I'm not perfectly sure if this is a bug or a feature. If it's a feature: sorry for the noise.
I found some behavior of nfsv4 using no_root_quash: it only works with exported directories exported as bind mounts, but not for "real" directories.
E. g., I use the following exports:
# cat /etc/exports
after mounting them ...
# mkdir /mnt/1 /mnt/2
# mount.nfs4 skoni:/1 /mnt/1 -o rw,vers=4,_netdev
# mount.nfs4 skoni:/2 /mnt/2 -o rw,vers=4,_netdev
... they look identical ...
# mount | grep mnt
skoni:/1 on /mnt/1 type nfs4 (rw,vers=4,addr=192.168.178.80,clientaddr=192.168.178.80,_netdev)
skoni:/2 on /mnt/2 type nfs4 (rw,vers=4,addr=192.168.178.80,clientaddr=192.168.178.80,_netdev)
... but I have only root write access to the first one:
# touch /mnt/1/foo
# touch /mnt/2/foo
touch: cannot touch '/mnt/2/foo': Permission denied
The only difference is that mount 1 is a bind mount and mount 2 is a normal directory:
# mount | grep /srv
/var/tmp/1 on /srv/nfs/1 type none (rw,bind)
Is this intended behavior or is this a bug?
If /srv/nfs/1 is just subdirectory of /srv/nfs, then this is 100% expected and documented behaviour.
Please see the section on 'no_subtree_check' in the 'exports' manpage.
Sorry. I mean 'if /srv/nfs/2 is just a subdirectory'...
Okay, then I simply didn't understand the docs correctly and this is not a bug. As said, sorry for the noise ;-)