« Return to Thread: mount.cifs; NetApp; owner/mode appearance
RE: mount.cifs; NetApp; owner/mode appearance
by David Lee-2
::
Rate this Message:
On Wed, 23 Apr 2008, Kenneth Heal wrote:
> I am inclined to agree with Tim, my experience has been that mixed mode
> can lead to a lot of chaos and sadness. One tech report which might be
> relevant here is called Security in NFS Storage Networks:
> http://media.netapp.com/documents/tr_3387.pdf
>
> As Tim suggests NFSv4 might be an option and provides a lot of nice
> features. Another choice could be Kerberos authentication, and this
> might be the way to go, though this will depend on your exact setup.
Thanks to all for their input.
Quick re-cap: We basically have UNIX (Linux) clients wishing to access
data that was previously on a UNIX (Solaris) server now migrating to
NetAPP (and still intended to look like UNIX data). For other (but
related "general tidy up") reasons we are wanting to tighten up the
previous simple NFS access, to prevent undesirable (but previously
possible) "su root; su other" activity.
NFS was nice (UNIX preservation) but weak on user-based control. CIFS
would give us the possibility of user-based control, but wrecks the
appearance of ownership and filemodes.
Ken's reply suggests that Kerberos authentication (our NetApp is already
in an Active Directory domain) might give us the hooks to keep NFS and
introduce user-based control. It sounds well worth exploring. Thanks.
> Let us know how it goes; this is indeed a fairly common issue caused by
> design deficiencies of standard NFSv3/NIS without any easy out of the
> box solution.
I'll try to remember to do that.
Thanks again.
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: UNIX Team Leader Durham University :
: South Road :
: http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
> I am inclined to agree with Tim, my experience has been that mixed mode
> can lead to a lot of chaos and sadness. One tech report which might be
> relevant here is called Security in NFS Storage Networks:
> http://media.netapp.com/documents/tr_3387.pdf
>
> As Tim suggests NFSv4 might be an option and provides a lot of nice
> features. Another choice could be Kerberos authentication, and this
> might be the way to go, though this will depend on your exact setup.
Thanks to all for their input.
Quick re-cap: We basically have UNIX (Linux) clients wishing to access
data that was previously on a UNIX (Solaris) server now migrating to
NetAPP (and still intended to look like UNIX data). For other (but
related "general tidy up") reasons we are wanting to tighten up the
previous simple NFS access, to prevent undesirable (but previously
possible) "su root; su other" activity.
NFS was nice (UNIX preservation) but weak on user-based control. CIFS
would give us the possibility of user-based control, but wrecks the
appearance of ownership and filemodes.
Ken's reply suggests that Kerberos authentication (our NetApp is already
in an Active Directory domain) might give us the hooks to keep NFS and
introduce user-based control. It sounds well worth exploring. Thanks.
> Let us know how it goes; this is indeed a fairly common issue caused by
> design deficiencies of standard NFSv3/NIS without any easy out of the
> box solution.
I'll try to remember to do that.
Thanks again.
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: UNIX Team Leader Durham University :
: South Road :
: http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
« Return to Thread: mount.cifs; NetApp; owner/mode appearance
| Free embeddable forum powered by Nabble | Forum Help |
