[nine_k]

Does this mean that I can connect to an NFS server saying my UID=0 and get local root?

[mmh0000]

Usually, no. NFS defaults to "root_squash," which silently changes UID=0 to the UID of the `nfsnobody` user.

However, in the /etc/exports file, you can (but shouldn't) add the share option "no_root_squash" which disables that.

So, root access is slightly protected. But all other users are wide open.

[aidenn0]

At work once someone dockerized a service that needed read access to NFS. The default for a docker image is to run as root, which would mean it was effectively "nobody" when reading over NFS.

For the typical case of world-readable files this was fine. Occasionally someone would feed it a file that was not group-readable but not world-readable and it would error (when it would have worked before).

I suggested printing the error message: "nobody can't read this file" but we solved it in a different way.