enterprise-ubuntu team mailing list archive
-
enterprise-ubuntu team
-
Mailing list archive
-
Message #00150
Re: Questions: Rightsmanagement on shares - WIndows vs. Linux
Hello Ballock,
good, that you took the challenge, because I hoped that there are linux
solutions which can compete with Microsofts rights management.
I am not a linux expert, but to compare what file/folder rights are
possible on linux and windows I found for Linux:
- read, write and execute rights to a specific user, group and for
all other
- with NFSv3 ACLs additional users can be configured to get
"rwx"-rights, set with "setfacl" (which are listed as "+" if you do "ls
-l")
- nfs4 can maybe have more possibilities, but as you also wrote,
it is not used, because of incompatibility and complexity of available
solutions
on Windonws NTFS we have the following 13 rights (
http://technet.microsoft.com/en-us/library/cc787794%28v=ws.10%29.aspx)
- Traverse Folder/Execute File, List Folder/Read Data, Read
Attributes, Read Extended Attributes, Create Files/Write Data, Create
Folders/Append Data, Write Attributes, Write Extended Attributes, Delete
Subfolders and Files, Delete, Read Permissions, Change Permissions, Take
Ownership, Synchronize
and most of them can be accomplished with rights on linux also, but for us
functionalities like
- rights inheritance on different levels
- authentication on access (NFSv3 only checks IP/hostname, but
e.g. no kerberos token)
- right to create or delete subfolder
I could not found this in exiting (besides scripting) solutions for linux
file shares and rights management.
So in a Company with Windows and Linux Clients, an Active Directory, which
linux-based file share rights management could do most access rights as a
Windows NTFS system can?
regards,
Florian Bieber
From: Ballock Tokarski <boleslaw.tokarski@xxxxxxxxx>
To: Florian Bieber <florian.bieber@xxxxxxxx>
Cc: "enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx"
<enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx>
Date: 08.05.2013 23:13
Subject: Re: [Enterprise-ubuntu] Questions: Rightsmanagement on
shares - WIndows vs. Linux
Hello, Florian,
I feel the challenge to defend Linux here :)
Ok, now "Microsoft Windows is at least 5 years ahead all possibilities of
detailed access rights on file shares". I don't know what the colleagues
think about, I'd say it's a simple ACL (access control list) on a
file/directory. Nothing really fancy these times. ACLs are common. You
have them in next to all Linux-related filesystems, just as you do on
Microsoft's NTFS. You generally don't use them on an enterprise-less
Ubuntu system, as the number of users using it is limited (you and perhaps
some family/friends).
For Linux to Linux filesharing NFSv3 is the most commonly used. AFAIK
Linux has support for ACLs in NFSv3 for some time already (kernel version
2.6.26 released July 2008). It seems it's on by default in Ubuntu 12.04.
Quoting the kernel config "Some NFS servers support an auxiliary NFSv3 ACL
protocol that Sun added to Solaris but never became an official part of
the NFS version 3 protocol. This protocol extension allows applications
on NFS clients to manipulate POSIX Access Control Lists on files residing
on NFS servers.". So it beats the theory that NFSv3 haasn't been improved
since 1995.
NFSv4 is a totally different protocol, so no wonder some companies have
problems implementing it. As far as I know it works pretty well under
Linux already. That said, I know there is some more difficulties
configuring it (name mapping service is required, I'd advise going with
Kerberos for that and that might come as even more troublesome to start
with). I am also aware of a number of broken SAN appliances that
supposedly implement NFSv4, but are bugged. I know my friends recently dug
up a problem on NetApps that rendered NFSv4 useless there.
If you want to talk Windows, you can use CIFS. I believe HP added some
CIFS extended attributes that lets you share files between Linux/Unix
machines without using Unix attributes, so you can use that too... Oh, and
I heard that Linux CIFS implementation beats Windows's own native one
performance-wise.
Well, use whichever suits you best. the "detailed access rights" are there
already.
Cheers,
Ballock
On Wed, May 8, 2013 at 6:54 PM, Florian Bieber <florian.bieber@xxxxxxxx>
wrote:
Hello,
in discussion with colleagues about ubuntu client user accessing file
shares, someone said that Microsoft Windows is at least 5 years ahead all
possibilities of detailed access rights on file shares.
Sun created NFSv3 in 1995 http://tools.ietf.org/html/rfc1813 and seems not
further improved. NFSv4 exists, but because of many problems, nobody seems
to use it.
What linux file share rights management solution can compete with the
detailed rights management of actual Windows file shares?
Thanks for help in advance!
regards,
Florian
--
Mailing list: https://launchpad.net/~enterprise-ubuntu
Post to : enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~enterprise-ubuntu
More help : https://help.launchpad.net/ListHelp
References