[vpn] Re: vpn nfs (fwd)

dgillett at deepforest.org dgillett at deepforest.org
Mon Oct 22 17:00:10 EDT 2001

On 20 Oct 2001, at 11:42, AlanCB wrote:

> My problem:
> The users should have r+w perms on their own directories only, and
> r only on the software dir. Instead of setting multiple permissions
> on the NFS server, which is basically impossible, I need a way of
> setting permissions on my vpn gateway. With your experience, is
> there a tool or method you know of which enables this ? A blunt
> question, I know, however I'd much appreciate your help.

  It may just be that there are subtleties of NFS that I'm not aware 
of, but generally VPN implementations tend to look like bridges or 
routers (layer 2 or layer 3 services) overlayed on top of some other 
network/transport implementation (usually layer 3/4, occasionally 
perhaps higher if only a higher-level interface to the network is 

  Now there are arguments to be made as to whether directories and 
perms are implemented at the presentation (6) or application (7) 
layer, but in either case they fall well outside the scope that any 
VPN i'm familiar with addresses.

  It sounds to me like what you want is a proxy (layer 6/7) that 
implements and enforces the perms that are "basically impossible" on 
your NFS server, and some mechanism to force even local clients to go 
through that proxy to get to NFS mounts.  There may be ways to use 
VPN products to force the routing you want, but I don't know of 
anything that addresses the perms/proxy issues -- and if such a 
product exists, I don't think it's likely to be labelled as anything 
to do with VPNs.

  I realize that this answer is not all that helpful, except possibly 
in clarifying either what you need -- or how I've failed to 
understand what you need.  (I've seen no other answers, so others may 
be similarly confused.)

Dave Gillett


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list