Samba vs. NetAppliance

Benn, Paul paul.benn at netapp.com
Fri Jun 25 03:18:13 GMT 1999 

> -----Original Message-----
> From: Jeremy Allison [mailto:jallison at cthulhu.engr.sgi.com]
> Sent: Wednesday, June 23, 1999 1:19 PM

> My problem with your design (which I know quite a bit about,
> funnily enough :-), is that it violates the principle of
> least suprises for the nfs user. ie. They may get access 
> denied when the UNIX perms say they should be granted access.

But wouldn't it also be a "surprise" when an NFS user finds that she can't
execute a file because one of the DOS bits was flipped on by a Windows user?

Isn't it true that NFS clients don't always check for locks? So wouldn't it then
be a "surprise" to a Windows user when an NFS user deletes or possibly corrupts
a file that was supposed to be locked by the Windows user (non-Irix versions
assumed - a majority of Samba versions according to the Samba survey)?
 
> I'm still awaiting judgement on the user requests for true ACLs
> (which we can do by mapping into POSIX ACLs, when enough UNIX's
> support them). Most NT software simply doesn't use the NT ACL
> design. Nice though it is from a security point of view, for
> most users it is just unimaginably complex. 

Again, pardon my lack of UNIX knowledge but wouldn't POSIX ACLs hinder
performance and don't some flavours of UNIX (e.g. Solaris) have their own
incompatible-with-other-flavours ACLs? Why would you even bother with it until
there was some sort of a standard (and who knows when that might be)?

True, most NT software doesn't use the ACL design and most Windows users don't
need to bother with ACLs. The NT administrators who set everything up need to
though and they may have reason to setup complex ACLs, something that can't be
done with UNIX file permissions.

> This is a straw man. Have you looked at the Samba consultants list ?
> This is also not even mentioning such companies as IBM & HP 
> who are now
> supporting Linux (all versions of which include Samba), LinuxCare,
> RedHat, Caldera and a host of other companies (I can't even remember
> them all). Remember - every "Linux Certified Engineer" will also be
> able to support Samba :-).

True but many of the settings can be done via a web browser by almost any
network administrator that has little NetApp knowledge. Contrast that with an NT
admin who would might be faced with learning Linux and Samba from scratch or
hiring one of those new "Linux Certified Engineers."

Combine the fact that a filer comes pretty much optimized right out of the box
with the fact that it looks and feels like an NT4 member server to Windows
clients and the fact that it can be administered with standard Windows NT tools
(like server manager for setting up shares and share level ACLs, user manager
for group membership and Explorer for ACLs and file access auditing). A large
support infrastructure already exists in the form of Microsoft Certified
Professionals for filers from this perspective (yes, there are a lot of
paper-MCSEs out there will be paper-LCEs soon enough too).

Existing UNIX savvy admins should have little trouble administering a filer via
telnet (for commands such as ifconfig, ping or dump) or via an NFS mount to use
chown, chmod or vi (to edit files such as hosts, passwd or exports). I'd be
tempted to argue that every "Linux Certified Engineer" will also be able to
support filers to some extent.

Cheers,

Paul

More information about the samba mailing list