NFS is a very widely-used file sharing protocol. It allows servers
running nfsd
and mountd
to "export" entire filesystems
to other machines using NFS filesystem support built in to their kernels
(or some other client support if they are not Linux machines).
mountd
keeps track of mounted filesystems in /etc/mtab
,
and can display them with showmount
.
Many sites use NFS to serve home directories to users, so that no matter what machine in the cluster they login to, they will have all their home files.
There is some small amount of security allowed in exporting
filesystems. You can make your nfsd
map the remote root user (uid=0)
to the nobody
user, denying them total access to the files
exported. However, since individual users have access to their own (or
at least the same uid) files, the remote root user can login or su
to
their account and have total access to their files. This is only a
small hindrance to an attacker that has access to mount your remote
filesystems.
If you must use NFS, make sure you export to only those machines that you really need to. Never export your entire root directory; export only directories you need to export.
See the NFS HOWTO for more information on NFS, available at http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html