Samba vs. NetAppliance

Jeremy Allison jallison at
Wed Jun 23 20:18:37 GMT 1999

Paul Benn wrote :

> > Much better control over who accesses what filesystems. 
> Sorry if I seem ignorant of a particular Samba or UNIX functionality but I'm not 
> sure what you mean here. It might be argued that the reverse is true since 
> NetApp natively supports both UNIX style file permissions and NTFS style 
> permissions (ACLs).

This is true. But it doesn't provide a very understandable
mapping from a complex ACL when accessed from an NT client
to a UNIX permission when accessed from an NFS client. My
problem with your design (which I know quite a bit about,
funnily enough :-), is that it violates the principle of
least suprises for the nfs user. ie. They may get access 
denied when the UNIX perms say they should be granted access.

> Based on my limited experience, the new ACL functionality 
> introduced with Samba 2.0.4 (which BTW I think is a very nifty addition)is 
> merely a way for an NT savvy admin to manipulate the underlying UNIX file 
> permissions via Windows Explorer.

No arguement there, as this is exactly what it is designed to do.
I'm still awaiting judgement on the user requests for true ACLs
(which we can do by mapping into POSIX ACLs, when enough UNIX's
support them). Most NT software simply doesn't use the NT ACL
design. Nice though it is from a security point of view, for
most users it is just unimaginably complex. 

There's something to be said for just providing UNIX permissions :-).

> Oh and don't forget that DOS attributes, such 
> as the "archive bit," are mapped to the UNIX "x" bits which may present problems 
> in multiprotocol environments. Here's a quote from John D. Blair's book "Samba 
> Integrating UNIX and Windows" copyright 1998, page 239: "The unusual changes in 
> execute permissions may disrupt use of files from UNIX users. 

Yep, very true and without kernel access not something
that's easy to fix.

> > Thousands of people using/testing/beating on/improving the software 
> NetApp also has many thousands of people using/testing/beating on filers (the 
> next web site you hit may have a filer back ending it).

Not on the same order of magnitude though. Trust me on this (by
the volume of email I get :-).

> > Quite slow tech support response time 
> Perhaps when compared to the 
> always-someone-reading-it-around-the-world-at-any-given-time Samba digest. But 
> then again, you seem not to be counting the "toasters" mailing list which can 
> provide equally fast response times. You only have to wait on your internet 
> connection and query speed when using the NetApp knowledge base. I know things 
> are changing but who are you going to _call_ when you have a Samba issue and you 
> don't own an SGI box (and even then how long will the response times be)?

This is a straw man. Have you looked at the Samba consultants list ?
This is also not even mentioning such companies as IBM & HP who are now
supporting Linux (all versions of which include Samba), LinuxCare,
RedHat, Caldera and a host of other companies (I can't even remember
them all). Remember - every "Linux Certified Engineer" will also be
able to support Samba :-).

I recently came back from Linux Expo Paris where there were many
consulting companies exhibiting on the show floor who were offering
commercial Samba and Linux support. Contrast this with NetApp where
support is only available from one company.

> Sure the CIFS license is more expensive than $FREE but we feel that NetApp 
> offers a better CIFS implementation as well as better Windows/UNIX integration. 

Well this is one of those "the market will decide" things :-) :-).
And the customers always win those :-).


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba mailing list