One filesystem.
Every protocol. Any backend.
DittoFS is a modular virtual filesystem in Go. It serves files over NFSv3, NFSv4, and SMB2/3 from a single binary, with metadata and block stores you mix and match per share. No FUSE. No kernel modules.
- NFS + SMB
- served together
- 99.99%
- POSIX compliant
- userspace
- no FUSE, no kernel
- 1 binary
- pure Go
Why DittoFS
Storage decisions, decoupled from protocols
Pick the interface your clients speak and the backend your data lives on, independently, per share.
Runs in userspace
No FUSE, no kernel modules, no privileged host. DittoFS runs as an ordinary process you can start anywhere.
Easy to containerize
Because it lives in userspace, a single static Go binary drops into any container or orchestrator. No privileged containers, nothing to load in the kernel.
Multi-protocol, one server
NFS and SMB run at the same time on the same server, serving the same files to Linux, Windows, and macOS.
Pluggable storage
Mix metadata stores (memory, BadgerDB, PostgreSQL) and block stores (filesystem, S3) per share.
Deduplication
Files are split into content-defined chunks and addressed by BLAKE3 hash. Identical chunks across files are stored once.
Compression
Remote block stores compress payloads with zstd or lz4 before upload, then decompress transparently on read.
Client-side encryption
Per-remote envelope encryption with AES-256-GCM or ChaCha20-Poly1305, keyed locally or via KMIP. Blocks are encrypted before they leave the server, so your S3 or cloud store only ever sees ciphertext.
Share snapshots
Point-in-time reference holds with no data copy. Restore from the CLI or REST API.
Kerberos and signing
RPCSEC_GSS for NFS and SPNEGO Kerberos for SMB, with SMB3 message signing and AES-GCM transport encryption. Strong identity and integrity on the wire.
Cross-platform ACLs
NFSv4 and Windows/SMB access control lists are enforced consistently, so Linux and Windows clients see the same permissions on the same files.
REST control plane
Manage users, groups, and shares through a JWT-authenticated REST API or the dfsctl command line. Automate provisioning instead of editing config files.
No lock-in
Object storage, with filesystem semantics
DittoFS puts real NFS and SMB on top of any S3-compatible object store. Serve the same bucket from any cloud, on-prem, or the edge. Your data follows your architecture, not a vendor.
Bring your own backend
Multi-cloud and hybrid
Serve the same data from AWS, MinIO, Ceph, Cubbit DS3, or a local disk. Move between clouds and the edge without re-platforming.
No appliance tax
Compute and storage scale independently. No proprietary controllers, no per-shelf licensing, no forklift upgrades — just a predictable per-terabyte cost on storage you already run.
Runs anywhere
One static binary on a laptop, a bare-metal edge box, a VM in any cloud, or Kubernetes with the official operator.
How it works
Three clean layers
Adapters speak protocols. The runtime owns every operation. Stores hold the bytes. Each layer is replaceable on its own.
Protocol adapters
NFS and SMB adapters handle wire framing, dispatch, and type conversion. Nothing more. Business logic never leaks into the protocol layer.
Runtime control plane
A single entrypoint composes users, shares, mounts, and identity. Every operation carries an auth context from the wire all the way to the store.
Pluggable stores
Each share picks a metadata store and a block store. A fast local cache fronts a durable remote, syncing in the background.
Capabilities
What each protocol does
The same data, exposed through different protocols. Capabilities follow what each protocol can express.
| Capability | NFSv3 | NFSv4 / 4.1 | SMB2 / 3 |
|---|---|---|---|
| Mount & file I/O | supported | supported | supported |
| ACLs | not applicable | supported | supported |
| Kerberos auth | supported | supported | supported |
| Leases / delegations | not applicable | supported | supported |
| Wire encryption | partial | partial | supported |
| Client-side encryption | supported | supported | supported |
| Snapshots | supported | supported | supported |
supported partial not applicable
From zero to mounted
A share in five commands
Start the server, create a share, enable a protocol, mount it, write a file. The write lands locally and syncs to the remote.
The write path
Local first, durable second
Every write lands in a local block store and is acknowledged immediately, so clients never block on the network. An append-only log captures the change first; a background pass then chunks, deduplicates, and pushes blocks to durable storage. The local tier stays the fast path, the remote is the source of truth.
- 01 The client writes to a mounted share. DittoFS appends to a per-file log and acks from the local cache right away, with no network round trip in the hot path.
- 02 A rollup splits the log into content-defined chunks (FastCDC), addresses each by BLAKE3 hash, and deduplicates against blocks already stored.
- 03 The syncer uploads new blocks to the durable remote, S3 or filesystem, optionally compressed and encrypted. Reads verify each block by hash.
Use cases
Where it fits
One server, many shapes. Because protocols and storage are decoupled, DittoFS adapts to where your data needs to live.
Multi-tenant cloud
Isolated shares, per-share stores, and client-side encryption for tenants that share the same infrastructure.
Tiered storage
A fast local cache fronts durable S3. Writes land locally and sync to the remote in the background.
Hybrid Linux and Windows
Serve Linux over NFS and Windows or macOS over SMB from one server, backed by the same data.
Dev and test
Spin up an in-memory filesystem in one command. No FUSE, no privileges, no external services to stand up.
Cloud-native deployments
A single userspace binary drops into Kubernetes with the official operator. Scale shares, not kernels.
Backup and recovery
Point-in-time share snapshots with no data copy, restorable from the CLI or REST API, guard against accidental deletes.
DittoFS PRO
A management UI and support, on top of the open core
The community edition is fully open source. PRO adds a web management UI and commercial support for teams that run DittoFS in production.