Bash Script Solution: Secure Home Directory Mounts for Shared POS Systems

by

Introduction

In retail environments, especially in the mid-2000s, shared Windows terminals were a staple of day-to-day operations. At an auto parts store, four shared point-of-sale PCs were used by rotating sales staff—all logged in with a general Windows account for simplicity. However, employees sometimes needed access to their own private home directories from these shared systems. To solve this, a web interface was built—allowing employees to authenticate and choose how long their personal network home directory should be accessible. The real magic, however, happened on the backend: a robust Bash script that mounted and unmounted SMB shares on demand.

What Does the Script Do?

The script manages the lifecycle of SMB/CIFS home directory mounts for authenticated users:

  • Mounts the user’s personal home directory and selected shared directories on demand, based on credentials provided via the web interface.
  • Unmounts and cleans up home directories after a time limit, either scheduled automatically via cron or manually (e.g., if the employee logs out early).
  • Keeps mounts private and removes them after use, avoiding accidental data access by other users on the same shared terminal.
  • Supports custom mount timeouts, user-initiated disconnection, and robust error handling/logging.

Workflow Overview

  1. User Authentication: A staff member logs in to a web interface, authenticates, and chooses how long to mount their home directory.
  2. Script Invocation: Upon request, the web application calls this Bash script with relevant parameters (user, IP address, password, timeout, and any extra shares to mount).
  3. Mount Operation (checkin): The script creates the necessary mount points, authenticates over SMB to the home server, and securely mounts the user’s directories.
  4. Active Usage: The home directory is available at a specific network path on the shared PC for the requested period.
  5. Timeout/Manual Disconnect (checkout): A scheduled cron job (or user action from the web interface) unmounts the home directory when time expires or the user logs out.
  6. Logging and Security: All actions are logged, and the script ensures private directories aren’t left mounted after their expiry.

How It Works (Key Features)

  • Mode Selection: The script detects requested action—either mounting (--checkin), refreshing timeouts (--refresh), or unmounting (--checkout).
  • Permission and Directory Handling: Mounts are stored under /var/spool/samba/homedir/, segregated by client IP, and use strict permissions (usually group/owner by sales staff and web server).
  • Timeout Tracking: For each mount, a timestamp file encodes the user, IP, and timeout. The script reads these to determine when to clean up mounts, ensuring no mount persists longer than intended.
  • Multiple Shares: Besides the home directory, users can specify additional shares to mount in the same session.
  • Robust Mounting/Unmounting: Prevents duplicate mounts, checks for open files before unmounting, and handles forced disconnects or cleanup on error.
  • Feedback and Logging: Maintains detailed logs per client for audit and troubleshooting.

How to Use the Script

Prerequisites

  • The script requires smbmount/smbclient, standard on Linux systems circa 2005.
  • The smbmounter.conf file lists all available shares and must be configured by the admin.
  • Users interact via a web interface; the script is not designed for direct command-line interaction by end users.

Operational Steps (Administrator’s Perspective)

  1. Deploy on Linux host with access to the Samba shares and the client PCs’ shared directory.
  2. Configure smbmounter.conf to list all allowed shares.
  3. Set up the web interface to call the script with appropriate arguments:
    • --checkin to mount user home/share.
    • --refresh to extend or update timeouts.
    • --checkout (optionally with --force) to disconnect and unmount.
  4. Schedule a cron job to regularly execute the script in --checkout mode, so expired mounts are unmounted even if a user leaves without logging out.
  5. Monitor logs for errors, abnormal mount durations, or unauthorized access.

User Flow (for Employees)

  • Log in to the web interface, select desired mount time, and authenticate.
  • Use Windows Explorer or mapped drives to access the mounted home directory at the shared terminal.
  • Either let the timeout elapse for automatic unmounting or manually disconnect via the web interface when finished.

Why This Matters

This Bash script provided rotating sales staff with seamless, secure access to their data in an era before “cloud” file management was ubiquitous. It automated private network drive mounting and unmounting without risking data leaks on shared PCs—a clever use of Linux, SMB tools, and scheduling.

Conclusion

Even now, this approach showcases how scripting can bridge the gap between security, usability, and legacy IT environments. For retail and office environments with shared terminals and rotating users, solutions like this remain instructive for modern systems administration.

Leave a comment