From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
I use SSHFS when I want to quickly grab a file off my server at home.
It is not a permanent solution, but it is fast and SSH is almost never blocked so the network I'm coming from doesn't matter.
Also SSH is great, if I don't trust the network I'm on, I tunnel all of my traffic through my home server over a SSH connection (this worked whilst I was in China a few years ago, waiting for my connecting flight).
The nice thing about Samba is that you can find clients for everything.
NFS is a terrific pain in the ass
I prefer Forza
Sshfs afaik is used for a different purpose than the others
I usually use it when I'm working on a remote machine for a long duration and want to use my local tools (so I don't have to install them on the server, and because using neovim over SSH on a crappy connection sucks)
Wouldn't you be able to do the same with NFS?
Would you? You can sshfs into anything with ssh, thought you had to set up nfs
Yes you're right. Did not realize that's what you meant 😅
i use nfs. always. every minute my computer is online it has a mounted directory from my server.
via nfs and wireguard.
i tried lots of things but nfs which listens on wireguard ip is the best i ever achieved.
Follow-up question:
Is anybody really using NFS?
I have found SMB to be sufficient. The network folder in the file browser is really nice. I don't think NFS has that.
NFS is fantastic from a practical standpoint. You can literally specify it in your fstab to mount the network share at boot.
The best part is, there is no latency in waiting for it to mount. It only tries to fetch data once you request a resource from that mount path. Translation: If your network device is asleep, NFS will wake it up for you and fetch the resource on demand.
I love NFS
NFS is fantastic from a practical standpoint.
Only if you don't care about the NAS'es file permission management and have the same uid on all your systems mounting the same shares via NFS. Not sure if it's different with other NAS implementations, but on my Synology DS415+ all files put on there via NFS get the UID from the source system. Which isn't the UID of my user on the Synology.
E.g. on my Raspberrys, my user usually is uid 1000 / gid 1000. But on my Synology, my user is uid 1026 / gid 100. So the integrated management tools (e.g. File Station) show mangled permissions as the user with uid 1000 is not known.
And the only real solution to this is to use a Kerberos server - which I think is a bit overkill in a 1 user environment. idmap doesn't really work on my NAS.
You can literally specify it in your fstab to mount the network share at boot.
Uh, the same is possible with any other file system, too.
//nas/share /mnt/whatever smb3 defaults,auto,username=bob,password=xxx 0 0//nas/share. /mnt/smbshared cifs defaults,auto,ver=3,credentials=/some/safe/location 0 0
+2 systemd-network dontknowyet entries (still for fstab Mount options)
Another way ist working with systemd/systemctl and create .mount .automount units
Doesn't samba block synchronously until mounted?
I've never noticed any issues or long delays. My Raspberrys come up either way. Might take a bit longer if the NAS isn't accessible - but they still come up. Only without the mounted shares, of course.
As an alternative, you could do the same using systemd.
I'm so used to SMB and SSH, especially with the file manager integration. I was wondering if we have something similar with nfs.
file manager integration could be better, I agree
It would also be great if it can work with zeroconf.
Have they done anything about the lack of security? Last I checked, anyone could mount an NFS share and access it as whatever user they wanted, without authentication.
That's a feature! If you can access that share as rw, you should be able to do anything to it IMO. If it's hosted read-only, then no matter what privileges you mount it with, the data is still protected
I read/heard that alot of NAS server users tend to use NFS shares :/ Don't actually know why, but that's what I found out while reading server/NAS configurations on the web.
Maybe because NFS's speed compared to samba and SSHFS?
You'll probbly want samba then. Much easier to set up, including account security.
I personally switched from samba to nfs for my linux iso collection because the overhead was causing lag on my tv box. Books won't have this issue.
NFS v4 with krb is probably the best option of these if Linux/macOS is all you need to support because everything just works transparently with one system-wide mount. I had it set up for a couple years until recently (had to basically completely give up on my network setup including the box the KDC was running on for unrelated reasons recently and have still yet to set it up completely again).
Kerberos is pretty straightforward to set up if you know how it works, I think the main problem is lack of documentation and pretty awful NFS error messages (you pretty much have to enable nfsd/rpc debug kernel options if you want to even begin figuring out what's going wrong when your mount doesn't work). The first time I set it up it took me a whole day to get it to actually work, and in the end a reboot of the NFS server solved the problem I had.
Look at the Arch wiki article for Kerberos, I think that's what I used mostly. Feel free to ask if you need help setting it up.
(Unfortunately IMO all of these suck in different ways though: sshfs dies if your SSH connection gets interrupted, NFS v4 (v3 is unusable imo because it doesn't have idmap so you have to make sure your user IDs match on every machine) isn't supported by Windows and mobile devices, Samba doesn't map well to Unix permissions and I can't tell what its "unix extensions" are actually supposed to do if it isn't permissions. Integrating Samba with NFS, if you want to use both, also is pretty hard because while Samba theoretically uses Kerberos, it doesn't work with a normal KDC but needs Samba AD because Microsoft (I haven't taken a look at Samba AD yet). And forget integrating Samba with anything that isn't Kerberos-based entirely because NTLM is the only other auth mechanism and it's pretty much incompatible with anything because the client only sends the password hashed with a unique mechanism. So you're going to have a pretty bad time if you want to use a single auth mechanism for everything if SMB is involved, and that's pretty much your only option if you want to access stuff on a mobile device.)
Thank you for your friendly and detailed response !!!
Look at the Arch wiki article for Kerberos, I think that’s what I used mostly. Feel free to ask if you need help setting it up.
It's always Arch wiki :D. Thank you, but I will probably stay with samba at the moment which will probably fullfil my current needs and seems more complex than I thought ! Also, it's in a multi-OS environnement (Windows, MacOS, Linux) and NFS seems to not work very well with Windows :/ If I could I would switch my whole family to Linux, but old habits die hard...
Anyway, will keep Kerberos under my radar ! I really want to learn more about it seems very interesting, especially the cybersecurity aspect !
If you don't mind... Can you tell very briefly what kerberos actually solves in a coporate environnement ? Please, give me a sneek peak of the subject that awaits me :) !!
Thank you, but I will probably stay with samba at the moment which will probably fullfil my current needs and seems more complex than I thought !
Then, take a look at ksmbd which is basically a mini SMB implementation in the kernel. I haven't used it yet, but apparently it's more performant and easier to set up.
If you don’t mind… Can you tell very briefly what kerberos actually solves in a coporate environnement ? Please, give me a sneek peak of the subject that awaits me :) !!
It provides single sign-on capability. As I already said Active Directory is built on Kerberos for authentication, but it's used similarly on Linux, logging in to Kerberos gives you a TGT (ticket-granting ticket) which essentially allows you to also authenticate to other services like NFS, SSH (in which case it can forward your ticket to the machine you log on to), stuff like IMAP, even websites (though as far as I've seen you need to do some stupid per-domain manual setup for at least Firefox) without having to enter your password again, at least, until the ticket expires, or storing it anywhere. There's much more that supports it but I've only used it for NFS and I've experimented with using it for SSH auth, and only for personal use, so I can't tell you what exactly.
It's worth noting that it's purely for authentication and not authorization, so if you want central permission management, something else will have to do that, such as LDAP which is also what AD uses.
Honestly I just use SMB with Samba now it's very fast and secure with the v3 protocol, It gets more complicated if you need AD/LDAP auth but most people don't especially on a home network.
NFS is too much of a pain in the ass. I would not use sshfs unless you need to connect over the Internet and a VPN isn't an option available to you.
Other options like SFTP, DAV, emulating S3 aren't really aiming to fill the same use cases SMB does.