While configuring NFS mounts to access HDFS as a part of local FS, we do tend to control the access using nfs proxies as shown below,
The 'nfsserver' user is allowed to proxy all members of the
'nfs-users1' and 'nfs-users2' groups. Set this to '*' to allow
nfsserver user to proxy any group.
This is the host where the nfs gateway is running. Set this to
'*' to allow requests from any hosts to be proxied.
However, a user who has access to NFS server would be able to access (view) the HDFS file system even if they are not part of "hadoop.proxyuser.nfsserver.groups" and "hadoop.proxyuser.nfsserver.hosts" . This may be a security flaw in certain scenarios,
This is due to a property, "nfs.exports.allowed.hosts" which is used to allow the access to the HDFS from the hosts.
Make sure the desired hosts and permissions are assigned to HDFS.
Permissions for the property can be defined as below,