Why people combine NFS with Samba servers

October 5, 2010

One of the things that the Samba people say in response to certain problem reports is that you should not use Samba on NFS-mounted filesystems. This is impractical advice in many production environments, and I will tell you why: namespaces. Or less abstractly, making it so that users do not have to know what fileserver their files come from.

We are not atypical as midsized environments go, and right now we have four fileservers and around two hundred filesystems distributed between those fileservers. We do not particularly want users to have to know or care exactly which fileserver hosts their home directory (partly because it can change sometimes). This is easy on Unix machines, where users just use filesystem names and the sysadmins make sure that those filesystems are mounted from the right places; the result is a single global namespace of filesystems.

Using Samba to re-export NFS mounts allows us to preserve this property for SMB/CIFS clients as well, in a straightforward configuration. We have one Samba server which users map shares from, and they don't have to care where the storage really comes from. From both the user perspective and the Samba perspective, NFS is fusing multiple fileserver namespaces together into a single global namespace where everyone is indifferent as to where the files are really coming from.

It looks like it is at least theoretically possible to use SMB features to do a pure-Samba version of this fused namespace (you can, under some circumstances, make a Samba share that just redirects clients to another SMB server). However, it also appears that the Samba configuration would be significantly more complicated, and I don't know if clients expose the SMB redirections involved to the users (this would be undesirable).

Of course this omits the elephant in the corner of the room, namely having to run Samba on your fileservers. In our case this would be highly undesirable purely on various practical grounds. For others this is alarming based on load and security issues; you are running much more on your fileservers, both in terms of processes and in terms of having to run large amounts of code that historically have had a number of security issues. Sticking NFS in the middle gives you significantly more isolation.

Written on 05 October 2010.
« Linux, Samba, NFS, and POSIX locking
What is going on with Samba's POSIX locking on NFS on Linux »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Oct 5 01:28:23 2010
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.