CIFS supports leases. That is, hosts will try to ask for exclusive access to a file, so that they can assume that it hasn’t changed.
IIRC sshfs just doesn’t care much about cache coherency across hosts and just kind of assumes that things haven’t changed underfoot, uses a timer to expire the cache.
considers
Honestly, with inotify, it’d probably be possible to make a newer sshfs that does support leases.
I suspect that the Unixy thing to do is to use NFSv4 which also does cache coherency correctly.
It is easy to deploy sshfs, though, so I do appreciate why people use it; I do so myself.
Here are some 2019 benchmarks that show NFSv4 to generally be the most-performant.
The really obnoxious thing about NFSv4, IMHO, is that ssh is pretty trivial to set up, and sshfs just requires a working ssh connection and sshfs software installed, whereas if you want secure NFSv4, you need to set up Kerberos. Setting up Kerberos is a pain. It’s great for large organizations, but for “I have three computers that I want to make talk together”, it’s just overkill.
EDIT: I’d also add that I kind of wish that Linux authentication were somewhat more-unified in general in 2024. You’ve got:
/etc/shadow passwords (the above with ssh, plus plenty of other services like CUPS).
Wireguard keys
GPG keys (email, git commits)
X.509 certs (email, TLS, smartcard applications)
Kerberos (NFSv4, CIFS at least optionally)
Then you’ve got various keyrings and credential caches, like ssh-agent, gpg-agent, Gnome has some keyring that can wrap ssh-agent, web browsers have a keyring…
I mean, there’s kind of a lot of overlap among all these. Maybe one system would be too far, but I’d kind of like to have things more-unified than they are today.
EDIT2: Apparently inotify() doesn’t let one block the operation that one is monitoring, so probably can’t use it to implement leases.
CIFS supports leases. That is, hosts will try to ask for exclusive access to a file, so that they can assume that it hasn’t changed.
IIRC sshfs just doesn’t care much about cache coherency across hosts and just kind of assumes that things haven’t changed underfoot, uses a timer to expire the cache.
considers
Honestly, with inotify, it’d probably be possible to make a newer sshfs that does support leases.
I suspect that the Unixy thing to do is to use NFSv4 which also does cache coherency correctly.
It is easy to deploy sshfs, though, so I do appreciate why people use it; I do so myself.
kagis to see if anyone has benchmarks
https://blog.ja-ke.tech/2019/08/27/nas-performance-sshfs-nfs-smb.html
Here are some 2019 benchmarks that show NFSv4 to generally be the most-performant.
The really obnoxious thing about NFSv4, IMHO, is that ssh is pretty trivial to set up, and sshfs just requires a working ssh connection and sshfs software installed, whereas if you want secure NFSv4, you need to set up Kerberos. Setting up Kerberos is a pain. It’s great for large organizations, but for “I have three computers that I want to make talk together”, it’s just overkill.
EDIT: I’d also add that I kind of wish that Linux authentication were somewhat more-unified in general in 2024. You’ve got:
SSH keys (ssh, sshfs, mosh, tunneling network traffic over ssh connections).
/etc/shadow passwords (the above with ssh, plus plenty of other services like CUPS).
Wireguard keys
GPG keys (email, git commits)
X.509 certs (email, TLS, smartcard applications)
Kerberos (NFSv4, CIFS at least optionally)
Then you’ve got various keyrings and credential caches, like
ssh-agent,gpg-agent, Gnome has some keyring that can wrap ssh-agent, web browsers have a keyring…I mean, there’s kind of a lot of overlap among all these. Maybe one system would be too far, but I’d kind of like to have things more-unified than they are today.
EDIT2: Apparently inotify() doesn’t let one block the operation that one is monitoring, so probably can’t use it to implement leases.