At work once someone dockerized a service that needed read access to NFS. The default for a docker image is to run as root, which would mean it was effectively "nobody" when reading over NFS.
For the typical case of world-readable files this was fine. Occasionally someone would feed it a file that was not group-readable but not world-readable and it would error (when it would have worked before).
I suggested printing the error message: "nobody can't read this file" but we solved it in a different way.
Usually, no. NFS defaults to "root_squash," which silently changes UID=0 to the UID of the `nfsnobody` user.
However, in the /etc/exports file, you can (but shouldn't) add the share option "no_root_squash" which disables that.
So, root access is slightly protected. But all other users are wide open.
At work once someone dockerized a service that needed read access to NFS. The default for a docker image is to run as root, which would mean it was effectively "nobody" when reading over NFS.
For the typical case of world-readable files this was fine. Occasionally someone would feed it a file that was not group-readable but not world-readable and it would error (when it would have worked before).
I suggested printing the error message: "nobody can't read this file" but we solved it in a different way.