A persistent SMB/CIFS mount belongs in /etc/fstab when a Linux service, job, or user expects a network share at the same local path after startup. Passwords should stay out of /etc/fstab because that file is commonly readable by local users, so the mount entry should point to a root-owned credentials file.
mount.cifs reads the credentials file, authenticates to the server, and attaches the share through the Linux cifs filesystem driver. The fstab line keeps the UNC path, mount point, filesystem type, and mount options in one saved entry, which lets mount /mnt/team use the same configuration every time.
Replace the sample server, share, account, UID, and GID with values from the Linux client and SMB server. Keep nofail and _netdev when the share may be unavailable during boot, and add vers= or sec= only when the server requires a specific protocol or authentication mode.
Steps to mount an SMB/CIFS share from fstab:
- Confirm that the CIFS mount helper is available.
$ mount.cifs -V mount.cifs version: 7.4
Install the cifs-utils package first when this command is missing. On Debian and Ubuntu clients, use sudo apt install cifs-utils.
- Create a protected directory for SMB credentials.
$ sudo install -d -m 0750 /etc/samba/credentials
- Create the credentials file for the share account.
$ sudo vi /etc/samba/credentials/team-share
- /etc/samba/credentials/team-share
username=files-team password=replace-with-share-password domain=WORKGROUP
Omit domain= when the account is local to the SMB server. Keep the file format as key=value lines without spaces around the equals sign.
- Set the credentials file owner to root.
$ sudo chown root:root /etc/samba/credentials/team-share
- Restrict the credentials file permissions.
$ sudo chmod 600 /etc/samba/credentials/team-share
- Verify that only root can read the credentials file.
$ stat -c '%a %U %G %n' /etc/samba/credentials/team-share 600 root root /etc/samba/credentials/team-share
- Create the local mount point.
$ sudo mkdir -p /mnt/team
- Identify the local user and group that should own files in the mounted tree.
$ id appuser uid=1001(appuser) gid=1001(appuser) groups=1001(appuser)
Use the UID and GID that should own files as they appear on the Linux client. The SMB server still enforces access through the account in the credentials file.
- Open /etc/fstab for editing.
$ sudo vi /etc/fstab
- Add the CIFS mount entry.
- /etc/fstab
//files.example.net/team /mnt/team cifs credentials=/etc/samba/credentials/team-share,uid=1001,gid=1001,file_mode=0660,dir_mode=0770,iocharset=utf8,nofail,_netdev 0 0
Use \040 for spaces in the server or share path. Keep the credentials path absolute because fstab entries are processed outside an interactive shell.
A malformed /etc/fstab entry can delay boot or leave the share unmounted. Test the entry before relying on the next reboot.
- Mount the saved fstab entry.
$ sudo mount /mnt/team
No output normally means the target mounted. If authentication or protocol errors appear, verify the credentials file and server dialect before adding more options.
- Confirm that the path is mounted through cifs.
$ findmnt /mnt/team -o TARGET,SOURCE,FSTYPE TARGET SOURCE FSTYPE /mnt/team //files.example.net/team cifs
- Create a temporary file on the mounted share.
$ touch /mnt/team/fstab-check.txt
Use a read-only check such as ls /mnt/team instead when the share is intentionally mounted read-only.
- Confirm that the file appears with the expected local owner and mode.
$ ls -l /mnt/team/fstab-check.txt -rw-rw---- 1 appuser appuser 0 Jun 16 01:15 /mnt/team/fstab-check.txt
- Remove the temporary test file.
$ rm /mnt/team/fstab-check.txt
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
