LinkedInGitHubYouTube

Configure root squash settings for NFS Azure file shares

Summary β€” Configure root squash for Azure Files

What root squash is

  • Root squash is an NFS server-side security feature that maps client root (UID/GID 0) to an anonymous, less-privileged user on the server. It prevents clients with root privileges from gaining root-level access on the NFS server and helps protect files and system settings from untrusted or compromised clients.

  • Permissions for NFS shares are enforced by the client OS; root squash is an administrative control you enable on the server-side NFS share to limit root access.

  • Root squash is important when multiple users or untrusted machines access the same NFS share.

Applies to

  • See the original "Applies to" table: https://docs.azure.cn/en-us/storage/files/nfs-root-squash?tabs=azure-portal#applies-to

How root squash works with Azure Files

  • When enabled, root requests (UID/GID 0) are re-mapped to the anonymous UID/GID on the server (e.g., 65534).

  • Root squash is not enabled by default for NFS Azure file shares; you must enable it when creating a share or change it later.

  • More details: https://docs.azure.cn/en-us/storage/files/nfs-root-squash?tabs=azure-portal#how-root-squash-works-with-azure-files

Root squash settings (options)

  • No root squash: do not remap UIDs/GIDs (default when creating a new NFS Azure file share). Useful for diskless clients or specific workloads that require preserved root identity.

  • Root squash: map UID/GID 0 to the anonymous UID/GID (typical NFS default behavior).

  • All squash: map all UIDs/GIDs to the anonymous UID/GID (useful for read-only or highly restricted scenarios).

Observed UID behavior examples (server-side)

  • root_squash: client 0 -> server 65534; client 1000 -> server 1000

  • no_root_squash: client 0 -> server 0; client 1000 -> server 1000

  • all_squash: client 0 -> server 65534; client 1000 -> server 65534

Configure root squash on an existing NFS file share

  • You can configure root squash via the Azure portal, Azure PowerShell, or Azure CLI.

  • Portal, PowerShell, and CLI reference: https://docs.azure.cn/en-us/storage/files/nfs-root-squash?tabs=azure-portal#configure-root-squash-on-an-existing-nfs-file-share

Configuration steps

1

Azure portal

  1. Sign in to the Azure portal and open the FileStorage storage account that contains the NFS file share.

  2. Under Data storage, select File shares and choose the file share to modify.

  3. Select Properties and toggle the Root squash setting to the desired option.

  4. Select Save to apply the change.

(Screenshot and portal guidance: https://docs.azure.cn/en-us/storage/files/nfs-root-squash?tabs=azure-portal#tabpanel_1_azure-portal)

2

Azure PowerShell

  1. Sign in and select your subscription:

  1. Enable root squash:

  1. Disable root squash:

  1. Force squash for all users:

  1. View the root squash property:

3

Azure CLI

  1. Sign in and set your subscription:

  1. Enable root squash:

  1. Disable root squash:

  1. Force squash for all users:

  1. View the share properties:

References and further reading

  • Full article: https://docs.azure.cn/en-us/storage/files/nfs-root-squash?tabs=azure-portal

  • Related: NFS Azure file shares β€” https://docs.azure.cn/en-us/storage/files/files-nfs-protocol

Last updated in the source: 09/16/2025

If you want, I can produce a single-page quick reference (one-line commands for PowerShell and CLI) or an example scenario recommending which root squash setting to choose. Which would you prefer?

PreviousEnable AD DS Authentication for Azure FilesNextMicrosoft Entra Kerberos Authentication for Azure Files

Was this helpful?