Well, I run my NFS exports using a configuration similar to this:
The main difference is that all accesses are mapped to the “nobody” account, which shouldn’t be able to mess any system files. To make this work, however, you have to change at least the group (and preferably also the owner) of all files in the share to “nobody”.
(Don’t let the “insecure” parameter scare you - it just means that I allow NFS clients originating from a port above 1024 to access my shares)
If you have created several users, then things get a bit more complicated, but it should also be doable.