[GTALUG] The current state of NFS

Anthony de Boer adb at adb.ca
Sat Feb 24 10:50:54 EST 2018


Giles Orr via talk wrote:
> I used to use NFS back in 2000 - back when we still thought unsecured local
> services were okay.  And I loved it - it was slow, but very useful.  So I'd
> like to start using it again, but I want it secured.  ...

You might want to look at sshfs instead.  This is a nifty thing that
uses SSH, SFTP, and FUSE to let you mount storage from a remote box
that you have SSH access to.  Linux even lets non-root users do this in
a way that makes the mount not exist for any other user.  And since any
user can look at the man page and just do it, there's far less hassle
for the sysadmin to set up.  And you don't have to open any new holes
besides the already-well-tested SSH daemon.

>  ...  Is it
> possible to run NFSv4 without Kerberos?  Pointers to recent, good tutorials
> would also be deeply appreciated.

My legacy uses of NFS are down to non-secret data that anyone on the LAN
can mount read-only.  Far easier that way, both to set up and to sleep
at night.

> I'm using Fedora 27 and Debian (stable or testing) on the clients.  You can
> stomp me if you like for my plan to use a Raspberry Pi as the server - I'm
> not looking for speed as this will mostly be for backups.  ...

For backups of files that change rarely, rsync is a huge win; run it
over SSH for private files.  For the sort of data I publish on NFS, I
usually also run rsync in server mode to help with the backups.

Depending on the relative speeds of CPU, storage, and network, crypto
overhead can be free or it can be what throttles bandwidth.  Tools like
htop, iotop, and iftop can tell you what's happening.

-- 
Anthony de Boer


More information about the talk mailing list