Hi everyone !

Right now I can’t decide wich one is the most versatile and fit my personal needs, so I’m looking into your personal experience with each one of them, if you mind sharing your experience.

It’s mostly for secure shared volumes containing ebooks and media storage/files on my home network. Adding some security into the mix even tough I actually don’t need it (mostly for learning process).

More precisely how difficult is the NFS configuration with kerberos? Is it actually useful? Never used kerberos and have no idea how it works, so it’s a very much new tech on my side.

I would really apreciate some indepth personal experience and why you would considere one over another !

Thank you !

  • Spectranox
    link
    fedilink
    English
    3
    edit-2
    7 months ago

    I ran SSHFS for a while maybe half a year ago? I quite liked it cause we obviously already use SSH so setup was quick and easy, performance was good too. Then I learnt it’s no longer maintained so switched to NFS.

    NFS is good, if you aren’t accessing from Windows I would go for that. Setup is pretty simple too, just change /etc/exports and a few permissions or ownerships (after installing the package obviously) then start the systemd service.

    Can’t comment on Kerberos, but considering NFS popularity I can’t imagine it being difficult.

    • @[email protected]
      link
      fedilink
      17 months ago

      How do I set permissions up with NFS? Do I have to have the same uids and gids on both server and clients?

      • Spectranox
        link
        fedilink
        English
        1
        edit-2
        7 months ago

        In my experience, just making sure the directory you’re sharing is owned by nobody:nogroup is enough.

        sudo chown -R nobody:nogroup /path/to/nfs

        • @[email protected]
          link
          fedilink
          English
          17 months ago

          Ohh, no - you don’t want to do that. Why would you do that?

          NFS without kerberos uses the UIDs of the remote users to determine access to files on the server. It’s very insecure since the client systems can use whatever UIDs they want. It’s why NFS has a “squash root” option which blocks any remote system from using UID 0. Kerberos allows users to authenticate so that the server knows who they are on the local system rather than trusting the remote system.

          Changing ownership to “nobody” doesn’t give anyone access - it just sets the owner to the “nobody” user. You would need to “chmod” to give read/write permissions.

          • Spectranox
            link
            fedilink
            English
            17 months ago

            I’m not an expert with this stuff, I just do whatever works. This works, so I do it and when people ask me or just in general how to do it this is what I tell them. Most of the guides I’ve come across, including one from DigitalOcean, recommends doing this.

            • @[email protected]
              link
              fedilink
              English
              17 months ago

              Ah - that’s the root-squashing I was mentioning. Root is translated to “nobody” on the server. If you’re not using the root user or if you’ve set “no_root_squash” then you don’t need/want to do that.

    • @[email protected]OP
      link
      fedilink
      17 months ago

      Then I learnt it’s no longer maintained so switched to NFS.

      Ohhh wasn’t aware of that information ! Thank you.