around windows gotchas, like Windows 8.1 and up not running the logon scripts till five minutes later unless otherwise configured.






share|improve this answer






























    0














    If your concern is the security of data at rest you could look for an encryption solution on the NAS instead (FreeNAS and Synology do this). Upon boot you need to enter a key to open the volume but after that, it works just like an unencrypted share so no client side configuration required.



    If, on the other hand, you are concern about the data being taken from the server while it is running, having a client side encryption would solve your problem. Something like EncFS or Cryptomator could be the simplest solutions for your problem?



    • https://wiki.archlinux.org/index.php/EncFS

    • https://cryptomator.org

    Or maybe I misunderstood the problem?






    share|improve this answer






















      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f50550%2fhow-to-set-up-an-encrypted-directory-to-be-mounted-only-during-samba-access%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      I'm seeing a sketch of a solution using Samba "logon scripts" - client-side code that runs after a samba login - but a complete solution needs to complete the sketch with details. Also related are "preexec scripts" - server-side code that runs during a samba login.



      Referencing the smb.conf man page




      logon script (G)



      This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.



      The script must be a relative path to the [netlogon] service. If the [netlogon] service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is:



      /usr/local/samba/netlogon/STARTUP.BAT


      The contents of the batch file are entirely your choice. A suggested command would be to add NET TIME SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE U: SERVERUTILS for commonly used utilities, or



      NET USE Q: \SERVERISO9001_QA


      for example.



      Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached.



      This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.




      and also




      preexec (S)



      This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.



      An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here is an example:



      preexec = csh -c 'echo "Welcome to %S!" | /usr/local/samba/bin/smbclient -M %m -I %I' &



      In your case, though, you really want logon scripts (unencrypted form is mounted on the client), so a solution sketch might involve:



      1. ensure that each computer has a EncFS equivalent installed

      2. write a logon script (.bat format) that calls encfs on the client and prompts the user for logon. The encfs command thus mounts the unencrypted form locally, with the remote store remaining encrypted.


      3. configure smb.conf so that the relevant users run the logon script. e.g. something like



        logon script = runencfs.bat



      4. For bonus points, your logon script might automate / prompt installation of Encfs (from the samba share) and only run the mount if it's installed!


      Client-side scripts, though, are bound to give you headaches because of the cmd language, ensuring installation of encfs, and working around windows gotchas, like Windows 8.1 and up not running the logon scripts till five minutes later unless otherwise configured.






      share|improve this answer



























        0














        I'm seeing a sketch of a solution using Samba "logon scripts" - client-side code that runs after a samba login - but a complete solution needs to complete the sketch with details. Also related are "preexec scripts" - server-side code that runs during a samba login.



        Referencing the smb.conf man page




        logon script (G)



        This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.



        The script must be a relative path to the [netlogon] service. If the [netlogon] service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is:



        /usr/local/samba/netlogon/STARTUP.BAT


        The contents of the batch file are entirely your choice. A suggested command would be to add NET TIME SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE U: SERVERUTILS for commonly used utilities, or



        NET USE Q: \SERVERISO9001_QA


        for example.



        Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached.



        This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.




        and also




        preexec (S)



        This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.



        An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here is an example:



        preexec = csh -c 'echo "Welcome to %S!" | /usr/local/samba/bin/smbclient -M %m -I %I' &



        In your case, though, you really want logon scripts (unencrypted form is mounted on the client), so a solution sketch might involve:



        1. ensure that each computer has a EncFS equivalent installed

        2. write a logon script (.bat format) that calls encfs on the client and prompts the user for logon. The encfs command thus mounts the unencrypted form locally, with the remote store remaining encrypted.


        3. configure smb.conf so that the relevant users run the logon script. e.g. something like



          logon script = runencfs.bat



        4. For bonus points, your logon script might automate / prompt installation of Encfs (from the samba share) and only run the mount if it's installed!


        Client-side scripts, though, are bound to give you headaches because of the cmd language, ensuring installation of encfs, and working around windows gotchas, like Windows 8.1 and up not running the logon scripts till five minutes later unless otherwise configured.






        share|improve this answer

























          0












          0








          0







          I'm seeing a sketch of a solution using Samba "logon scripts" - client-side code that runs after a samba login - but a complete solution needs to complete the sketch with details. Also related are "preexec scripts" - server-side code that runs during a samba login.



          Referencing the smb.conf man page




          logon script (G)



          This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.



          The script must be a relative path to the [netlogon] service. If the [netlogon] service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is:



          /usr/local/samba/netlogon/STARTUP.BAT


          The contents of the batch file are entirely your choice. A suggested command would be to add NET TIME SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE U: SERVERUTILS for commonly used utilities, or



          NET USE Q: \SERVERISO9001_QA


          for example.



          Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached.



          This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.




          and also




          preexec (S)



          This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.



          An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here is an example:



          preexec = csh -c 'echo "Welcome to %S!" | /usr/local/samba/bin/smbclient -M %m -I %I' &



          In your case, though, you really want logon scripts (unencrypted form is mounted on the client), so a solution sketch might involve:



          1. ensure that each computer has a EncFS equivalent installed

          2. write a logon script (.bat format) that calls encfs on the client and prompts the user for logon. The encfs command thus mounts the unencrypted form locally, with the remote store remaining encrypted.


          3. configure smb.conf so that the relevant users run the logon script. e.g. something like



            logon script = runencfs.bat



          4. For bonus points, your logon script might automate / prompt installation of Encfs (from the samba share) and only run the mount if it's installed!


          Client-side scripts, though, are bound to give you headaches because of the cmd language, ensuring installation of encfs, and working around windows gotchas, like Windows 8.1 and up not running the logon scripts till five minutes later unless otherwise configured.






          share|improve this answer













          I'm seeing a sketch of a solution using Samba "logon scripts" - client-side code that runs after a samba login - but a complete solution needs to complete the sketch with details. Also related are "preexec scripts" - server-side code that runs during a samba login.



          Referencing the smb.conf man page




          logon script (G)



          This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.



          The script must be a relative path to the [netlogon] service. If the [netlogon] service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is:



          /usr/local/samba/netlogon/STARTUP.BAT


          The contents of the batch file are entirely your choice. A suggested command would be to add NET TIME SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE U: SERVERUTILS for commonly used utilities, or



          NET USE Q: \SERVERISO9001_QA


          for example.



          Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached.



          This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.




          and also




          preexec (S)



          This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.



          An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here is an example:



          preexec = csh -c 'echo "Welcome to %S!" | /usr/local/samba/bin/smbclient -M %m -I %I' &



          In your case, though, you really want logon scripts (unencrypted form is mounted on the client), so a solution sketch might involve:



          1. ensure that each computer has a EncFS equivalent installed

          2. write a logon script (.bat format) that calls encfs on the client and prompts the user for logon. The encfs command thus mounts the unencrypted form locally, with the remote store remaining encrypted.


          3. configure smb.conf so that the relevant users run the logon script. e.g. something like



            logon script = runencfs.bat



          4. For bonus points, your logon script might automate / prompt installation of Encfs (from the samba share) and only run the mount if it's installed!


          Client-side scripts, though, are bound to give you headaches because of the cmd language, ensuring installation of encfs, and working around windows gotchas, like Windows 8.1 and up not running the logon scripts till five minutes later unless otherwise configured.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Sep 21 '17 at 19:01









          madumlaomadumlao

          1,14166




          1,14166























              0














              If your concern is the security of data at rest you could look for an encryption solution on the NAS instead (FreeNAS and Synology do this). Upon boot you need to enter a key to open the volume but after that, it works just like an unencrypted share so no client side configuration required.



              If, on the other hand, you are concern about the data being taken from the server while it is running, having a client side encryption would solve your problem. Something like EncFS or Cryptomator could be the simplest solutions for your problem?



              • https://wiki.archlinux.org/index.php/EncFS

              • https://cryptomator.org

              Or maybe I misunderstood the problem?






              share|improve this answer



























                0














                If your concern is the security of data at rest you could look for an encryption solution on the NAS instead (FreeNAS and Synology do this). Upon boot you need to enter a key to open the volume but after that, it works just like an unencrypted share so no client side configuration required.



                If, on the other hand, you are concern about the data being taken from the server while it is running, having a client side encryption would solve your problem. Something like EncFS or Cryptomator could be the simplest solutions for your problem?



                • https://wiki.archlinux.org/index.php/EncFS

                • https://cryptomator.org

                Or maybe I misunderstood the problem?






                share|improve this answer

























                  0












                  0








                  0







                  If your concern is the security of data at rest you could look for an encryption solution on the NAS instead (FreeNAS and Synology do this). Upon boot you need to enter a key to open the volume but after that, it works just like an unencrypted share so no client side configuration required.



                  If, on the other hand, you are concern about the data being taken from the server while it is running, having a client side encryption would solve your problem. Something like EncFS or Cryptomator could be the simplest solutions for your problem?



                  • https://wiki.archlinux.org/index.php/EncFS

                  • https://cryptomator.org

                  Or maybe I misunderstood the problem?






                  share|improve this answer













                  If your concern is the security of data at rest you could look for an encryption solution on the NAS instead (FreeNAS and Synology do this). Upon boot you need to enter a key to open the volume but after that, it works just like an unencrypted share so no client side configuration required.



                  If, on the other hand, you are concern about the data being taken from the server while it is running, having a client side encryption would solve your problem. Something like EncFS or Cryptomator could be the simplest solutions for your problem?



                  • https://wiki.archlinux.org/index.php/EncFS

                  • https://cryptomator.org

                  Or maybe I misunderstood the problem?







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Feb 19 '18 at 23:12









                  PedroPedro

                  64939




                  64939



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f50550%2fhow-to-set-up-an-encrypted-directory-to-be-mounted-only-during-samba-access%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown






                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?