Show Table of Contents
5.4.3. Do Not Use the no_root_squash Option
By default, NFS shares change the root user to the
nfsnobodyuser, an unprivileged user account. In this way, all root-created files are owned by
nfsnobody, which prevents uploading of programs with the setuid bit set.
no_root_squashis used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.