5.4.3. Do Not Use the no_root_squash Option
By default, NFS shares change the root user to the
nfsnobody
user, an unprivileged user account. In this way, all root-created files are owned by nfsnobody
, which prevents uploading of programs with the setuid bit set.
If
no_root_squash
is used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.