Hi everyone !
Right now I can’t decide wich one is the most versatile and fit my personal needs, so I’m looking into your personal experience with each one of them, if you mind sharing your experience.
It’s mostly for secure shared volumes containing ebooks and media storage/files on my home network. Adding some security into the mix even tough I actually don’t need it (mostly for learning process).
More precisely how difficult is the NFS configuration with kerberos? Is it actually useful? Never used kerberos and have no idea how it works, so it’s a very much new tech on my side.
I would really apreciate some indepth personal experience and why you would considere one over another !
Thank you !
Honestly I just use SMB with Samba now it’s very fast and secure with the v3 protocol, It gets more complicated if you need AD/LDAP auth but most people don’t especially on a home network.
NFS is too much of a pain in the ass. I would not use sshfs unless you need to connect over the Internet and a VPN isn’t an option for that.
Other options like SFTP, DAV, emulating S3 aren’t really aiming to fill the same use cases SMB does.
If you’re going to have any non-linux clients, samba will be an order of magnitude easier. MacOS handles nfs pretty well, but Windows just wants SMB
Yeah, multi-OS environemment… Thanks for your comment :)
macOS switched from AFS to samba for file sharing & time machine backups a while ago; it’s been a while since I had first-hand experience setting up a Mac, but based on that fact I’m pretty sure samba is more straightforward to use. … it annoyingly mangles unix file ownership, & permissions though, as mentioned above in https://lemmy.ml/comment/10204431
You don’t have to choose just one though. It’s perfectly ok to share a directory via Samba for Windows clients and share the same directory again with NFS for Linux clients.
-
NFS : historically insecure by default. Don’t know about Kerberos making it secure but Kerberos does not look easy to configure.
-
sshfs : probably most easy to setup. Can be confusing with ownership and permissions sometimes.
-
Samba : solid but has a learning curve, even for a simple setup. For example, for a standalone Samba server omitting the Active Directory part, you need to know that in order to create a Samba user you must first have created a local user with the same username.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
sshfs : probably most easy to setup. Can be confusing with ownership and permissions sometimes.
And the worst option if you have Windows clients.
Thank you for the hint ! Yeah it’s in a multiOS environement.
Thanks for the link :) I have already setup a samba share (actually I have setup all 3 on my server xD). But Didn’t knew they have a whole tutorial on it :) Thanks for the resource, I think I will stay with samba :) Looks the most versatil and has also “easier” security function setup. I mean I don’t think I need Kerberos in my homelab setup and SSHFS… Yeah people tend to argue it’s a pain in the ass with Windows !
Thanks for the link :) I have already setup a samba share (actually I have setup all 3 on my server xD).
Nice :) With Samba you can also create guest entries without passwords for visitors while having your private files behind your own login. Here an example of guest access : https://std.rocks/gnulinux_samba_no_password.html
And apart from that Samba should be fine for access from MacOS and Windows clients unlike with the ancient NFS, which I expect to be more troublesome to connect especially on Windows, though that is a wild guess.
-
SSHFS will be incredibly slow. I would avoid it personally.
NFS will be performant and is easy to set up. This being said by default NFS is without any security.
The problem is that Kerberos is a huge pain to set up. I would avoid this unless you really need Kerberos.
If you want security NFS + WireGuard will serve you well.
Also I would consider Samba/CIFS if it is for local convenient fine access. It’s not super secure but for me it’s a good trade off.
Is it even possible to use any kind of authentication with NFS other than Kerberos?
As a workaround yes. Just do your NFS exports over WireGuard. WireGuard acts as the authentication and encryption.
