[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] NFS over SSH

> > I agree -- it should not be a problem.  But it is. 
> Yes.  You got me.  And I've verified that this is a problem with the 
> 3.0.2a which used to be provided on the suse ftp-server.  I wonder
> whether a patched version is forthcoming, though it looks trivial 
> enough to patch it yourself and compile - assuming the patch is good.

Yes, I applied the patch and rebuild the rpm's, works very nicely, uid's
are perfectly OK.

> > Thanks!  That are good news for us.  And what about directories exported
> > from Windows?
> Not tested, but the server file system lacks the attributes you want to 
> see on your linux client so I can't see how it could work.  For providing 
> disk to multiple platforms, your server should be running unix or linux.  
> The rest (NFS, Samba, whatever) is just cosmetics.

Yeah.  OK, I tell you what the other problem is -- apart from our home
directories, which are on our server.  There are university wide home
directories for windows clients, and also shares with program files.  It
would be nice to access them, too.  They are exported from ...VMS. :-))))

> > OTOH -- as far as I understand, VPN encrypts the whole private network
> > traffic, which may or may not be a problem in terms of performance.
> VPN is a concept.  It's not a protocol, and there's no one true VPN 
> way of doing things.  There's a tunnel.  Whether you're running 
> encrypted data, compressed data, encrypted compressed data or just 
> raw data through depends on configuration and which VPN software
> you go for.  There's overhead, but with raw data they should be 
> negligible.  Here at UiB we're running pptp without encryption, but
> don't ask me about configuration - not my field.

OK, thanks.

> > I have played now with shfs for a couple of days.  Well, the code is maybe
> > not very mature (I had to correct the high UID issue here as well), and the
> > performance remains to be tested, but at least for some purposes it is
> > really great, and it is by far the easiest solution to configure and use.
> > And the really nice thing about is that you do not need to configure or
> > install anything on the server side.
> I like it when I can change things in one place - on a server - 
> rather than running through hundreds of clients to make changes. 
> But tastes differ, as do the level of influence one has on the 
> server configurations.

You've got a point there, but since either way I need to 1) configure VPN
on all the clients or 2) install the patched samba on all the clients or 3)
install shfs on all the clients, it is all the same for me.  We have full
power over our local data / home directories server, but of course there
are central facilities like the central web services, program repositories
or high performance clusters -- and they are not likely to open up anything
else than ssh connection; so shfs is a nice way of accessing them.

> > One of our PhD students worked in Bergen for some time -- he says it is
> > great :-)))
> Except, of course, that the Bioinformatics group here is running 
> DeadRat linux. >:(

I really, really hate to say that, I've been using SuSE ever since around
the 5th version, but the last SuSE release got me really pissed of, and we
are considering alternatives at this point of time (debian to be specific).

The problems for me are 
  - my favorite number one: the persistent nfslock problem
  - the automatic mounting of USB devices with "sync" option -- welcome
    back to floppy-and-DOS-era  (why not mount the hard disk that way, too?)
  - problems with high uids in samba 
  - printing: I distinctly remember that SuSE was able to detect CUPS
    servers available on the network automatically and out of the box, so
    what happened now?
  - dozens of minor configuration problems (ever tried to use ACPI on a 
    laptop with SuSE 9.1?  ever worked with custom LDAP settings? tried to
    export cups printers to Windows computers with yast? had to reinstall
    your system because yast got plem-plem and went medieval on your
    elaborate system of the library and package dependencies?)

Then, there is this general KDE-centric attitude, which could be bearable
if there were not so many problems, little annoyances and occasional
crashes while running it.  (For example, we have always some printing
problems with konqueror/kprinter, sometimes it works, sometimes not,
sometimes it crashes, sometimes it produces a dozen of blank pages.
Mozilla does not seem to print at all via kprinter in SuSE 9.1...).  

Well, it is all nice and well for the corporate, computer-illiterate and
Windows-educated user, but I'm too old to change my favorite editor and
Window Manager :-)).

Sorry, I know it is not the scope of this discussion list.  I just had to
rant a little.  



------------ January Weiner 3  ---------------------+---------------  
Division of Bioinformatics, University of Muenster  |  Schloßplatz 4
(+49)(251)8321634                                   |  D48149 Münster
http://www.uni-muenster.de/Biologie.Botanik/ebb/    |  Germany

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here