SYSTEM ADMINISTRATION Chapter 14 Network Operating Systems UNIX/Linux • UNIX is one of the oldest of the network operating systems, built more than 30 years ago. • The development of UNIX was based on three criteria: • It had to simple and elegant. • It had to be written in a high-level programming language. • It had to allow for reuse of code. • The original developers at Bell Labs met all three criteria. • Because of the antitrust laws of the 1970s, Bell Labs could not profit from the sale of the computers and hardware. They allowed the source code to be distributed for a small licensing fee. (continued) UNIX/Linux (continued) • Developers at the University of California-Berkeley enhanced the original source code and expanded the OS to include a TCP/IP subsystem. This version of UNIX became known as BSD (Berkeley Software Distribution) UNIX. • Two organizations share the management and ownership of UNIX today. The Santa Cruz Operation (SCO) owns the rights to the source code, and can distribute it as it sees fit. The Open Group owns the UNIX trademark. The Open Group must test and verify the source code before any other entity can market a new version with the UNIX name. (continued) UNIX/Linux (continued) • Two types of code exist: proprietary and open source. – Proprietary code gives administrators the confidence that the version of UNIX they are using will do what the code was designed to do and that the developers of that particular version can be held accountable for the function of the operating system. – Open source UNIX allows any organization to create UNIX-like OS’s such as Linux and GNU. There is no generalized support or accountability with open source UNIX. Disaster Planning • UNIX has three basic components: the kernel, the shell, and the applications. • Many of the UNIX commands seem cryptic. Some of the more common commands are: • ls • cat file • who • grep – When using the ls command to list files, the display will include the name, size of the file, a numeric identifier for the owner, and the access rights for users and groups. Security • UNIX uses file and directory rights to restrict access to resources. • Rights are assigned to users, groups, or anyone. • The rights employed by UNIX are: – Read – Write – Execute • In order to modify the rights to a file or directory, the chmod utility is executed against the file or directory, usually with one or more symbols or switches. Samba • Samba is the application that gives UNIX the ability to see and use NetBIOS resources and talk to Windows operating systems. • This interoperability is provided by CIFS and SMB. • The four services Samba provides are: – File and print services – Authentication and authorization – Name resolution – Service announcement (browsing) • Samba and UNIX use applications called daemons to provide these services. NetWare • NetWare is a network operating system that was developed in the late 1980s. • Many versions of NetWare are in use today. NetWare 3.12/3.2 • NetWare 3.12/3.2 is based on a bindery that maintains information about users and groups. The three files that comprise the bindery are the NET$OBJ, NET$PROP, and NET$VAL. • NetWare requires software on the client machine to access the resources of the network. • The workstation operating systems that are compatible with NetWare client software are DOS, Windows 9.X, Windows NT, Windows 2000, Windows XP, and Macintosh. (continued) NetWare 3.12/3.2 (continued) • Special pieces of software run on the NetWare server, called NetWare Loadable Modules (NLMs). Most NLMs have an extension of “.NLM”, but some are very specialized. The different types of NLMs are: – .DSK – .NAM – .LAN Novell Directory Services (NDS) • Novell Directory Services is an X.500 standard directory service environment built by Novell in about 1994. • The NDS uses containers to hold leaf objects or other containers. This is the logical organization of the NDS. • The containers that are supported by NDS include the [ROOT], the Organization, and the Organizational Unit. • To manage the objects of the NDS, the administrator will use the NWAdmin utility. (continued) NDS (continued) • The Monitor utility is loaded at the server. It keeps track of things like number of users logged in, remaining physical memory, and the state of the available file storage space. • The NDS database is maintained much like the DNS database of the Internet. Copies of portions of the database can be stored on different servers, providing fault tolerance to the NDS. That is called partitioning. NetWare 4.1 • The release of NetWare 4.1 included three new features: – NetWare Application Launcher (NAL) – Support for thousands of connections per server – The NWAdmin utility • NetWare 4.1 was the first fully functional version of the NDS. NetWare 4.11 (IntraNetWare) • NetWare 4.11 is also called IntraNetWare because it was the first version to include Web server and ftp applications, making the intranet a reality. • DNS and DHCP services were also included in this version. NetWare 5.0 • With this version, Novell introduced Pure IP, a real, much more generic TCP/IP protocol stack for NetWare products. This made NetWare a more attractive commodity because now administrators only needed to run one protocol on the network (TCP/IP) and all clients and servers could talk to each other. • Additional features of this version include: – Long file name support by default – ConsoleOne, a Java-based management utility – Network Address Translation (NAT) – NetWare Distributed Print Services (NDPS) NetWare 5.1 • This version did not make major changes to the NOS or to NDS. • One new option that was added was the NetWare Management Portal, which allows browser-based management of the NDS and resources. NetWare 6.0 • Novell has taken NetWare 6.0 into the global market with several new features and tools. • The eDirectory is a stand-alone, cross-platform directory service that is the foundation for a global directory service. • iPrint and iFolder support the anytime, anywhere user access to NetWare resources. • DNS/DHCP now have Web-based management utilities that only require a browser interface and no longer require specific client software. Security • Novell uses four levels of security: login, rights, attribute, and file server. • Login security pertains to the password policies required by the business operation. • Rights security is used to control access to files and directories. The file and directory rights include: • Supervisor • Write • File Scan • Read • Create • Modify • Erase • Access Control (continued) Security (continued) • Novell uses a philosophy that says users shouldn’t have access to a resource until they are given that access. • Rights in NetWare file systems are inherited. – Rights will flow down the directory and file tree until they are stopped or until they have reached a terminal file. • Attribute security supersedes any file and directory rights. – Attributes are special settings that control what can be done with the file or directory. • File server security refers to the physical safety of the file servers. – Physical safety includes preventing access by unauthorized people as well as climate control and availability of proper fire extinguishers. Windows • The Windows family of operating systems dates back to 1990, when Windows 3.0 was released as a desktop operating system. • Enhancements to the product include Windows 3.1, 3.11, Windows 95, Windows 98, Windows ME, the development of the NT products, Windows 2000, and Windows XP. • Microsoft was also developing the server products through the development cycle of the workstation products. • Windows NT server (version 3.1) was first released in 1993, followed closely by NT 3.5 and NT 3.51. • In 1996, NT 4.0 was released, followed by Windows 2000 server. NT 4.0 • NT 4.0 stabilized the NT product. • It enhanced the domain environment from earlier products • NT uses a master domain model in which one domain maintains user accounts, and one server, the primary domain controller (PDC), holds the only read-write copy of the domain database. • Backup domain controllers (BDCs) store a read-only copy of the database and they get their updates from the PDC. (continued) NT4.0 (continued) • NT 4.0 is a full 32-bit operating system. • Applications running in 32-bit are maintained in a memory space that is separate from any other 32-bit application. If one 32-bit application fails, the others stay up and running, but the administrator can shut down just the offending application. (continued) NT 4.0 (continued) • Microsoft tools for Novell include: • Client Services for NetWare (CSNW) • Gateway Services for NetWare (GSNW) – GSNW, loaded at the NT 4.0 server, allows NetWare resources be accessed as if they were part of the NT server. • Through service packs and option packs, new features and tools are added to the NT 4.0 operating system. – Option Pack 4 added a stable Web and FTP server product to NT, a Web server management utility called Site Server Express, and the Certificate Server product to support advanced security. Windows 2000/Active Directory Services (ADS) • Windows 2000 and the Active Directory Services (ADS) conform to the X.500 standards for directory services environments. • ADS uses the domain name system naming convention to uniquely identify objects within the ADS. • ADS distributes the information about objects in the database across multiple AD servers. This provides fault tolerance for the database, and makes this model a multimaster system (no one server is in charge). (continued) Windows 2000/Active Directory Services (ADS) (continued) • The objects used by ADS include the domain, the tree, the forest, and the organizational unit. • The domain is a security boundary because the password policy affects all objects in the domain, but not outside the domain. The password policy is set at the domain level and will be applied to all objects regardless of their organizational unit membership. (continued) Windows 2000/Active Directory Services (ADS) (continued) • A tree is a set of domains that share a contiguous name space. • A forest is a set of trees that share the same schema for the database. • Some of the new features of Windows 2000, besides the Active Directory, include enhanced installation services, Dynamic DNS to support the Active Directory, encryption of files at the storage point, the MMC, and enhanced routing and remote access services. Security • Security in Windows 2000 is managed at two levels: Group policy settings and file and folder security. • Group Policy can be applied at the site, domain, or organizational unit level. • Group Policy does not “tattoo” the registry of the machine. Rather, the settings are session-specific and can be refreshed if there is a policy change during a session. File and Folder Permissions • Windows 2000 uses NTFS permissions at the folder or file level to give access to resources. The permissions available for folders include: • • • • • • Full Control Modify Read and Execute List Folder Contents Read Write • File permissions include: • • • • • Full Control Modify Read and Execute Read Write Permission Management • NTFS permissions apply when the user is sitting at the resource (the local machine) and accessing resources. • When users access resources across the network, share permissions are assigned and combined with the NTFS permissions for the effective permissions to the resource. Share permissions are: • Full Control • Read • Change • Each NTFS and share permission has both an “allow” and a “deny” option. • Auditing allows the administrator to keep track of access to resources. Macintosh • The history of the Macintosh goes back to 1983 when the Lisa computer and LisaDesk operating system were released. • The Macintosh operating system is a very userfriendly OS that is used by artists, graphic artists, and the education community. • The most recent version of the operating system is Mac OS X. Apple integrated a UNIX-based kernel in this recent version. (continued) Macintosh (continued) • Mac computers and the operating system function with both the AppleTalk protocol and TCP/IP, making them able to coexist on a network. • Many network operating systems include software add-ins or clients to allow Macintosh machines to communicate with and use resources from NetWare and Windows servers. (continued) Macintosh (continued) • The Mac environment does not support a classic server element, but does have server services for the sharing of resources among the network users. • Security for the Mac includes local user account security. • Non-critical services are turned off by default with the Mac OS, thus preventing accidental weak portals into the network.