Samba and NFS need some explanations.

Gordon Messmer yinyang at
Tue Apr 11 18:53:59 UTC 2006

Zane C.B. wrote:
> On Tue, 11 Apr 2006 13:08:10 -0500
> Les Mikesell <lesmikesell at> wrote:
>> Note in particular that anyone who has root access on a client
>> (or can boot a knoppix CD) can pretend to be anyone else in
>> regard to the NFS server file permissions.
> Yup, which is why you only want to use it in secure environments. It is
> great for sharing stuff between servers. You can tell the NFS server to
> remap root, but this largely useless though.

Usually, they're called "trusted" environments, which is different from 
a "secure" environment.  In a traditional NFS environment, you must 
trust each workstation to which you export a filesystem, and to some 
extent, you probably need to trust the users, too.

NFSv4 has made advances in that area, utilizing RPCSEC_GSS to provide 
security in hostile environments (See chapter 11):

Less technical discussion here:

Some interesting Linux-specific configuration documentation here:

More information about the users mailing list