Bug #243
Problems Synchronizing Web Site Files To Central NFS Server
Description
While moving web site files to the central NFS server, I kept getting permission denied errors while changing ownership of files. I managed to find a work around for this, I needed to add the no_root_squash option to the NFS share being exported.
By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. In this way, all root-created files are owned by nfsnobody, which prevents uploading of programs with the setuid bit set.
If no_root_squash is used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.
I use FreeNAS, so I cannot just edit files willy-nilly on the filesystem. However, there is an option in its web GUI that allows this option to be setup. From the web GUI, go to Sharing -> Unix(NFS) Shares -> ShareName and set the Mapall User to root