A Handy NFS Export Trick
While exploring ways to prevent certain network systems from accessing NFS
/etc/exports shares, I discovered the useful trick of using the
netgroup feature hails back to the Network Information Service (NIS) days. To use this feature NIS does not need to be used or enabled.
/etc/netgroup I created two groups:
In each group I itemized the respective network computers.
/etc/exports, rather than use IP addresses or subnets, I configured each share using the
@untrusted options. After restarting services, the designated “untrusted” computers could only find and see the shares identified to that group. The “untrusted” computers could not see any other share.
One caveat I foresee is populating
/etc/netgroup in a large network might be clunky to administer. Nonetheless this seems like a nice trick for small networks.