Re: Samba vs NFS

From: Kyle Wheeler (kyle_at_memoryhole.net)
Date: 02/22/05

  • Next message: Randy Williams: "Re: Samba vs NFS"
    Date: Mon, 21 Feb 2005 23:16:16 -0500
    To: focus-linux@securityfocus.com
    
    
    

    On Thursday, February 17 at 05:42 PM, quoth Jennifer Fountain:
    > Hi all:
    > My company is looking at samba or NFS to allow our clients to access
    > shares from their Windows workstations and their linux ssh sessions.
    > From a security standpoint, which option is "more" secure? Which option
    > is more vulnerable than the other? Etc, etc ,etc. I appeciate any
    > security information about NFS or samba that you may have.

    Something you should know... NFS doesn't use passwords. NFS decided to
    skip the whole security thing. The way it works is that in the NFS
    server you specify what computers are allowed to use the server, and
    those servers have full access. Whoever the clients say they are, the
    server will trust them, including root. The idea is that it is the
    client operating system's responsibility to make sure that people are
    who they say they are. NFS trusts clients completely. Typical NFS
    installations have either very few clients, or the clients are all
    closely controlled by the administrator.

    If you're going to be allowing, say, Windows machines to access your
    file server, I STRONGLY suggest using a file sharing protocol that does
    NOT trust the clients. If Samba is your only alternative, go for Samba.
    There's also stuff like OpenAFS that you can consider.

    ~Kyle

    -- 
    Moral indignation is jealousy with a halo.
    -- H. G. Wells
    
    



  • Next message: Randy Williams: "Re: Samba vs NFS"

    Relevant Pages

    • Solved: FreeBSD as print server w/CUPS + samba + apsfilter
      ... CUPS and Samba so that local (connected to server) printers print ... as network printer amongst Windows 2k/XP clients. ... samba over Win2k network" contained what I had accomplished, ...
      (freebsd-questions)
    • Re: [opensuse] what does 127.0.1.1 mean?
      ... This is where the Samba guys have changed the bind innards. ... It has its own built in KDC and LDAP server. ... It already has its own working DNS server but ironically it only works for forward ddns at the moment. ... We can however show that the clients have an IP before doing a domain logon as they can ping the server on bot IP and fqdn (because the server is in their etc/hosts file. ...
      (SuSE)
    • Re: Filesystem monitoring question
      ... server as a directory. ... A number of SMB and NFS clients, around 30, will need to write to this ... Writing to the directory is 24/7 since some clients VPN into the network ...
      (freebsd-hackers)
    • Re: Uptime for OpenVMS
      ... client off an NFS server, ... wrong) Linux versions of NFS are, in some way, stateful and a reboot ... of the server requires a reboot of all the clients. ...
      (comp.os.vms)
    • NFS UDP fast server slow client problems
      ... Fast NFS server causing SLOW NFS reads on Tru64 clients ...
      (Tru64-UNIX-Managers)