Restricting Superuser (Root) Access

In general, superuser is not allowed root access to file systems that are shared across the network. Unless the server specifically grants superuser privileges, a user who is logged in as superuser on a client cannot gain root access to files that are remotely mounted on the client. The NFS system implements this strategy by changing the user of the requester to the user, nobody (user ID 60001). The access rights of user nobody are the same as those access rights that are given to the public or a user without credentials. For example, if the public has only execute permission for a file, then user nobody can only execute that file.

An NFS server can grant superuser privileges on a shared file system on a per-host basis by using the root=hostname option to the share command.