On the client we can decide that we don't want to trust the server
too much a couple of ways with options to mount. For example we can
forbid suid programs to work off the NFS file system with the
nosuid
option. This is a good idea and you should consider using
this with all NFS mounted disks. It means that the server's root user
cannot make a suid-root program on the file system, log in to the
client as a normal user and then use the suid-root program to become
root on the client too. We could also forbid execution of files on
the mounted file system altogether with the noexec
option. But
this is more likely to be impractical than nosuid
since a file
system is likely to at least contain some scripts or programs
that needs to be executed. You enter these options in the options
column, with the rsize
and wsize
, separated by commas.