this post was submitted on 22 Jul 2024
24 points (92.9% liked)

Linux

48404 readers
1071 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Title.

The situation is basically this:

  • NFS works, it's very fast, keeps the xattrs but if used without Kerberos it's not secure. If used with Kerberos it works, but has a ticket that expires and forces me to reenter the credentials frequently in order to use it. If there was a way to use NFS with Kerberos and save the credentials NFS would be the perfect solution.

  • Samba works fine too, also keeps the xattrs but I had some troubles with filenames (mainly with some special characters, emoji, etc). Besides, as both my server and my clients run Linux I prefer to avoid it if I have the choice.

  • sshfs would be the natural choice, not as fast as NFS but it's pretty secure, I already use it in most of my network shares but I just can't find a way to make it preserve the files xattrs.

Do you guys have any suggestions or maybe any other options that I might use?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 4 months ago

I assume you don't intend to copy the files but use them from a remote host? As security is a concern I suppose we're talking about traffic over the public network where (if I'm not mistaken) kerberos with NFS doesn't provide encryption, only authentication. You obviously can tunnel NFS with SSH or VPN and I'm pretty sure you can create a kerberos ticket which stores credentials locally for longer periods of time and/or read them from a file.

SSH/VPN obviously causes some overhead, but they also provide encryption over the public network. If this is something ran in a LAN I wouldn't worry too much about encrypting the traffic and in my own network I wouldn't worry about authentication either too much. Maybe separate the NFS server to it's own VLAN or firewall it heavily.