Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wasn't able to find documentation for using CIFS as / - is there a guide somewhere?

What are the advantages of this as compared with NFS?



I can only speak from personal experience, so don't take this as true for everybody.

But for me, NFS has always been a colossal pain to use. The server has to run in kernel-space. Shares have to be enumerated in /etc. There are a couple of userspace options, but I've never been able to make them work reliably. Once I do get it working, it hangs all the time for no easy-to-debug reason. Also it needs multiple ports to be open, and it expects UID and GID to be the same on client and server.

CIFS has its problems for sure. But it's been pretty straightforward for me every time I've had to use it. If I was trying to set up a production-line machine to flash Linux-based devices, I'd choose CIFS every time because it's so much less hassle. And now that it's rootfs-capable, I just might be able to do it.


  https://www.kernel.org/doc/Documentation/filesystems/cifs/cifsroot.txt


>A CIFS root mount currently requires the use of SMB1+UNIX Extensions which is only supported by the Samba server. SMB1 is the older deprecated version of the protocol but it has been extended to support POSIX features (See [1]). The equivalent extensions for the newer recommended version of the protocol (SMB3) have not been fully implemented yet which means SMB3 doesn't support some required POSIX file system objects (e.g. block devices, pipes, sockets).

As a result, a CIFS root will default to SMB1 for now but the version to use can nonetheless be changed via the 'vers=' mount option. This default will change once the SMB3 POSIX extensions are fully implemented.

Who thought re-enabling uses of SMB1 was a good idea?



It's not just CIFS root that needs SMB1.

SMB1 has to be used any time you need the POSIX extensions, with Samba at the server side and Linux at the client side.

I find it comes up reasonably often, because Samba is so configurable. For example remapping user ids, or mapping user-group permission bits; these are hard or impossible to do in NFS, depending on available NFS server version.


I think the real question is: Is SMB1 less secure than NFS?


Probably not since NFS to my recollection barely support anything resembling transport encryption, but it allows Authentication if you like Kerberos.


NFS has supported transport encryption since as long as I can recall. It's enabled by the sec=krb5p mount option.


It can also be secured using IPsec (or other host-to-host supporting vpn that can have per protocol security associations)


SMB doesn't require me to setup a whole VPN connection (with it's own problems) just to get secure transport going.


True. But neither does NFS like the kerberos comment you replied to described :)

A third way to do this with NFS is to forward the TCP connection over stunnel, ssh forwarding or other similar thing.


As mentioned, if you like Kerberos. It's not the nicest way to do anything. Kerberos is also only supported if you (can) use NFSv4, NFSv3 doesn't support Kerberos on all clients.


NFSv3 is very dead.

I like Kerberos a good bit and I think the complexity of running an LDAP/Kerberos infrastructure is greatly over estimated, but it is disappointing that none of the theorized alternatives ever really appeared. Last I read, LIPKEY was the only serious contender and there were some security concerns that got it nixed.


And if you don't use Kerberos, NFS has no authentication. For extra credit, it's generally paired with NIS, so everyone can see everyone else's password hashes. What's not to like for an attacker?



CIFS is I think the protocol used on Windows and SAMBA.


Yes, ish. CIFS is the protocol that came before SMB, but people still use the term to describe modern Windows SMB or Samba.


SMB was first. CIFS is a rebranding that happened when Microsoft was forced to release documentation for the protocol.


Yes, but CIFS was a rebranding of SMB1; successive versions of SMB have just been called SMB. So first there was SMB, and then CIFS, and then (and now) it's all been just SMB. The only ones still using the term "CIFS" at this point are the Linux/Samba folks.


It's a case of running the Common Internet File System on top of the Server Message Block protocol.

SMB isn't just for filesystems. It is also used for printing, among other things. CIFS is the filesystem.

Outside of Linux/Samba folks, neither term is popular. Users say "Windows share" or "shared drive" or "network folder" or something like that.


Don't see someone call SMB "modern" every day...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: