enterprise-ubuntu team mailing list archive

Thread
Date

Re: Questions: Rightsmanagement on shares - WIndows vs. Linux

To: boleslaw.tokarski@xxxxxxxxx
From: Florian Bieber <florian.bieber@xxxxxxxx>
Date: Tue, 14 May 2013 15:42:04 +0200
Cc: "enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx" <enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAPTnYoeak9bpjqG_vVPiaBL4NzJD0N+1G9YXXt6M7WBar-BdEg@mail.gmail.com>

Hello Ballock,

good, that you took the challenge, because I hoped that there are linux 
solutions which can compete with Microsofts rights management.

I am not a linux expert, but to compare what file/folder rights are 
possible on linux and windows I found for Linux:
        - read, write and execute rights to a specific user, group and for 
all other
        - with NFSv3 ACLs additional users can be configured to get 
"rwx"-rights, set with "setfacl" (which are listed as "+" if you do "ls 
-l")
        - nfs4 can maybe have more possibilities, but as you also wrote, 
it is not used, because of incompatibility and complexity of available 
solutions

on Windonws NTFS we have the following 13 rights (
http://technet.microsoft.com/en-us/library/cc787794%28v=ws.10%29.aspx)
        - Traverse Folder/Execute File, List Folder/Read Data, Read 
Attributes, Read Extended Attributes, Create Files/Write Data, Create 
Folders/Append Data, Write Attributes, Write Extended Attributes, Delete 
Subfolders and Files, Delete, Read Permissions, Change Permissions, Take 
Ownership, Synchronize
and most of them can be accomplished with rights on linux also, but for us 
functionalities like
        - rights inheritance on different levels
        - authentication on access (NFSv3 only checks IP/hostname, but 
e.g. no kerberos token)
        - right to create or delete subfolder
I could not found this in exiting (besides scripting) solutions for linux 
file shares and rights management.

So in a Company with Windows and Linux Clients, an Active Directory, which 
linux-based file share rights management could do most access rights as a 
Windows NTFS system can?

regards,
Florian Bieber


From:   Ballock Tokarski <boleslaw.tokarski@xxxxxxxxx>
To:     Florian Bieber <florian.bieber@xxxxxxxx>
Cc:     "enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx" 
<enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx>
Date:   08.05.2013 23:13
Subject:        Re: [Enterprise-ubuntu] Questions: Rightsmanagement on 
shares - WIndows vs. Linux



Hello, Florian,

I feel the challenge to defend Linux here :)

Ok, now "Microsoft Windows is at least 5 years ahead all possibilities of 
detailed access rights on file shares". I don't know what the colleagues 
think about, I'd say it's a simple ACL (access control list) on a 
file/directory. Nothing really fancy these times. ACLs are common. You 
have them in next to all Linux-related filesystems, just as you do on 
Microsoft's NTFS. You generally don't use them on an enterprise-less 
Ubuntu system, as the number of users using it is limited (you and perhaps 
some family/friends).

For Linux to Linux filesharing NFSv3 is the most commonly used. AFAIK 
Linux has support for ACLs in NFSv3 for some time already (kernel version 
2.6.26 released July 2008). It seems it's on by default in Ubuntu 12.04. 
Quoting the kernel config "Some NFS servers support an auxiliary NFSv3 ACL 
protocol that Sun added to Solaris but never became an official part of 
the NFS version 3 protocol.  This protocol extension allows applications 
on NFS clients to manipulate POSIX Access Control Lists on files residing 
on NFS servers.". So it beats the theory that NFSv3 haasn't been improved 
since 1995.

NFSv4 is a totally different protocol, so no wonder some companies have 
problems implementing it. As far as I know it works pretty well under 
Linux already. That said, I know there is some more difficulties 
configuring it (name mapping service is required, I'd advise going with 
Kerberos for that and that might come as even more troublesome to start 
with). I am also aware of a number of broken SAN appliances that 
supposedly implement NFSv4, but are bugged. I know my friends recently dug 
up a problem on NetApps that rendered NFSv4 useless there.

If you want to talk Windows, you can use CIFS. I believe HP added some 
CIFS extended attributes that lets you share files between Linux/Unix 
machines without using Unix attributes, so you can use that too... Oh, and 
I heard that Linux CIFS implementation beats Windows's own native one 
performance-wise.

Well, use whichever suits you best. the "detailed access rights" are there 
already.

Cheers,
Ballock


On Wed, May 8, 2013 at 6:54 PM, Florian Bieber <florian.bieber@xxxxxxxx> 
wrote:
Hello, 

in discussion with colleagues about ubuntu client user accessing file 
shares, someone said that Microsoft Windows is at least 5 years ahead all 
possibilities of detailed access rights on file shares. 

Sun created NFSv3 in 1995 http://tools.ietf.org/html/rfc1813 and seems not 
further improved. NFSv4 exists, but because of many problems, nobody seems 
to use it. 

What linux file share rights management solution can compete with the 
detailed rights management of actual Windows file shares? 

Thanks for help in advance!

regards,
Florian
--
Mailing list: https://launchpad.net/~enterprise-ubuntu
Post to     : enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~enterprise-ubuntu
More help   : https://help.launchpad.net/ListHelp

References

Questions: Rightsmanagement on shares - WIndows vs. Linux
From: Florian Bieber, 2013-05-08
Re: Questions: Rightsmanagement on shares - WIndows vs. Linux
From: Ballock Tokarski, 2013-05-08