Create a root-squashing rule for the default NFS export

By default, the NFS service implements a root-squashing rule for the default NFS export. This rule prevents root users on NFS clients from exercising root privileges on the NFS server.

Procedure

  1. Click Protocols > UNIX Sharing (NFS) > NFS Exports.
  2. Select the default export in the NFS Exports list, and click View/Edit.
  3. In the Root User Mapping area, verify that the default settings are selected. If so, no changes are necessary and you can go to step 7.
  4. Click Edit Export.
  5. Locate the Root User Mapping setting, and then click Use Default to reset to these values:
    User: Map root users to user nobody
    Primary Group: No primary group
    Secondary Groups: No secondary groups
  6. Click Save Changes.
  7. Click Close.

Results

With these settings, regardless of the users' credentials on the NFS client, they would not be able to gain root privileges on the NFS server.