NFS Security and Performance optimization

Security
  • In NFSv2 and NFSv3, file access is based on UID and GID, therefore, clients should be trusted hosts.
  • Restrict remote access to a portmapper via tcp_wrappers:
    in /etc/hosts.deny 
    portmap: ALL
    In /etc/hosts.allow 
    portmap: 192.168.5.1 , 192.168.1.
  • Do not use no_root_squash in export options

  • Use nosuid and nodev mounting options
  • More detailes on security: Sec. 6 NFS-HOWTO


    • Performance optimization
  • On an NFS server: optimize number of concurently running nfsd daemons.

  • On an NFS client: optimize wsize and rsize blocks for write/read performance.

  • More details on optimization: Sec. 5 NFS-HOWTO

    • Previous Pageprevious First Pagetop Next Pagenext