On Tue, May 17, 2005 11:25 am, Jim Cheetham said:Samba working with Unix Extensions on is currently 'the right thing' -how is that better than nfs?
I'm asking from an 'nfs was written to share stuff between like boxes',
and 'smb was written to publish resources on windows based systems because
the native NT servers were too flakey to do it at the time' perspective.
Point of historical order - SMB was originally IBM product called "LAN Manager". It was out before Windows 3.11 :-) when you still purchased your TCP/IP software separately (perhaps in the green folder with 11 floppy disks, from Wollongong, IIRC :-) Samba's Unix Extensions have only rendered unix-to-unix service practical since v3 and kernel 2.6.
So to answer 1 - 'I expected the answer nfs but someone who does it for a
living has offered an alternative, so I would be interested in their
perspective', and 2 - "Yes, please, as I've never done it before!"
Rule 1 - Neither NFS nor Samba should be exposed to the Internet ;-)
NFS (iirc of course) requires to be hooked into the kernel, and needs the portmap service to be running - Samba needs no unusual kernel resources, and runs only dedicated single-purpose daemons. (Why is portmap bad? Because it's a general-purpose program that therefore has more potential security issues. Why is the kernel requirement bad? It isn't, if your distro takes care of the details for you, and the code never crashes (it doesn't)). Note that Samba client filesystems *are* kernel modules - but you don't have to use them if you don't want to.
NFS is intended to be used only in a unix environment (should that be "POSIX"?) - unification of user accounts between machines is expected. Samba is cross-platform, and provides extremely flexible mapping options between the client and server - things that are *essential* when dealing with windows, and only occasionally useful when dealing unix-to-unix.
NFS, like sendmail, has historically had huge numbers of security failures (where 'security' includes data integrity). Currently, it's fine. Samba hasn't (whereas Microsoft's implementations of SMB has.)
Let's look at Mitre's CVE (Common Vulnerabilities and Exposures) database for 1999 to date :-
Samba: 38
NFS: 39
Basically, they're all pretty much equivalent :-)
So, if you're used to NFS, there's no reason to change. If you need to implement Samba (i.e. to talk to windows machines), you shouldn't bother maintaining NFS as well.
If you haven't experienced Samba's Unix Extensions, have a read of a year-old Linux Mag article :- http://www.linux-mag.com/content/view/1645/2188/
-jim
