Because NFS allows users on a network to access files stored on the server, NFS has significant security implications for the server. These implications fall into three broad categories:
NFS can (and should) be configured so that only certain clients on the network can mount filesystems stored on the server.
NFS can (and should) be configured so that users can access and alter only files to which they have been granted access.
NFS should (but does not) protect information on the network from eavesdropping and surreptitious modification.
The NFS server can be configured so that only certain hosts are allowed to mount filesystems on the server. This is a very important step in maintaining server security: if an unauthorized host is denied the ability to mount a filesystem, then unauthorized users on that host should not be able to access the server’s files. This configuration is controlled by settings in a file. Depending on the version of Unix/Linux/etc. that you are using, the specific file structure and usage is different. Systems with a BSD heritage use /etc/exports, and systems with a System V heritage use /etc/dfs/dfstab.
Many versions of Unix, including Sun’s SunOS, HP’s HP-UX, SGI’s IRIX, and Linux use the /etc/exports file to designate which clients can mount the server’s filesystem and what access those clients can ...