Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The example situation which I know is it is dangerous to allow users to perform NFS mounts of corporate File systems from their personal laptops, however we can safely use CIFS to give these laptops access to their owners home directories. (NFS security is based on the idea that user has no root access on the client and that there are matching UIDS on the client and server , i.e not normally the case for self managed machines.)
can any one giveany other example(s) situation(s) where samba is preferred over NFS ?
This is bogus information. NFS security is NOT based on the idea that user has no root access on the client. You can set the export to specifically disallow access by root.
NFS has gone through various versions each more secure than the last. While it may be true that the very first version of NFS had very low security it isn't true of the latest one.
Personally I only use Samba/CIFS when I need to share filesystems between a UNIX/Linux system and a Windows system and that is only because it is usually faster for me to get Samba going on UNIX/Linux than it is to get NFS going on Windows.
This is bogus information. NFS security is NOT based on the idea that user has no root access on the client. You can set the export to specifically disallow access by root.
NFS has gone through various versions each more secure than the last. While it may be true that the very first version of NFS had very low security it isn't true of the latest one.
Personally I only use Samba/CIFS when I need to share file systems between a UNIX/Linux system and a Windows system and that is only because it is usually faster for me to get Samba going on UNIX/Linux than it is to get NFS going on Windows.
I don't think it is a bogus information
because this info is given in the book "Unix and Linux system administration Handbook" 4th edition by Evi nemeth et al page no: 1149
Well if you think it or not, it is not true. It is based on a variety of principles, but here given an appropriate server side configuration, the client user can root access on the client machine and it won't have any impact on the server side configuration, due to root_squash options. it's a very simple model, which is based around UID's and GID's and open to abuse in a non integrated environment, however when additional services, like central user information and authentication, then it fits in well as part of a jigsaw. It's not massively secure, no, but you are wrong in thinking that it assumes things about the clients configuration in the way you suggest.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.