FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-03-2011, 03:58 PM
Jari Fredriksson
 
Default Samba or NFS

3.6.2011 18:08, Dan kirjoitti:
> Hi,
>
> I have two linux servers. One file server (debian) that is running
> samba and one application server (redhat). I would like to mount the
> shares of the file server in the application server. The problem is
> that the usernames are very different. Samba is already running and
> easier to set-up. NFS seems to be more difficult to set-up and also
> there are more security issues.
>
> Which are the advantages of NFS over Samba (cifs) other than the
> symbolic links. I read that even some people prefer samba over NFS to
> connect Unix to Unix.
>

NFS is by far simpler to use in pure Linux environment, Samba is for
Windows networks. NFS has no passwords, just install it with apt-get,
and declare /etc/exports in the server, and mount the shares in the
clients /etc/fstab. That's all it takes.

NFS offers native looking folders to *nix machines over networks.

--

Sheriff Chameleotoptor sighed with an air of weary sadness, and then
turned to Doppelgutt and said 'The Senator must really have been on a
bender this time -- he left a party in Cleveland, Ohio, at 11:30 last
night, and they found his car this morning in the smokestack of a British
aircraft carrier in the Formosa Straits.'
-- Grand Panjandrum's Special Award, 1985 Bulwer-Lytton
bad fiction contest.
 
Old 06-03-2011, 04:43 PM
"John A. Sullivan III"
 
Default Samba or NFS

----- Original Message -----
From: "Jari Fredriksson" <jarif@iki.fi>
To: debian-user@lists.debian.org
Sent: Friday, June 3, 2011 11:58:15 AM
Subject: Re: Samba or NFS

3.6.2011 18:08, Dan kirjoitti:
> Hi,
>
> I have two linux servers. One file server (debian) that is running
> samba and one application server (redhat). I would like to mount the
> shares of the file server in the application server. The problem is
> that the usernames are very different. Samba is already running and
> easier to set-up. NFS seems to be more difficult to set-up and also
> there are more security issues.
>
> Which are the advantages of NFS over Samba (cifs) other than the
> symbolic links. I read that even some people prefer samba over NFS to
> connect Unix to Unix.
>

NFS is by far simpler to use in pure Linux environment, Samba is for
Windows networks. NFS has no passwords, just install it with apt-get,
and declare /etc/exports in the server, and mount the shares in the
clients /etc/fstab. That's all it takes.

NFS offers native looking folders to *nix machines over networks.
<snip>
I don't know a lot about either but is "no passwords" still true with NFS4? Even if it is, is that one of the security issues the original poster is concerned about?

Under heavy concurrent usage, are there locking issues with either? Which performs better under heavy load with lots of random file IO? I am particularly interested because our environment has been build around iSCSI. There is a possible shift in a core technology for us which may shift us from a SAN using iSCSI to a NAS using either NFS or SMB so we, too, are quite interested in others' experiences. Thanks - John


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 46b5dae0-f0a4-45bd-b0b2-d20c6f59eefb@jaseee">http://lists.debian.org/46b5dae0-f0a4-45bd-b0b2-d20c6f59eefb@jaseee
 
Old 06-03-2011, 05:17 PM
William Hopkins
 
Default Samba or NFS

On 06/03/11 at 12:43pm, John A. Sullivan III wrote:
> ----- Original Message -----
> From: "Jari Fredriksson" <jarif@iki.fi>
> To: debian-user@lists.debian.org
> Sent: Friday, June 3, 2011 11:58:15 AM
> Subject: Re: Samba or NFS
>
> 3.6.2011 18:08, Dan kirjoitti:
> > Hi,
> >
> > I have two linux servers. One file server (debian) that is running
> > samba and one application server (redhat). I would like to mount the
> > shares of the file server in the application server. The problem is
> > that the usernames are very different. Samba is already running and
> > easier to set-up. NFS seems to be more difficult to set-up and also
> > there are more security issues.
> >
> > Which are the advantages of NFS over Samba (cifs) other than the
> > symbolic links. I read that even some people prefer samba over NFS to
> > connect Unix to Unix.
> >
>
> NFS is by far simpler to use in pure Linux environment, Samba is for
> Windows networks. NFS has no passwords, just install it with apt-get,
> and declare /etc/exports in the server, and mount the shares in the
> clients /etc/fstab. That's all it takes.
>
> NFS offers native looking folders to *nix machines over networks.
> <snip>
> I don't know a lot about either but is "no passwords" still true with NFS4? Even if it is, is that one of the security issues the original poster is concerned about?
>
> Under heavy concurrent usage, are there locking issues with either? Which performs better under heavy load with lots of random file IO? I am particularly interested because our environment has been build around iSCSI. There is a possible shift in a core technology for us which may shift us from a SAN using iSCSI to a NAS using either NFS or SMB so we, too, are quite interested in others' experiences. Thanks - John

SANs will almost always perform better than NAS', FWIW.

NFS has the better load handling and has good locking (provided you run it as recommended with portmap, statd, etc.)
Samba is primarily used to share files to windows hosts.

The security architecture of NFSv3 and earlier is based on simple UID reliance. You can stop root access altogether, and there's little concern of NFS leading to a system being corrupted, but it IS technically possible for a malicious user to delete other users files if you have write allowed. NFS is usually used in environments with trusted users (i.e. share only to specific machines, not the world).

--
Liam
 
Old 06-03-2011, 05:41 PM
Axel Freyn
 
Default Samba or NFS

Hi,
On Fri, Jun 03, 2011 at 01:17:35PM -0400, William Hopkins wrote:
> On 06/03/11 at 12:43pm, John A. Sullivan III wrote:
> > ----- Original Message -----
> > From: "Jari Fredriksson" <jarif@iki.fi>
> > To: debian-user@lists.debian.org
> > Sent: Friday, June 3, 2011 11:58:15 AM
> > Subject: Re: Samba or NFS
> >
> > 3.6.2011 18:08, Dan kirjoitti:
> > > Hi,
> > >
> > > I have two linux servers. One file server (debian) that is running
> > > samba and one application server (redhat). I would like to mount the
> > > shares of the file server in the application server. The problem is
> > > that the usernames are very different. Samba is already running and
> > > easier to set-up. NFS seems to be more difficult to set-up and also
> > > there are more security issues.
> > >
> > > Which are the advantages of NFS over Samba (cifs) other than the
> > > symbolic links. I read that even some people prefer samba over NFS to
> > > connect Unix to Unix.
> > >
> >
> > NFS is by far simpler to use in pure Linux environment, Samba is for
> > Windows networks. NFS has no passwords, just install it with apt-get,
> > and declare /etc/exports in the server, and mount the shares in the
> > clients /etc/fstab. That's all it takes.
> >
> > NFS offers native looking folders to *nix machines over networks.
> > <snip>
> > I don't know a lot about either but is "no passwords" still true
> > with NFS4? Even if it is, is that one of the security issues the
> > original poster is concerned about?
> >
> > Under heavy concurrent usage, are there locking issues with either?
> > Which performs better under heavy load with lots of random file IO?
> > I am particularly interested because our environment has been build
> > around iSCSI. There is a possible shift in a core technology for us
> > which may shift us from a SAN using iSCSI to a NAS using either NFS
> > or SMB so we, too, are quite interested in others' experiences.
> > Thanks - John
>
> SANs will almost always perform better than NAS', FWIW.
>
> NFS has the better load handling and has good locking (provided you
> run it as recommended with portmap, statd, etc.)
> Samba is primarily used to share files to windows hosts.
>
> The security architecture of NFSv3 and earlier is based on simple UID
> reliance. You can stop root access altogether, and there's little
> concern of NFS leading to a system being corrupted, but it IS
> technically possible for a malicious user to delete other users files
> if you have write allowed. NFS is usually used in environments with
> trusted users (i.e. share only to specific machines, not the world).

just to mention it:

NFSv3 has real security concerns (you have to trust in all machines
connected to the network. A LOCAL root account on a client is sufficient
to gain access to all files in the NFS-directory (by faking the UID).

For NFSv4 this has changed. You can use NFSv4 in different modes. The
easy one has the same problem.
However, you can switch on strong authentification (based on Kerberos),
then it's safe (the server verifies that the client has the correct
Kerberos-token of this user -- UID is not sufficient), and even ask to
sign all transfers (to block man-in-the-middle-attacks which could
change the commands sent to the server) and encryption (to protect data
privacy).

However, it's much more work to install, as you also need a full
Kerberos-setup....

Axel



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110603174153.GR19127@axel">http://lists.debian.org/20110603174153.GR19127@axel
 
Old 06-03-2011, 05:49 PM
William Hopkins
 
Default Samba or NFS

On 06/03/11 at 07:41pm, Axel Freyn wrote:
> Hi,
> On Fri, Jun 03, 2011 at 01:17:35PM -0400, William Hopkins wrote:
> > On 06/03/11 at 12:43pm, John A. Sullivan III wrote:
> > > ----- Original Message -----
> > > From: "Jari Fredriksson" <jarif@iki.fi>
> > > To: debian-user@lists.debian.org
> > > Sent: Friday, June 3, 2011 11:58:15 AM
> > > Subject: Re: Samba or NFS
> > >
> > > 3.6.2011 18:08, Dan kirjoitti:
> > > > Hi,
> > > >
> > > > I have two linux servers. One file server (debian) that is running
> > > > samba and one application server (redhat). I would like to mount the
> > > > shares of the file server in the application server. The problem is
> > > > that the usernames are very different. Samba is already running and
> > > > easier to set-up. NFS seems to be more difficult to set-up and also
> > > > there are more security issues.
> > > >
> > > > Which are the advantages of NFS over Samba (cifs) other than the
> > > > symbolic links. I read that even some people prefer samba over NFS to
> > > > connect Unix to Unix.
> > > >
> > >
> > > NFS is by far simpler to use in pure Linux environment, Samba is for
> > > Windows networks. NFS has no passwords, just install it with apt-get,
> > > and declare /etc/exports in the server, and mount the shares in the
> > > clients /etc/fstab. That's all it takes.
> > >
> > > NFS offers native looking folders to *nix machines over networks.
> > > <snip>
> > > I don't know a lot about either but is "no passwords" still true
> > > with NFS4? Even if it is, is that one of the security issues the
> > > original poster is concerned about?
> > >
> > > Under heavy concurrent usage, are there locking issues with either?
> > > Which performs better under heavy load with lots of random file IO?
> > > I am particularly interested because our environment has been build
> > > around iSCSI. There is a possible shift in a core technology for us
> > > which may shift us from a SAN using iSCSI to a NAS using either NFS
> > > or SMB so we, too, are quite interested in others' experiences.
> > > Thanks - John
> >
> > SANs will almost always perform better than NAS', FWIW.
> >
> > NFS has the better load handling and has good locking (provided you
> > run it as recommended with portmap, statd, etc.)
> > Samba is primarily used to share files to windows hosts.
> >
> > The security architecture of NFSv3 and earlier is based on simple UID
> > reliance. You can stop root access altogether, and there's little
> > concern of NFS leading to a system being corrupted, but it IS
> > technically possible for a malicious user to delete other users files
> > if you have write allowed. NFS is usually used in environments with
> > trusted users (i.e. share only to specific machines, not the world).
>
> just to mention it:
>
> NFSv3 has real security concerns (you have to trust in all machines
> connected to the network. A LOCAL root account on a client is sufficient
> to gain access to all files in the NFS-directory (by faking the UID).
>
> For NFSv4 this has changed. You can use NFSv4 in different modes. The
> easy one has the same problem.
> However, you can switch on strong authentification (based on Kerberos),
> then it's safe (the server verifies that the client has the correct
> Kerberos-token of this user -- UID is not sufficient), and even ask to
> sign all transfers (to block man-in-the-middle-attacks which could
> change the commands sent to the server) and encryption (to protect data
> privacy).
>
> However, it's much more work to install, as you also need a full
> Kerberos-setup....

As I said, NFSv3 is for trusted environments. Many thousands use it with success and security, you simply consider the security problem carefully before implementation. Anyone you grant access to a share may, if malicious, read or write everything (if write is enabled) in that share. Limiting the scope of shares is usually sufficient even for corporate security requirements such as SOX and HIPAA.

--
Liam
 
Old 06-03-2011, 06:27 PM
Dan
 
Default Samba or NFS

On Fri, Jun 3, 2011 at 1:49 PM, William Hopkins <we.hopkins@gmail.com> wrote:
> On 06/03/11 at 07:41pm, Axel Freyn wrote:
>> Hi,
>> On Fri, Jun 03, 2011 at 01:17:35PM -0400, William Hopkins wrote:
>> > On 06/03/11 at 12:43pm, John A. Sullivan III wrote:
>> > > ----- Original Message -----
>> > > From: "Jari Fredriksson" <jarif@iki.fi>
>> > > To: debian-user@lists.debian.org
>> > > Sent: Friday, June 3, 2011 11:58:15 AM
>> > > Subject: Re: Samba or NFS
>> > >
>> > > 3.6.2011 18:08, Dan kirjoitti:
>> > > > Hi,
>> > > >
>> > > > I have two linux servers. One file server (debian) that is running
>> > > > samba and one application server (redhat). I would like to mount the
>> > > > shares of the file server in the application server. The problem is
>> > > > that the usernames are very different. Samba is already running and
>> > > > easier to set-up. NFS seems to be more difficult to set-up and also
>> > > > there are more security issues.
>> > > >
>> > > > Which are the advantages of NFS over Samba (cifs) other than the
>> > > > symbolic links. I read that even some people prefer samba over NFS to
>> > > > connect Unix to Unix.
>> > > >
>> > >
>> > > NFS is by far simpler to use in pure Linux environment, Samba is for
>> > > Windows networks. NFS has no passwords, just install it with apt-get,
>> > > and declare /etc/exports in the server, and mount the shares in the
>> > > clients /etc/fstab. That's all it takes.
>> > >
>> > > NFS offers native looking folders to *nix machines over networks.
>> > > <snip>
>> > > I don't know a lot about either but is "no passwords" still true
>> > > with NFS4? Even if it is, is that one of the security issues the
>> > > original poster is concerned about?
>> > >
>> > > Under heavy concurrent usage, are there locking issues with either?
>> > > Which performs better under heavy load with lots of random file IO?
>> > > I am particularly interested because our environment has been build
>> > > around iSCSI. *There is a possible shift in a core technology for us
>> > > which may shift us from a SAN using iSCSI to a NAS using either NFS
>> > > or SMB so we, too, are quite interested in others' experiences.
>> > > Thanks - John
>> >
>> > SANs will almost always perform better than NAS', FWIW.
>> >
>> > NFS has the better load handling and has good locking (provided you
>> > run it as recommended with portmap, statd, etc.)
>> > Samba is primarily used to share files to windows hosts.
>> >
>> > The security architecture of NFSv3 and earlier is based on simple UID
>> > reliance. You can stop root access altogether, and there's little
>> > concern of NFS leading to a system being corrupted, but it IS
>> > technically possible for a malicious user to delete other users files
>> > if you have write allowed. NFS is usually used in environments with
>> > trusted users (i.e. share only to specific machines, not the world).
>>
>> just to mention it:
>>
>> NFSv3 has real security concerns (you have to trust in all machines
>> connected to the network. A LOCAL root account on a client is sufficient
>> to gain access to all files in the NFS-directory (by faking the UID).
>>
>> For NFSv4 this has changed. You can use NFSv4 in different modes. The
>> easy one has the same problem.
>> However, you can switch on strong authentification (based on Kerberos),
>> then it's safe (the server verifies that the client has the correct
>> Kerberos-token of this user -- UID is not sufficient), and even ask to
>> sign all transfers (to block man-in-the-middle-attacks which could
>> change the commands sent to the server) and encryption (to protect data
>> privacy).
>>
>> However, it's much more work to install, as you also need a full
>> Kerberos-setup....
>
> As I said, NFSv3 is for trusted environments. Many thousands use it with success and security, you simply consider the security problem carefully before implementation. Anyone you grant access to a share may, if malicious, read or write everything (if write is enabled) in that share. Limiting the scope of shares is usually sufficient even for corporate security requirements such as SOX and HIPAA.
>
> --
> Liam
>
Thanks a lot for your answers, I will use NFS. Both computers and the
users are trusted. To improve the security I could set rules in the
iptables to allow NFS access only to my computers.

Dan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTimKR7yJdK16uEuovcZh4U6EZShS5Q@mail.gmail.com ">http://lists.debian.org/BANLkTimKR7yJdK16uEuovcZh4U6EZShS5Q@mail.gmail.com
 
Old 06-03-2011, 06:34 PM
alberto fuentes
 
Default Samba or NFS

On Fri, Jun 3, 2011 at 8:27 PM, Dan <ganchya@gmail.com> wrote:




Thanks a lot for your answers, I will use NFS. Both computers and the

users are trusted. To improve the security I could set rules in the

iptables to allow NFS access only to my computers.

The problem is not that the users are trusted... the problem is if everybody in that lan is trusted. Anybody in your lan can spoof the trusted ip and get access to share AFAIK...




As said previously nfsv4 should be used with kerberos if you want to do it properly







Dan

greets!
aL
 
Old 06-04-2011, 03:02 AM
Ron Johnson
 
Default Samba or NFS

On 06/03/2011 11:43 AM, John A. Sullivan III wrote:
[snip]


NFS is by far simpler to use in pure Linux environment, Samba is for
Windows networks. NFS has no passwords, just install it with apt-get,
and declare /etc/exports in the server, and mount the shares in the
clients /etc/fstab. That's all it takes.



Fine for home environments, but shouldn't an office environment use LDAP
for coordinated UID/GID sharing?


--
"Neither the wisest constitution nor the wisest laws will secure
the liberty and happiness of a people whose manners are universally
corrupt."
Samuel Adams, essay in The Public Advertiser, 1749


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4DE9A037.1030809@cox.net">http://lists.debian.org/4DE9A037.1030809@cox.net
 
Old 06-04-2011, 03:08 AM
Nico Kadel-Garcia
 
Default Samba or NFS

On Fri, Jun 3, 2011 at 11:08 AM, Dan <ganchya@gmail.com> wrote:
> Hi,
>
> I have two linux servers. One file server (debian) that is running
> samba and one application server (redhat). I would like to mount the
> shares of the file server in the application server. The problem is
> that the usernames are very different. Samba is already running and
> easier to set-up. NFS seems to be more difficult to set-up and also
> there are more security issues.
>
> Which are the advantages of NFS over Samba (cifs) other than the
> symbolic links. I read that even some people prefer samba over NFS to
> connect Unix to Unix.
>
> Thanks,
> Dan

CIFS clients mishandle mixed case filenames, such as 'file.txt",
"FILE.txt", and "FILE.TXT". They also have a massively different idea
of how file ownership and privileges work than the POSIX standards
built into most UNIX and Linux native filesystems. And while I very
much applaud the work of the Samba team for providing this
cross-compatibility tool, it performs like a *dog* compared to NFS,
AFS, ZFS, or the other more powerful network based fileysstems.

NFS needs some attention to security: so does CIFS. But most of the
complexities CIFS does more trivilally, such as mixed group ownership,
can be resolved with tools built into NFS such as "netgroups" suport.
And holy moley, but the speed of simple network operations like
Subversion checkouts is *grotesquely* faster under NFS.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTi=5pby1ShwoKnZ7rqTQumWfVbT3XA@mail.gmail.com ">http://lists.debian.org/BANLkTi=5pby1ShwoKnZ7rqTQumWfVbT3XA@mail.gmail.com
 
Old 06-04-2011, 03:28 AM
William Hopkins
 
Default Samba or NFS

On 06/03/11 at 10:02pm, Ron Johnson wrote:
> On 06/03/2011 11:43 AM, John A. Sullivan III wrote:
> [snip]
> >
> >NFS is by far simpler to use in pure Linux environment, Samba is for
> >Windows networks. NFS has no passwords, just install it with apt-get,
> >and declare /etc/exports in the server, and mount the shares in the
> >clients /etc/fstab. That's all it takes.
> >
>
> Fine for home environments, but shouldn't an office environment use
> LDAP for coordinated UID/GID sharing?

The UID namespace is an orthogonal issue.. you can use LDAP or you can use simple file-transfer mechanisms to keep your passwd and group files synchronized. It's not a security issue unless you have users with different UIDs on different systems and you don't realize this when setting permissions.

Although yes, most offices (big more than small) use LDAP or similar.

--
Liam
 

Thread Tools




All times are GMT. The time now is 07:07 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org