[NCLUG] securing NFS

[Mark Fassler]

I would like to setup a server provide anonymous, read-only NFS access to 
a directory.  A few other servers will mount this directory.  

Access will, in practice, be limited to a very few trusted clients; 
however, I don't want to make the assumption that the clients are trusted 
(if someone compromises one system, I don't want to make it easy for them 
to compromise the NFS server).  

I was thinking of chroot'ing the whole NFS server and, of course, making 
the exported directory read-only.  

Does anyone have experience with this?  Is this a reasonable way to go 
about this?  Are there any other networked file systems with a more 
reliable history than NFS?  Is there a way to "mount" an FTP-based "file 
system"?

--
Mark Fassler
fassler at monkeysoft.net