>People can read and write your disk. In addition, anyone with access >to your network can spoof NFS packets and either interfere with your >view of whats on the disk or with the server's idea of what you are >attempting to write (or read). The latter portion should be obvious - - >its easy to mount an active attack on a udp based protocol A while back I saw some discussion about NFS using tcp instead of udp. Would this make things any more secure? Yes, considerably; it's much harder (though by no means impossible) to butt in to the middle of a TCP session. (Advt.) In our book, Bill Cheswick and I describe a proxy NFS setup, using TCP, a user-level NFS server, and chroot. 4.4bsd and Sun's NFS Version 3 support NFS over TCP; Linux has a user-level server. It's not hard to put the pieces together to do things that way, but it's not standard yet. --Steve Bellovin