A Handy NFS Export Trick

While exploring ways to prevent certain network systems from accessing NFS /etc/exports shares, I discovered the useful trick of using the netgroup feature.

The netgroup feature hails back to the Network Information Service (NIS) days. To use this feature NIS does not need to be used or enabled.

In /etc/netgroup I created two groups:

  • @trusted
  • @untrusted

In each group I itemized the respective network computers.

In /etc/exports, rather than use IP addresses or subnets, I configured each share using the @trusted and @untrusted options. After restarting services, the designated “untrusted” computers could only find and see the shares identified to that group. The “untrusted” computers could not see any other share.

One caveat I foresee is populating /etc/netgroup in a large network might be clunky to administer. Nonetheless this seems like a nice trick for small networks.

Posted: Category: Usability Tagged: General

Next: The Uncomfortable History of Firefox

Previous: Email Overload