LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   why samba is preferred over NFS ? (http://www.linuxquestions.org/questions/linux-security-4/why-samba-is-preferred-over-nfs-834934/)

sulekha 09-28-2010 08:29 AM

why samba is preferred over NFS ?
 
Hi all,

The example situation which I know is it is dangerous to allow users to perform NFS mounts of corporate File systems from their personal laptops, however we can safely use CIFS to give these laptops access to their owners home directories. (NFS security is based on the idea that user has no root access on the client and that there are matching UIDS on the client and server , i.e not normally the case for self managed machines.)


can any one giveany other example(s) situation(s) where samba is preferred over NFS ?

MensaWater 09-28-2010 10:47 AM

This is bogus information. NFS security is NOT based on the idea that user has no root access on the client. You can set the export to specifically disallow access by root.

NFS has gone through various versions each more secure than the last. While it may be true that the very first version of NFS had very low security it isn't true of the latest one.

Personally I only use Samba/CIFS when I need to share filesystems between a UNIX/Linux system and a Windows system and that is only because it is usually faster for me to get Samba going on UNIX/Linux than it is to get NFS going on Windows.

HasC 09-28-2010 11:49 AM

I think the simplest answer is: "because Windows uses SMB/CIFS". And the other OSes must cope with that.

sulekha 09-29-2010 12:23 AM

Quote:

Originally Posted by MensaWater (Post 4111483)
This is bogus information. NFS security is NOT based on the idea that user has no root access on the client. You can set the export to specifically disallow access by root.

NFS has gone through various versions each more secure than the last. While it may be true that the very first version of NFS had very low security it isn't true of the latest one.

Personally I only use Samba/CIFS when I need to share file systems between a UNIX/Linux system and a Windows system and that is only because it is usually faster for me to get Samba going on UNIX/Linux than it is to get NFS going on Windows.

I don't think it is a bogus information

because this info is given in the book "Unix and Linux system administration Handbook" 4th edition by Evi nemeth et al page no: 1149

acid_kewpie 09-29-2010 04:38 AM

Well if you think it or not, it is not true. It is based on a variety of principles, but here given an appropriate server side configuration, the client user can root access on the client machine and it won't have any impact on the server side configuration, due to root_squash options. it's a very simple model, which is based around UID's and GID's and open to abuse in a non integrated environment, however when additional services, like central user information and authentication, then it fits in well as part of a jigsaw. It's not massively secure, no, but you are wrong in thinking that it assumes things about the clients configuration in the way you suggest.


All times are GMT -5. The time now is 02:46 PM.