Re: Samba vs NFS

From: Kyle Wheeler (kyle_at_memoryhole.net)
Date: 02/22/05

  • Next message: Randy Williams: "Re: Samba vs NFS"
    Date: Mon, 21 Feb 2005 23:16:16 -0500
    To: focus-linux@securityfocus.com
    
    
    

    On Thursday, February 17 at 05:42 PM, quoth Jennifer Fountain:
    > Hi all:
    > My company is looking at samba or NFS to allow our clients to access
    > shares from their Windows workstations and their linux ssh sessions.
    > From a security standpoint, which option is "more" secure? Which option
    > is more vulnerable than the other? Etc, etc ,etc. I appeciate any
    > security information about NFS or samba that you may have.

    Something you should know... NFS doesn't use passwords. NFS decided to
    skip the whole security thing. The way it works is that in the NFS
    server you specify what computers are allowed to use the server, and
    those servers have full access. Whoever the clients say they are, the
    server will trust them, including root. The idea is that it is the
    client operating system's responsibility to make sure that people are
    who they say they are. NFS trusts clients completely. Typical NFS
    installations have either very few clients, or the clients are all
    closely controlled by the administrator.

    If you're going to be allowing, say, Windows machines to access your
    file server, I STRONGLY suggest using a file sharing protocol that does
    NOT trust the clients. If Samba is your only alternative, go for Samba.
    There's also stuff like OpenAFS that you can consider.

    ~Kyle

    -- 
    Moral indignation is jealousy with a halo.
    -- H. G. Wells
    
    



  • Next message: Randy Williams: "Re: Samba vs NFS"