Experiences and Thoughts on SHFS? 43
eugene ts wong asks: "I was looking over SHFS, & I thought that this seems like a very good software package. If I understand it correctly, then it should be the defacto way to mount shares across a network. I never heard of it till today, though. What do all of you think of this? What kinds of experiences do you have? I am interested in hearing some of your stories. I heard that NFS isn't secure. How do they both compare? Would you recommend SHFS for small, medium & large businesses?"
SSN Tried and true secure network (Score:2, Funny)
Two feet
Write Only Floppy Disk.
Re:SSN Tried and true secure network (Score:2, Funny)
t
Re:SSN Tried and true secure network (Score:2)
P = 1/T
who told you NFS is not secure ? (Score:5, Interesting)
it all comes down to trust...
do you trust the network your pluged into ?
how about the people who are selling that VPN ?
I surgest that you have a look at IPSec
it works on winXP linux solaris BSD's and then find a Networked File System that is high performance
regards
John Jones
Re:who told you NFS is not secure ? (Score:1)
I'd like to thank everybody for their responses. I really appreciate hearing the bad stuff. There's really no need to learn everything the hard way!
I just recently found it myself (Score:5, Interesting)
It has worked out really nice and I now don't have to do the scp or SFTP dance all of the time to edit files on a remote box.
One thing I came across though during "make install" under 2.6 is that the
tried it (Score:5, Informative)
same here (Score:3, Interesting)
Re:same here (Score:2)
Re:same here (Score:2)
Re:tried it (Score:2)
umount -fl
3 week experience. (Score:5, Informative)
Pros:
(i) mounting remote filesystems over ssh is great, as you don't have to worry about opening up new ports.
(ii) read-only performance is good (I haven't had any problems).
Cons:
(i) definitely *buggy* (do not even think of using this for mounting partitions w/ critical data). For e.g., I mounted it read-only and by mistake opened a file with vim. When I tried to !wq, vim refused to write (obviously!), and I just escaped with a q!. Much to my chagrin, the file was gone--- I later figured that this was not a random bug; it was repeatable.
(ii) write performance (across a 1Mbps DSL conn.) *sucks*!
Re:3 week experience. (Score:3, Interesting)
Re:3 week experience. (Score:2, Interesting)
LUFS (Score:5, Interesting)
Re:LUFS (Score:4, Informative)
Easy install, easy to use. Good stuff.
Re:LUFS (Score:2, Insightful)
Just a small tip
dates (Score:3, Informative)
Re:dates (Score:2)
Tried it and now using FISH (Score:5, Informative)
Re:Tried it and now using FISH (Score:3, Interesting)
shfs: fine for casual use (Score:3, Interesting)
despite being quite excited about the possibilities, i'd never run this in a production environment. alot of people run down nfs for being insecure and sucky on any number of levels. i have to say, we had a very active messaging system behind a very high profile website [sprintpcs.com] use nfs for two years due to a combination of stupid developers and vendor going out of business. it NEVER broke. and we were churning 100's of thousands of files over nfs per day.
eventually i had to stop bringing it up in meetings cause it never broke. of course YMMV, mine sure did.
...or you can try sfs (Score:5, Interesting)
Recommendations (Score:2, Informative)
The place where I work is a UNIX shop, we use NFS all the time, because it operates reliably between various UNIX flavours. Every vendor has a robust implementation. We shar
Try NFSv4, or you could tunnel samba over ssh (Score:3, Informative)
w/r/t NFS security, NFSv4 should solve most if not
all of the problems. Fundamentally two things always bothered me about NFS security.
RPC - NFS makes heavy use of sun-style RPC, requiring you to use the RPC libraries and the portmapper. This stuff has a bad reputation for security problems, eg, buffer overflows, and there is a lot of it, and it runs on random ports so it's difficult to filter/firewall/tunnel it.
no user credentials - NFS through V3 doesn't provide any user credentials - root on the client has access to all users' files on the mounted filesystem. There's no server-enforced security.
NFSv4 [umich.edu] fixes the RPC/multiple ports problem.
I don't know about the user credential problem but i bet it fixes that too.
On to the quick-and-dirty:
In the past, I've set up a samba server and used the linux smbfs client to access it, and tunneled the whole business over SSH. It worked reliably, to the limited extent that i tested it (YMMV).
I don't really remember how well it performed - it was more of a proof-of-concept for me.
NFS multiple ports in V3 (Score:3, Informative)
In your init:
And in
options lockd nlm_udpport=4001 nlm_tcpport=4001
For the above, be sure to run update-modules after in deb. Then afterwards, allow "RPCMOUNTDPORT, LISTEN_PORT, and udp/tcp ports 4001 (or whichever you choose) through the firewall.
Re:NFS multiple ports in V3 (Score:1)
Re:NFS multiple ports in V3 (Score:2)
Re:Try NFSv4, or you could tunnel samba over ssh (Score:1)
Re:Try NFSv4, or you could tunnel samba over ssh (Score:1)
One thing I remember about this that I forgot to mention is that smbfs didn't properly display unix file modes across the connection. Wasn't surprising when i thought about it, presumably no way in this windows-centric protocol to pass that info. I didn't investigate whether NT acls were somehow emulated, etc.
Re:Try NFSv4, or you could tunnel samba over ssh (Score:1)
I think that I know what you mean.
I like using 1 "thing" to do as much as possible. So, when I found out that our customers could give us some data through ssh, I implemented it right away. I'm not sure if that's the best method, but I like the idea that we are supposed to be using ssh anyways, so we may as well use it as much
Highly recommend shfs (Score:1, Interesting)
Would highly recommend it.
For reading, yes - for writing, no (Score:1)