Recently, I asked for opinions on desktop Linux. Thanks very much to those that replied. I’ve set up an old laptop as an experiment. I’m using Debian, Gnome, and Systemimager. It’s been an interesting project (especially getting SystemImager and a splash screen program to do what I want).
I’d like for my desktop machines to mount /home over the network. I could use NFS, but of course that has all the well-known security risks. Is there a better network filesystem that is easy to use, fast, and more secure than NFS?
OpenGFS is a fine NFS for systems where you have a shared block-level device to use and you have trusted filesystem clients.
In situations where you have untrusted filesystem clients, I have not found a useful NFS. AndrewFS is OK as long as you don’t immediately vomit when looking at it. If I had to plump for an optionn in this situation, I would probably go with CIFS/SMB.
Honestly, I’d go for Samba too. Alternatively, you could try fuse and sshfs; trivial setup, but it’s a bit quirky (e.g. has some problems with atomic rename).
More critically, OpenSSH implements an old version of SFTP that doesn’t support link(2).
I’d go for CIFS as well – the combination of Samba and cifsfs has better POSIX compliancy than, for example, NFS.
CIFS supports strong authentication. Kerberos support is on its way.
Disclaimer: I may be a little bit biased :-)
Thanks for all the posts.
One main problem with CIFS appears to be actually authenticating to the server. Since it doesn’t support any sort of single-sign-on system yet, users would have to provide their password a second time in order to get access to the server side. Not only that, but I’d have to write something to automatically handle this mounting and then later unmounting activity. It doesn’t sound too appealing from a user’s perspective.
I’ve been told that Kerberised NFS supports encryption.
NFS generally works better in Linux systems than CIFS so kernerised NFS might do the job for you if you are willing to implement a centralised authentication server.
I would recommend nfsv4. Its nfs, but updated. It lets you use kerberos or local authentication. It really should be the networked filesystem of choice for linux.
AFS is pretty cool. Nice ACL support, Kerberos authentication, secure and the server has some very nice features, such as buildin backup tool, load balancing and much more. The Arla implementation isn’t that good, but OpenAFS is rock solid.
There’s also the Coda project (http://www.coda.cs.cmu.edu/), which I looked at some years ago. I have no idea how they’re doing these days.
NFSv4 is really a new filesystem & can do proper authorisation & encryption. An alternative is to set up an ipsec VPN and only export your filesystems over that…
Yes, NFSv4 is really looking like what we’re after. It has regular Unix semantics much more than AFS or Coda, which has caused me some concern about those projects. I will look into it.
When will CIFS support Kerberos?