Re: Samba or NFS

To: Dan <ganchya@gmail.com>
Cc: Nico Kadel-Garcia <nkadel@gmail.com>, Simon Brandmair <sbrandmair@gmx.net>, debian-user@lists.debian.org
Subject: Re: Samba or NFS
From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
Date: Mon, 06 Jun 2011 15:32:28 -0400
Message-id: <[🔎] 1307388748.6630.36.camel@denise.theartistscloset.com>
In-reply-to: <[🔎] BANLkTi=wi6WNaxAwuWGzsvWP6BqxgiD_4w@mail.gmail.com>
References: <[🔎] 4DE90497.4020901@iki.fi> <[🔎] 46b5dae0-f0a4-45bd-b0b2-d20c6f59eefb@jaseee> <[🔎] 20110603171735.GK12868@slimer> <[🔎] 20110603174153.GR19127@axel> <[🔎] isfiqp$hsn$1@news.albasani.net> <[🔎] BANLkTimiGeuBaQf-L09PcED7k72ThQWHCA@mail.gmail.com> <[🔎] BANLkTi=wi6WNaxAwuWGzsvWP6BqxgiD_4w@mail.gmail.com>

On Mon, 2011-06-06 at 14:51 -0400, Dan wrote:
> On Sun, Jun 5, 2011 at 9:30 PM, Nico Kadel-Garcia <nkadel@gmail.com> wrote:
> > On Sun, Jun 5, 2011 at 5:38 AM, Simon Brandmair <sbrandmair@gmx.net> wrote:
> >> Hi,
> >>
> >> On 3/6/2011 19:50 Axel Freyn wrote:
> >> [...]
> >>> For NFSv4 this has changed. You can use NFSv4 in different modes. The
> >>> easy one has the same problem.
> >
> > NFSv4 is a giant pain in the keister, not worth the headaches. The
> > NFSv4 access published from an actual Linux or other NFSv4 capable
> > service can be published, it can be passed along via Samba to CIFS
> > clients, but the CIFS clients cannot *see* or manipulate the NFSv4
> > permissions due to incompatibilities between thee two ownership
> > models, and due to the Samba code for this being "spaghetti code".
> > (http://samba.2283325.n4.nabble.com/viewing-if-not-editing-NFSv4-ACL-s-from-Samba-shares-td2417666.html).
> >
> > Overall, NFSv4 has proven itself destabilizing and useless in small
> > and large environments. It takes a significant investment in complex
> > infrastructure, and the security benefits have proven to be illusory
> > in the face of clients who *insist* on making their home directories
> > publicly accessible, clients who use password free SSH keys, or
> > clients who store passwords in source controlled software with no
> > access control. (I've run into all of these in environments that spent
> > useless years pursuing the "security" of NFSv4 and ignoring gaping
> > holes in infrastructure security.)
> 
> Yes, I read the documentation for Kerberos and it seems to be too
> complicated. I think that it is an overkill to connect to computers.
> In my case the LAN is the whole University and it is very easy to
> spoof an IP, I checked that. So NFSv3 might not be such a good idea.
> 
> How about NFSv3 over a ssh tunnel? That should be easy to implement. I
> compared the transfer of a file of 700Mb between scp (encrypted) and
> samba not encrypted, and the result is:
> -scp: 38 seconds, and 25% of overhead in one of the 4 cores of the computer
> -samba: 18 seconds and no overhead
> 
> So in my case I think it can be acceptable to do a ssh tunnel as most
> of the times most of the cores of the computer are not used and there
> is not a big traffic of data. Are there other disadvantages of using a
> ssh tunnel?
<snip>
Hmm . . . if you are going to go that route, how about sshfs? Again, I
don't know a great deal about it but that is how we transfer files
securely in the X2Go remote desktop project (www.x2go.org) - John

Reply to:

Follow-Ups:
- Re: Samba or NFS
  - From: Dan <ganchya@gmail.com>

References:
- Re: Samba or NFS
  - From: Jari Fredriksson <jarif@iki.fi>
- Re: Samba or NFS
  - From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
- Re: Samba or NFS
  - From: William Hopkins <we.hopkins@gmail.com>
- Re: Samba or NFS
  - From: Axel Freyn <axel-freyn@gmx.de>
- Re: Samba or NFS
  - From: Simon Brandmair <sbrandmair@gmx.net>
- Re: Samba or NFS
  - From: Nico Kadel-Garcia <nkadel@gmail.com>
- Re: Samba or NFS
  - From: Dan <ganchya@gmail.com>

Prev by Date: Re (3): Capability of Iceweasel to open a local file.
Next by Date: Re: Re (3): Capability of Iceweasel to open a local file.
Previous by thread: Re: Samba or NFS
Next by thread: Re: Samba or NFS
Index(es):
- Date
- Thread