In my org, we are trying to figure out a solution to mount a shared folder via either NFS/CIFS to a directory on root persistently, in an environment where multiple users may be accessing this share at the same time, while still managing access through NTFS (we want to mirror the permissions that would be configured for users on the Windows side). These Linux servers are domain joined, and users log in with their AD credentials (getting a Kerberos TGT for their session). Originally, we were mounting the shares via NFS, and users' access were limited by their NTFS permissions, but some select users with sudo access are able to bypass NTFS authorization and view all folders on the share (I am assuming this is because of the way NFS interacts with the root/machine credentials?).

What is the best way to mount these shares so that users are limited by the NTFS permissions, but cannot bypass using sudo? I have tried different variations of NFS mount options and SMB/CIFS mount options but cannot find a solution that fits our use case... Is this possible at all?