On Wed, 23 Apr 2008, Kenneth Heal wrote:
I am inclined to agree with Tim, my experience has been that mixed mode can lead to a lot of chaos and sadness. One tech report which might be relevant here is called Security in NFS Storage Networks: http://media.netapp.com/documents/tr_3387.pdf
As Tim suggests NFSv4 might be an option and provides a lot of nice features. Another choice could be Kerberos authentication, and this might be the way to go, though this will depend on your exact setup.
Thanks to all for their input.
Quick re-cap: We basically have UNIX (Linux) clients wishing to access data that was previously on a UNIX (Solaris) server now migrating to NetAPP (and still intended to look like UNIX data). For other (but related "general tidy up") reasons we are wanting to tighten up the previous simple NFS access, to prevent undesirable (but previously possible) "su root; su other" activity.
NFS was nice (UNIX preservation) but weak on user-based control. CIFS would give us the possibility of user-based control, but wrecks the appearance of ownership and filemodes.
Ken's reply suggests that Kerberos authentication (our NetApp is already in an Active Directory domain) might give us the hooks to keep NFS and introduce user-based control. It sounds well worth exploring. Thanks.
Let us know how it goes; this is indeed a fairly common issue caused by design deficiencies of standard NFSv3/NIS without any easy out of the box solution.
I'll try to remember to do that.
Thanks again.