61
submitted 7 months ago by N0x0n@lemmy.ml to c/linux@lemmy.ml

Hi everyone !

Right now I can't decide wich one is the most versatile and fit my personal needs, so I'm looking into your personal experience with each one of them, if you mind sharing your experience.

It's mostly for secure shared volumes containing ebooks and media storage/files on my home network. Adding some security into the mix even tough I actually don't need it (mostly for learning process).

More precisely how difficult is the NFS configuration with kerberos? Is it actually useful? Never used kerberos and have no idea how it works, so it's a very much new tech on my side.

I would really apreciate some indepth personal experience and why you would considere one over another !

Thank you !

you are viewing a single comment's thread
view the rest of the comments
[-] acockworkorange@mander.xyz 1 points 7 months ago

How do I set permissions up with NFS? Do I have to have the same uids and gids on both server and clients?

[-] atzanteol@sh.itjust.works 2 points 7 months ago

Yes, if you're not using Kerberos for authentication.

[-] UmbraTemporis@lemmy.dbzer0.com 1 points 7 months ago* (last edited 7 months ago)

In my experience, just making sure the directory you're sharing is owned by nobody:nogroup is enough.

sudo chown -R nobody:nogroup /path/to/nfs

[-] acockworkorange@mander.xyz 1 points 7 months ago

That’s making it public, isn’t it?

[-] atzanteol@sh.itjust.works 1 points 7 months ago

Ohh, no - you don't want to do that. Why would you do that?

NFS without kerberos uses the UIDs of the remote users to determine access to files on the server. It's very insecure since the client systems can use whatever UIDs they want. It's why NFS has a "squash root" option which blocks any remote system from using UID 0. Kerberos allows users to authenticate so that the server knows who they are on the local system rather than trusting the remote system.

Changing ownership to "nobody" doesn't give anyone access - it just sets the owner to the "nobody" user. You would need to "chmod" to give read/write permissions.

[-] UmbraTemporis@lemmy.dbzer0.com 1 points 7 months ago

I'm not an expert with this stuff, I just do whatever works. This works, so I do it and when people ask me or just in general how to do it this is what I tell them. Most of the guides I've come across, including one from DigitalOcean, recommends doing this.

[-] atzanteol@sh.itjust.works 1 points 7 months ago

Ah - that's the root-squashing I was mentioning. Root is translated to "nobody" on the server. If you're not using the root user or if you've set "no_root_squash" then you don't need/want to do that.

[-] giloronfoo@beehaw.org 1 points 7 months ago

I think that's what the kerberos is there to solve. I've heard that it isn't that bad to set up. I haven't tried and just stuck with SMB.

[-] acockworkorange@mander.xyz 1 points 7 months ago

Yeah, I just wanted to have something mounted at boot on my Linux box from my NAS. Looks like it’s possible with SMB, I just need to figure out how to match the users on my machine with the ones on my server.

this post was submitted on 12 Apr 2024
61 points (95.5% liked)

Linux

48236 readers
512 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS