[nmglug] NFS vs. something else?

Karl Hegbloom karlheg at laclinux.com
Wed Jan 26 22:00:24 PST 2005 

Jason Davis wrote:
> 
> I have not used much other than nfs. What do you need for your
> application? This will help define *better*. At the risk of offending
> people I will suggest SMB .... It has file locking , its pretty quick
> and is tcp based , also , it works on most any type of box.
> (linux,mac,bsd,etc).

What I don't like about SMB is that it does not support Posix file 
ownership and permission semantics.  And, when Samba is not set up 
right, and files must be shared between Unix and Windows users, Samba 
will set the x bit to map Windows file attribute bits to Posix ones.

It would be cool if Samba could extend SMB in some way to support Posix 
semantics, and use file attributes (man attr) to hold the Windows bits, 
hopefully making sharing a file possible.  I wonder if CIFS does this?

One of the problems with NFS v3 is that it performs no authentication or 
session management.  Access control is IP or host based, rather than 
user, group, or role based.

The more obvious problem is that if you don't keep the UID's and GID's 
in sync between all of your computers, NFS does not easily map one 
computer's idea of UID 1000 to the other computer's idea of UID 1000. 
For this, you need NIS or LDAP.

Once you have that UID and GID mapping, Posix ownership and permissions 
can be enforced, provided only root can actually mount a file system 
exported by another host.  Controlling this is then a job that must be 
co-ordinated between the two hosts.

With SMB, there's a similar problem, where the user or group name on one 
host may differ from that on another.  But it's a little different, 
since the ability to mount the share is controlled by user and password 
or group and password, not by what host you mount from.

You still need a central directory server, to have consistent user and 
group names with a single password.  I gather that one of the best 
solutions to this involves LDAP (directory) and Kerberos 
(authentication, auth token), then authorization is handled by the file 
server software itself, based on that token and perhaps on information 
held in the directory server.

I believe that NFS v4 is going to solve some of these problems.  I've 
read a little about AFS, and it sounds very good.  I tried to use SFS, 
but could not get it to work that day, and gave up on it.

The book entitled "NFS Illustrated", by Callaghan, is very good reading, 
if you like technical books with decent detail on actual internals.

More information about the nmglug mailing list