Comment 24 for bug 1979885

I also want to point out that those bind mounts favored by nfs are readable by anyone, eg. user nobody. Even when they are deep-links into some file system supposedly protected by unix permissions

Each bind mount target has to have its permissions set like it’s 1970

chown x.y /mnt/somefs/my-deep-mount-target
chmod … /mnt/somefs/my-deep-mount-target

this can be tested:
/etc.fstab:
/mnt/somefs/my-deep-mount-target /srv/nfs/someshare none bind,defaults,nofail,x-systemd.requires=zfs-mount.service 0 0

mount /srv/nfs/someshare
sudo --user nobody ls /srv/nfs/someshare