Anyway my file server has always used samba due to it's interoperability with Windows clients, but it dawned on me very recently that I no longer have any Windows clients, I'm only using Linux. So rather than keep wasting time transferring files over smb and separately managing permissions via ssh, I decided to investigate nfs - it's something I have never used before.
First impressions are that I find it somewhat confusing from a security perspective. Assuming my understanding is correct, security boils down to this:
- NFS doesn't support password based authentication
- Instead NFS relies on UIDs/GIDs
- This can be further restricted, by locking down the IPs that can connect
- One could just create a user with a matching UID and then they would appear as authenticated.
- Equally the server could be transplanted onto an unknown network, in which an unknown client could assign an IP that is considered whitelisted. Yes you could argue that if someone has physical access to the machine, it's game over anyway - but in my case I make use of both hardware/software full drive encryption,
Thanks