If you're going to have any non-linux clients, samba will be an order of magnitude easier. MacOS handles nfs pretty well, but Windows just wants SMB
You don't have to choose just one though. It's perfectly ok to share a directory via Samba for Windows clients and share the same directory again with NFS for Linux clients.
macOS switched from AFS to samba for file sharing & time machine backups a while ago; it's been a while since I had first-hand experience setting up a Mac, but based on that fact I'm pretty sure samba is more straightforward to use. ... it annoyingly mangles unix file ownership, & permissions though, as mentioned above in https://lemmy.ml/comment/10204431
Windows can also use NFS, but you have to enable it in the settings.
NFS v4 with krb is probably the best option of these if Linux/macOS is all you need to support because everything just works transparently with one system-wide mount. I had it set up for a couple years until recently (had to basically completely give up on my network setup including the box the KDC was running on for unrelated reasons recently and have still yet to set it up completely again).
Kerberos is pretty straightforward to set up if you know how it works, I think the main problem is lack of documentation and pretty awful NFS error messages (you pretty much have to enable nfsd/rpc debug kernel options if you want to even begin figuring out what's going wrong when your mount doesn't work). The first time I set it up it took me a whole day to get it to actually work, and in the end a reboot of the NFS server solved the problem I had.
Look at the Arch wiki article for Kerberos, I think that's what I used mostly. Feel free to ask if you need help setting it up.
(Unfortunately IMO all of these suck in different ways though: sshfs dies if your SSH connection gets interrupted, NFS v4 (v3 is unusable imo because it doesn't have idmap so you have to make sure your user IDs match on every machine) isn't supported by Windows and mobile devices, Samba doesn't map well to Unix permissions and I can't tell what its "unix extensions" are actually supposed to do if it isn't permissions. Integrating Samba with NFS, if you want to use both, also is pretty hard because while Samba theoretically uses Kerberos, it doesn't work with a normal KDC but needs Samba AD because Microsoft (I haven't taken a look at Samba AD yet). And forget integrating Samba with anything that isn't Kerberos-based entirely because NTLM is the only other auth mechanism and it's pretty much incompatible with anything because the client only sends the password hashed with a unique mechanism. So you're going to have a pretty bad time if you want to use a single auth mechanism for everything if SMB is involved, and that's pretty much your only option if you want to access stuff on a mobile device.)
Thank you for your friendly and detailed response !!!
Look at the Arch wiki article for Kerberos, I think that’s what I used mostly. Feel free to ask if you need help setting it up.
It's always Arch wiki :D. Thank you, but I will probably stay with samba at the moment which will probably fullfil my current needs and seems more complex than I thought ! Also, it's in a multi-OS environnement (Windows, MacOS, Linux) and NFS seems to not work very well with Windows :/ If I could I would switch my whole family to Linux, but old habits die hard...
Anyway, will keep Kerberos under my radar ! I really want to learn more about it seems very interesting, especially the cybersecurity aspect !
If you don't mind... Can you tell very briefly what kerberos actually solves in a coporate environnement ? Please, give me a sneek peak of the subject that awaits me :) !!
I've got both Samba and NFS set up. I'd say Samba is the most versatile, just because more devices are bound to be compatible with it out of the box. I have an app on my phone I can use to connect to it, for example. And it obviously works with Windows machines. NFS is very simple to set up and nice and speedy. But I only use it for a couple permanent shares for specific things between Linux machines. You could always use a mix. I have a directory that's shared with both.
I've never configured Kerberos I think, might've tried once in the past. From what I understand it's a pain to set up and really more useful for enterprise environments. But could be fun to configure if you're into tinkering with that sort of thing.
Thanks !! Yeah I think I don't need enterprise grade security :) Not right now I suppose... Do you know what Kerberos actually solves in an Enterprise environnement?
Moved to Truenas Scale and decided to setup NFS shares for my Linux server. Spent a lot of time troubleshooting the fstab config and file/share permissions. Switched to CIFS/SAMBA and had it working in about 15 minutes.
Good to know samba works well with truenas. Seeing all the comments, the tendency seems to go in samba's direction !
i use nfs. always. every minute my computer is online it has a mounted directory from my server.
via nfs and wireguard.
i tried lots of things but nfs which listens on wireguard ip is the best i ever achieved.
Sshfs afaik is used for a different purpose than the others
I usually use it when I'm working on a remote machine for a long duration and want to use my local tools (so I don't have to install them on the server, and because using neovim over SSH on a crappy connection sucks)
NFS : historically insecure by default. Don't know about Kerberos making it secure but Kerberos does not look easy to configure.
sshfs : probably most easy to setup. Can be confusing with ownership and permissions sometimes.
Samba : solid but has a learning curve, even for a simple setup. For example, for a standalone Samba server omitting the Active Directory part, you need to know that in order to create a Samba user you must first have created a local user with the same username.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
sshfs : probably most easy to setup. Can be confusing with ownership and permissions sometimes.
And the worst option if you have Windows clients.
Thank you for the hint ! Yeah it's in a multiOS environement.
Thanks for the link :) I have already setup a samba share (actually I have setup all 3 on my server xD). But Didn't knew they have a whole tutorial on it :) Thanks for the resource, I think I will stay with samba :) Looks the most versatil and has also "easier" security function setup. I mean I don't think I need Kerberos in my homelab setup and SSHFS... Yeah people tend to argue it's a pain in the ass with Windows !
Thanks for the link :) I have already setup a samba share (actually I have setup all 3 on my server xD).
Nice :) With Samba you can also create guest entries without passwords for visitors while having your private files behind your own login. Here an example of guest access : https://std.rocks/gnulinux_samba_no_password.html
And apart from that Samba should be fine for access from MacOS and Windows clients unlike with the ancient NFS, which I expect to be more troublesome to connect especially on Windows, though that is a wild guess.
The nice thing about Samba is that you can find clients for everything.
NFS is a terrific pain in the ass
I prefer Forza
You'll probbly want samba then. Much easier to set up, including account security.
I personally switched from samba to nfs for my linux iso collection because the overhead was causing lag on my tv box. Books won't have this issue.
Honestly I just use SMB with Samba now it's very fast and secure with the v3 protocol, It gets more complicated if you need AD/LDAP auth but most people don't especially on a home network.
NFS is too much of a pain in the ass. I would not use sshfs unless you need to connect over the Internet and a VPN isn't an option available to you.
Other options like SFTP, DAV, emulating S3 aren't really aiming to fill the same use cases SMB does.
I ran SSHFS for a while maybe half a year ago? I quite liked it cause we obviously already use SSH so setup was quick and easy, performance was good too. Then I learnt it's no longer maintained so switched to NFS.
NFS is good, if you aren't accessing from Windows I would go for that. Setup is pretty simple too, just change /etc/exports and a few permissions or ownerships (after installing the package obviously) then start the systemd service.
Can't comment on Kerberos, but considering NFS popularity I can't imagine it being difficult.
Then I learnt it’s no longer maintained so switched to NFS.
Ohhh wasn't aware of that information ! Thank you.
How do I set permissions up with NFS? Do I have to have the same uids and gids on both server and clients?
In my experience, just making sure the directory you're sharing is owned by nobody:nogroup is enough.
sudo chown -R nobody:nogroup /path/to/nfs
That’s making it public, isn’t it?
I think so.
Ohh, no - you don't want to do that. Why would you do that?
NFS without kerberos uses the UIDs of the remote users to determine access to files on the server. It's very insecure since the client systems can use whatever UIDs they want. It's why NFS has a "squash root" option which blocks any remote system from using UID 0. Kerberos allows users to authenticate so that the server knows who they are on the local system rather than trusting the remote system.
Changing ownership to "nobody" doesn't give anyone access - it just sets the owner to the "nobody" user. You would need to "chmod" to give read/write permissions.
I'm not an expert with this stuff, I just do whatever works. This works, so I do it and when people ask me or just in general how to do it this is what I tell them. Most of the guides I've come across, including one from DigitalOcean, recommends doing this.
Ah - that's the root-squashing I was mentioning. Root is translated to "nobody" on the server. If you're not using the root user or if you've set "no_root_squash" then you don't need/want to do that.
I think that's what the kerberos is there to solve. I've heard that it isn't that bad to set up. I haven't tried and just stuck with SMB.
Yeah, I just wanted to have something mounted at boot on my Linux box from my NAS. Looks like it’s possible with SMB, I just need to figure out how to match the users on my machine with the ones on my server.
Follow-up question:
Is anybody really using NFS?
I have found SMB to be sufficient. The network folder in the file browser is really nice. I don't think NFS has that.
NFS is fantastic from a practical standpoint. You can literally specify it in your fstab to mount the network share at boot.
The best part is, there is no latency in waiting for it to mount. It only tries to fetch data once you request a resource from that mount path. Translation: If your network device is asleep, NFS will wake it up for you and fetch the resource on demand.
I love NFS
You can literally specify it in your fstab to mount the network share at boot.
Uh, the same is possible with any other file system, too.
//nas/share /mnt/whatever smb3 defaults,auto,username=bob,password=xxx 0 0NFS is fantastic from a practical standpoint.
Only if you don't care about the NAS'es file permission management and have the same uid on all your systems mounting the same shares via NFS. Not sure if it's different with other NAS implementations, but on my Synology DS415+ all files put on there via NFS get the UID from the source system. Which isn't the UID of my user on the Synology.
E.g. on my Raspberrys, my user usually is uid 1000 / gid 1000. But on my Synology, my user is uid 1026 / gid 100. So the integrated management tools (e.g. File Station) show mangled permissions as the user with uid 1000 is not known.
And the only real solution to this is to use a Kerberos server - which I think is a bit overkill in a 1 user environment. idmap doesn't really work on my NAS.
I'm so used to SMB and SSH, especially with the file manager integration. I was wondering if we have something similar with nfs.
file manager integration could be better, I agree
It would also be great if it can work with zeroconf.
I read/heard that alot of NAS server users tend to use NFS shares :/ Don't actually know why, but that's what I found out while reading server/NAS configurations on the web.
Maybe because NFS's speed compared to samba and SSHFS?
SSHFS will be incredibly slow. I would avoid it personally.
NFS will be performant and is easy to set up. This being said by default NFS is without any security.
The problem is that Kerberos is a huge pain to set up. I would avoid this unless you really need Kerberos.
If you want security NFS + WireGuard will serve you well.
Also I would consider Samba/CIFS if it is for local convenient fine access. It’s not super secure but for me it’s a good trade off.
Is it even possible to use any kind of authentication with NFS other than Kerberos?
As a workaround yes. Just do your NFS exports over WireGuard. WireGuard acts as the authentication and encryption.
In my personal experience and for my personal needs smb has worked best for me even though it feels kinda "bad" because of the windows background. However that also makes it useful, too, as it is compatible with most os'es...
Security setup is easy. Performance good (in my experience better than sshfs but i am sure sshfs transfers are more secure than smb).
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0