Re: Samba or NFS

To: Nico Kadel-Garcia <nkadel@gmail.com>
Cc: Simon Brandmair <sbrandmair@gmx.net>, debian-user@lists.debian.org
Subject: Re: Samba or NFS
From: Dan <ganchya@gmail.com>
Date: Mon, 6 Jun 2011 14:51:17 -0400
Message-id: <[🔎] BANLkTi=wi6WNaxAwuWGzsvWP6BqxgiD_4w@mail.gmail.com>
In-reply-to: <[🔎] BANLkTimiGeuBaQf-L09PcED7k72ThQWHCA@mail.gmail.com>
References: <[🔎] 4DE90497.4020901@iki.fi> <[🔎] 46b5dae0-f0a4-45bd-b0b2-d20c6f59eefb@jaseee> <[🔎] 20110603171735.GK12868@slimer> <[🔎] 20110603174153.GR19127@axel> <[🔎] isfiqp$hsn$1@news.albasani.net> <[🔎] BANLkTimiGeuBaQf-L09PcED7k72ThQWHCA@mail.gmail.com>

On Sun, Jun 5, 2011 at 9:30 PM, Nico Kadel-Garcia <nkadel@gmail.com> wrote:
> On Sun, Jun 5, 2011 at 5:38 AM, Simon Brandmair <sbrandmair@gmx.net> wrote:
>> Hi,
>>
>> On 3/6/2011 19:50 Axel Freyn wrote:
>> [...]
>>> For NFSv4 this has changed. You can use NFSv4 in different modes. The
>>> easy one has the same problem.
>
> NFSv4 is a giant pain in the keister, not worth the headaches. The
> NFSv4 access published from an actual Linux or other NFSv4 capable
> service can be published, it can be passed along via Samba to CIFS
> clients, but the CIFS clients cannot *see* or manipulate the NFSv4
> permissions due to incompatibilities between thee two ownership
> models, and due to the Samba code for this being "spaghetti code".
> (http://samba.2283325.n4.nabble.com/viewing-if-not-editing-NFSv4-ACL-s-from-Samba-shares-td2417666.html).
>
> Overall, NFSv4 has proven itself destabilizing and useless in small
> and large environments. It takes a significant investment in complex
> infrastructure, and the security benefits have proven to be illusory
> in the face of clients who *insist* on making their home directories
> publicly accessible, clients who use password free SSH keys, or
> clients who store passwords in source controlled software with no
> access control. (I've run into all of these in environments that spent
> useless years pursuing the "security" of NFSv4 and ignoring gaping
> holes in infrastructure security.)

Yes, I read the documentation for Kerberos and it seems to be too
complicated. I think that it is an overkill to connect to computers.
In my case the LAN is the whole University and it is very easy to
spoof an IP, I checked that. So NFSv3 might not be such a good idea.

How about NFSv3 over a ssh tunnel? That should be easy to implement. I
compared the transfer of a file of 700Mb between scp (encrypted) and
samba not encrypted, and the result is:
-scp: 38 seconds, and 25% of overhead in one of the 4 cores of the computer
-samba: 18 seconds and no overhead

So in my case I think it can be acceptable to do a ssh tunnel as most
of the times most of the cores of the computer are not used and there
is not a big traffic of data. Are there other disadvantages of using a
ssh tunnel?

Thanks,
Dan

Reply to:

Follow-Ups:
- Re: Samba or NFS
  - From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>

References:
- Re: Samba or NFS
  - From: Jari Fredriksson <jarif@iki.fi>
- Re: Samba or NFS
  - From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
- Re: Samba or NFS
  - From: William Hopkins <we.hopkins@gmail.com>
- Re: Samba or NFS
  - From: Axel Freyn <axel-freyn@gmx.de>
- Re: Samba or NFS
  - From: Simon Brandmair <sbrandmair@gmx.net>
- Re: Samba or NFS
  - From: Nico Kadel-Garcia <nkadel@gmail.com>

Prev by Date: Mini IP Camera with Wireless Network Video Server
Next by Date: Re: circular link schroot 1.4.19-1
Previous by thread: Re: Samba or NFS
Next by thread: Re: Samba or NFS
Index(es):
- Date
- Thread