LinuxQuestions.org - SMB vs NFS - why no password needed for NFS?

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - SMB vs NFS - why no password needed for NFS? (https://www.linuxquestions.org/questions/linux-newbie-8/smb-vs-nfs-why-no-password-needed-for-nfs-4175670707/)

SMB vs NFS - why no password needed for NFS?

This is not a problem as such - it is more my trying to build up my knowledge of how Linux works.

I have a Server that shares a folder via both SMB and NFS.

I can access the folder, via SMB, on either a Linux or Windows PC and need to give a password first.

However, on the Linux PC only, I can mount the folder, via NFS, and it just seems to work.

I have tried to Google why and it seems the difference is that SMB is password-based. However, in contrast, it seems that NFS is host-based and thus no password is needed on the client side.

I would be really grateful if someone could explain what "host-based" means in this situation?

Access on the server is controlled by /etc/exports, where you can limit the hosts that have the right to mount a file system. Thus host-based.

Thank you, berndbausch - this makes much more sense now.

I tend to do things, on my server, without understanding exactly why - something I am trying to remedy at the moment.

So, on the server, there will be options for the NFS mount that dictate the range of ip addresses that are allowed to mount the folder?

Yes. Try man exports.

If you do need to limit access to files on the NFS share, then you need to change the permissions of the file's owner to a different user ID.
Usually this is done when using NFS with NIS. NIS is like an old UNIX version of Active Directory before MS copied it and made AD. Each user would have a different user ID and thus only be ably to access the directory they owned on the NFS server.

Quote:

Originally Posted by uteck (Post 6097042)

OK - let me see if I understand this, with a real-life example.

I am running an Openmediavault Server, with an NFS share called "Media" - any ip address, on my network, is allowed to mount this folder.

My Linux Desktop is set up in the name of "john", so I assume that if I mount this folder and create a new file, it will be set up with an owner of "john".

Does that mean that if I change permissions, on that file, to chmod 755, only someone using my Linux PC (signed in as "john") can then modify the file?

I should have clarified that the file permissions need to be set on the NFS server, not by any system that connects to it, for proper control. Try creating a file on the share as root from your desktop and it should complain.
The NFS server will consult it's /etc/passwd, or the NIS server, for the user ID and allow or deny access to the file or directory accordingly. So in your example, anyone that connects to the share will be able to see the file you made, and if the user ID matches then make changes. The file is not owned by 'john' but by a user ID that also has a name.

The downside to NFS shares now days is that the first user ID on a new Linux system is usually 1000, so any Linux system running with a user with that ID will get access to all the files owned by that ID if it is allowed to connect to the NFS share. Back in the old UNIX days it was not an issue since there was only the one server on site that users had access rights to, and security was not something to worry about.