Chapter 15. Network Filesystems

In many environments, we want to share files and programs among many workstations in a local area network. Doing so requires programs that let us share the files, create new files, do file locking, and manage ownership correctly. Over the last dozen years there have been a number of network-capable filesystems developed by commercial firms and research groups. These have included Apollo Domain, the Andrew Filesystem (AFS), Coda, the AT&T Remote Filesystem (RFS), and Sun Microsystems' Network Filesystem (NFS). Each of these has had beneficial features and drawbacks.

In this chapter, we limit ourselves to covering what have become the two network filesystems most commonly seen on Unix servers:

Network Filesystem (NFS)

Sun's NFS is the most widely used Unix network filesystem. NFS is available on almost all versions of Unix, as well as on Apple Macintosh systems, MS-DOS, Windows, OS/2, and OpenVMS.

Server Message Block (SMB)

The SMB protocol (sometimes also called CIFS: the Common Internet File System) is the network filesystem native to Microsoft Windows. But thanks to the free Unix-based SMB implementation Samba, Unix hosts are becoming common participants in SMB networks as both clients and servers.^[1] SMB compatibility is also available natively in Mac OS 10.2 and in previous versions of Mac OS via third-party software.

^[1] Indeed, it has often been suggested that Unix-based Samba servers can outperform Windows-based SMB file servers, and can do so more securely. See, for example, IT Week's article of April 23, 2002, at http://www.itweek.co.uk/News/1131114.

Because these two filesystems are the most common—and because they are quite different in their security models—we focus in this chapter on both of them. If you use one of the other forms of network filesystems, there are associated security considerations, many of which are similar to the ones we present here. Be sure to consult your vendor documentation.