NFS vs. CIFS questions

Discussion about using NAS on Linux and Unix OS.

NFS vs. CIFS questions

Postby indiscipline » Tue Sep 30, 2008 11:31 am

I recently bought a TS-109 Pro II to act as a fileserver for our home network. I chose the Pro to get NFS out of the box, thinking that would be the best option for using it with Linux. (I know enough about Linux that I figured I could probably install NFS on a non-Pro box, but I didn't think the difference in price was worth the time to figure it out, and I was hoping for a plug-and-play solution to save me the time of setting up my own server.)

Unfortunately, I didn't fully understand how NFS worked until I started playing with the box. I was expecting something more like scp or AppleShare, where local and remote users are completely independent. I think I have a better handle on things now, but I would like to pick the brains of those with more experience to see if I'm on the right track now. I apologize for the length, but if can trudge through and throw in your two cents, I'd appreciate it.

It seems that the main problem (for me) with using NFS is that user and group IDs must be the same on all the systems and on the NAS for things to work as expected (or at all, really, IME). If I understand it correctly now, it really seems to be intended more for the case where a single sysadmin controls all the computers and the servers and can set up the IDs as required. Yes, I could do that too, and yes, it's not that much work, but I can't prevent any one of the users in the house (assume there are some who are a bit Linux-savvy) from creating an account with the same ID as mine and accessing all my files, I don't think. And it might be someone from outside, if they crack into my wireless network.

I know there are further security measures I could use, like allowing access to shares from only certain IP address, but that's just more work (giving static addresses to all the computers), and it still doesn't prevent someone from using my IP if my computer is off. To me, NFS just doesn't seem like a good fit for the case where you have a bunch of single-user computers, whose owners are root users as well, coming and going from your network. Is that a fair assessment?

So I turned to CIFS/Samba next. At first, this was looking pretty messy too: when I mounted the share locally, files I copied to it would have my local UID (say 1000 -- this is standard Ubuntu box), but directories would get my remote UID (500), and then I couldn't write to them! And I just didn't like seeing the UID mismatches. Now, I looked into this some more and found some suggestions, and it looked like turning off Unix Extensions ("unix extensions = no" in the smb.conf file on the QNAP) might be the answer. But no, don't do that! All the IDs come up as 0 and you can't set file permissions properly. It was ugly!

However, it seems that setting the uid and gid mount options does just what I wanted, despite the documentation saying that they ignored if the unix extensions are enabled on the server. Locally, all the files on the mounted volume appear to be owned by my local user, but on the QNAP's drive, they get the UID/GID of the remote user. This is my mount command:

Code: Select all
sudo mount -t cifs //qnap/myvol -o credentials=~/.qnap-credentials,uid=1000,gid=1000

This works!

Now there may still be something lurking to catch me up, as I haven't played with this setup much yet. I would like to make this a little better integrated with the system, for starters. But I thought I'd try to get a little feedback before I find myself too far down the wrong path. Is what I'm doing making sense? And should it have been this hard?
indiscipline
New here
 
Posts: 3
Joined: Thu Sep 25, 2008 10:12 am
NAS Model: TS-109/209 Pro

Re: NFS vs. CIFS questions

Postby thunderace1k » Tue Sep 30, 2008 1:09 pm

indiscipline wrote:It seems that the main problem (for me) with using NFS is that user and group IDs must be the same on all the systems and on the NAS for things to work as expected (or at all, really, IME). If I understand it correctly now, it really seems to be intended more for the case where a single sysadmin controls all the computers and the servers and can set up the IDs as required. Yes, I could do that too, and yes, it's not that much work, but I can't prevent any one of the users in the house (assume there are some who are a bit Linux-savvy) from creating an account with the same ID as mine and accessing all my files, I don't think. And it might be someone from outside, if they crack into my wireless network.


Well, the password also is required if they want to access your files...
thunderace1k
Know my way around
 
Posts: 135
Joined: Thu May 22, 2008 11:55 pm
Location: Belgium
NAS Model: TS-809 Pro

Re: NFS vs. CIFS questions

Postby indiscipline » Tue Sep 30, 2008 9:28 pm

thunderace1k wrote:Well, the password also is required if they want to access your files...

Which password is that? I don't think I needed a password (other than the root password on my own computer) to mount any of the NFS volumes from the QNAP, even ones that were private user shares. If my local user id was the same as on the server, I would be prevented from accessing other people's files, but it only goes by uid, not username and password. Have I missed something in the QNAP of NFS configuration?
indiscipline
New here
 
Posts: 3
Joined: Thu Sep 25, 2008 10:12 am
NAS Model: TS-109/209 Pro

Re: NFS vs. CIFS questions

Postby indiscipline » Tue Sep 30, 2008 9:37 pm

indiscipline wrote:This works!

Now there may still be something lurking to catch me up ...


One thing I've discovered about my CIFS setup is that the remote files are all getting the execute flag enabled (for the owner) and write permission for all! My umask was 077. Close, but I guess I have some more digging to do. Any suggestions?
indiscipline
New here
 
Posts: 3
Joined: Thu Sep 25, 2008 10:12 am
NAS Model: TS-109/209 Pro


Return to Linux & Unix (NFS)

Who is online

Users browsing this forum: No registered users and 2 guests