User permissions are often squashed to keep attacks at bay. Another useful tool that can be deployed by NFS is read-only access which allows a user to simply read the document. In this case, the user may not write nor execute any commands. Another great way to thwart attacks is to generate rules using the iptables command allowing access to certain ports in the firewall. Another way to do this is to use the rpcbind command. Because NFS has vulnerabilities it is recommended that the implementation of this protocol should be used on LAN networks only. (Fedora n.d.) There is a two-step authentication process a client must adhere to in order to gain access to a server. First is to gain mount access, after that a client must access the shared file on the directory. Using NFS a user can allow or deny certain ports from being accessed. A host can also use an IP address to allow or deny access using either/etc/hosts.allow or /etc/hosts.deny. In order to keep a server secure and to keep a client from getting root privileges a host can use the root_squash (one of many squash commands) command. This only works if all directories are owned by root and not bin, lib, or any other non-root account or directory. This is because a client can use SU and become any user to gain privileges. Now, this is not to say that the client is completely safe, because a share is a two-way street. A suid account can be created by the host on the client machine to gain access to the client files. This can pose a problem for a user that wants to operate in a secure environment. A user can protect themselves by using the nosuid command. This will not allow the creation of the super user ID and therefore thwart this kind of attack. (tldp.org n.d.)
From time to time a user may experience issues when accessing NFS. This is because Linux comes in many different editions and distributions. A user must remember that after making any changes to /etc/exports the system must be rebooted for those changes to take effect. This is an important step as a wild goose chase for changes may ensue if the restart does not take place. Another problem a user may run into is that of the portmap daemon. On some systems, this