Why can't root on one machine change nfs mounted content from another machine?

NFS was designed with the idea that user and group ids would be the same on all machines across the network. For ordinary users, that works ok. But root's UID is always 0, and just because you have root on one box, it doesn't mean that you should have root access to every machine on the network.

Therefore, NFS treats root specially. By default, root is mapped to the nobody user, which normally has no write access. The -maproot option allows you to change how root is handled. BSD's -maproot=root corresponds to Linux's no_root_squash option.

That's common behavior with traditional NFS implementations. NFS user mappings are performed irrespective of context, so all accesses by the client root have to be mapped to a particular user (usually nobody by default). Hence this weird behavior, where the client root can't access your files directly, but can su gabe to access them.

(“Recent” versions of NFS, i.e. NFSv4 and perhaps NFSv3, allow saner behavior if supported on both sides, but I don't know the details.)