I have an old PC running TrueNAS Scale and have two Windows 10 PCs (may upgrade one to W11) and one wit OpenSUSE (currently 15.4, but it will upgrade in the future) Linux. I want to access my shares from all systems and am currently running both an SMB and NFS shares but have previsions problem because some files are saved with Windows permission control and some with Linux permission control.
If you set up smb on a linux box you dont really have windows permissions. You can set file and directory masks for the share and user/group ids. It wont retain permissions the client set. But its pretty simple as far as interoparbility goes. Not sure if keeping the permissions exactly as you set them on the client side is even an option in samba. If you need that option samba wont work for you i dont think.
NFS does keep permissions the same. So if your client has a user joe with id 1004 and you put that file into an NFS even if the server does not have a user with ID 1004 and none of the other systems you owm do it will keep those permissions potentionally making it inaccessable for some clients. And if you have a system where 1004 is not joe but bob that means now bob can read joes files. So for that to work properly you need to ensure consisten UIDs on all your systems. No clue what windows would do with NFS in that regard I never tried.
Never yet needed to optimize samba shares as it maxes out my 1gbit network without doing anything.
But given that the linux samba service is literally called smbd. And looking it up you find articles about windows server 2012. Id be surprised if that does not just work.
It seems to be a smb 3.0+ feature. I think this is mostly down to what version of smb you use. Could be wrong.
To clarify my setup a bit more, I am the only person working in the network. So I actually do not too much permission need control permission, they actually make my work harder.
Yes I know saying that will make many people angry, and I understand that in the typical case more access control is better, but in a case where I am the only person with physical access to all the servers and clients, and the hassle it would bring I stand by it.
So if I understood you correctly, SMB would bring the benefit of having a more central “user” management, without actually of checking that everywhere the same ID is used for one user.
It does override permissions on the server. If you don´t set anything it uses the user that corresponds to the smb login on the server. But you can override both user and group in your smb config to set them to something else instead when files are created. Like, when you want to have multiple people access the same share later down the road. Create a group add both users to the group, set the file mask so that groups can read/write and add the group in the smb config and then that should work. When new files are created they will be owned by that group and read/writeable by that group. You still need to fix permissions on files written before you made changes to your smb config when you are doing changes like this later though.
I think for these types of usecases smb permission system is a bit easier to manage. But there are definitely cases where retaining proper unix style permissions that the client can set to whatever it likes (and retain that information on the server as is) is desireable or required.
Chances are however if you´re the only person there is all of your “you” users have UID 1000 (and whatever windows does… probably it would make you specify a UID at some point in mounting NFS shares or default to 1000 aswell).
TL;DR look at the last Standalone Server link below.
linux filesystems locally keep linux/posix filesystem permissions, but linux filesystems also support various extended attributes and so on, … and can store and check various more complicated permissions models.
Samba / smbd generally runs as root, and it can map permissions back and forth, between network identities as windows speaks and expects, to local identities and permissions that linux speaks and understands.
… and you can do various hacky things on the side as well, if whatever standard windows thing or standard linux thing doesn’t fit your own brain’s permissions model.
The multitude of options and support for various kinds of environments and various Windows versions (e.g. until recently Samba actually supported pre-windows smb permissions models), all this just makes documentation super verbose, but have a look, use Ctrl+F:
Modern NFS is not as well documented for end users as Samba in my opinion, it’s ok for developers, and for large organizations that can afford to hire them your mom and pop, up to 1000 people orgs … it’s kind of hard to use correctly.