Comment on Homelab upgrade - "Modern" alternatives to NFS, SSHFS?
possiblylinux127@lemmy.zip 2 months agoNFS is good for hypervisor level storage. If someone compromises the host system you are in trouble.
Comment on Homelab upgrade - "Modern" alternatives to NFS, SSHFS?
possiblylinux127@lemmy.zip 2 months agoNFS is good for hypervisor level storage. If someone compromises the host system you are in trouble.
486@lemmy.world 2 months ago
Not only the host. You have to trust every client to behave, as @forbiddenlake already mentioned, NFS relies on IDs that clients can easily fake to pretend they are someone else. Without rolling out all the Kerberos stuff, there really is no security when it comes to NFS.
possiblylinux127@lemmy.zip 2 months ago
You misunderstand. The hypervisor is the client. Stuff higher in the stack only sees raw storage. (By hypervisors I also mean docker and kubernetes) From a security perspective you just set an IP allow list
486@lemmy.world 2 months ago
Sure, if you have exactly one client that can access the server and you can ensure physical security of the actual network, I suppose it is fine. Still, those are some severe limitations and show how limited the ancient NFS protocol is, even in version 4.