LinuxCommandLibrary

cifscreds

Manage credentials for CIFS/SMB file shares

SYNOPSIS

cifscreds {add|update|dump} <filename> [username=<value>] [password=<value>] [domain=<value>]
    [-f|--force] [-v|--verbose] [-u <user>|--username=<user>] [-p <pass>|--password=<pass>] [-d <domain>|--domain=<domain>]
cifscreds {-h|--help}

PARAMETERS

-h, --help
    Display help message and exit

-v, --verbose
    Enable verbose output

-f, --force
    Force overwrite of existing credentials without prompting

-u <username>, --username=<username>
    Specify username (alternative to positional argument)

-p <password>, --password=<password>
    Specify password (alternative to positional argument; use cautiously)

-d <domain>, --domain=<domain>
    Specify domain/workgroup (alternative to positional argument)

DESCRIPTION

cifscreds is a utility from the cifs-utils package for creating, updating, and displaying credentials files used with mount.cifs to mount SMB/CIFS network shares securely. It stores username, password, and domain in a plain-text file protected by strict 0600 permissions and ownership by the current user, preventing exposure of passwords on the command line during mounts.

The tool supports three operations: add to create a new file or add credentials (prompting interactively if values omitted), update to modify existing credentials, and dump to view file contents (with password masked as asterisks for safety). Credentials can be supplied via positional arguments like username=value or options such as -u. After running, the file is automatically secured.

This is essential for automated scripts or frequent mounts to Windows/Samba shares, supporting options like sec=ntlm or sec=krb5. Always store files in safe locations like ~/.smbcredentials and avoid world-readable directories.

CAVEATS

Credentials stored in plain text; ensure 0600 permissions and user ownership. Avoid using -p in scripts or histories. Not for multi-user shared files. Interactive prompts on TTY only.

EXAMPLE USAGE

cifscreds add ~/.smbcreds (interactive prompts)
cifscreds add /tmp/creds username=alice password=secret123 domain=WORKGROUP -f
cifscreds dump ~/.smbcreds (shows: username=alice
domain=WORKGROUP
password=********)
mount -t cifs //server/share /mnt -o credentials=~/.smbcreds

FILE FORMAT

Credentials file is key=value pairs:
username=alice
password=secret
domain=WORKGROUP

HISTORY

Introduced in cifs-utils 4.0 (2007) to enhance secure credential handling for Linux CIFS kernel client; evolved with Samba SMB protocol support.

SEE ALSO

mount.cifs(8), mount(8), smbclient(1), cifs-utils(8)

Copied to clipboard