Web Server Administration Chapter 5 Managing a Server

advertisement
Web Server Administration
Chapter 5
Managing a Server
Overview




Understand the Web server
administrator's view of server
management
Examine networking models
Learn how users are authenticated
Manage users and groups
Overview



Manage file system permissions
Share resources in a network
Enforce network policies
Web Administrator's View of
Server Management





Web server software is a product that works
with the operating system
The server computer can run more than one
software product such as e-mail and FTP
With both a LAN and the Web, controlling
access is very important
The Web server can be part of the LAN
Web communication and LAN communication
are different
Microsoft LAN Networking ModelsWorkgroup

Treats each computer in the network as an
equal, or peer


Also called peer-to-peer networking
Each computer is a client and a server


When you allow others to access resources on
your computer, your computer is acting as a
server
When you access resources on another computer,
your computer is acting as a client
Microsoft LAN Networking ModelsWorkgroup


Appropriate for networks with 10 or less
computers
A number of disadvantages



Most users do not want to administer
resources on their computer
Need user names and passwords of users
who need resources
Difficult to keep track of changing
passwords
Microsoft LAN Networking ModelsDomain


One or more servers centralize control
Computers are part of a domain



Single, centralized logon
Single point of control
Users can be given access to resources
anywhere in the domain
Client/Server Networking
Model


Client represents a program such as a
browser or an e-mail client
Server has a corresponding program that
communicates with the client


Server program known as a service in Windows or
a daemon in Linux
Networking in Linux follows the client/server
model

Telnet is used to log on to another computer
Authenticating Users


Process of determining a user's true
identity
Three basic methods



What you know – user name and
passwords
What you have – entry card
Who you are – biometrics
Implementing an
Authentication System


If a Windows network has older
computers running NT, 95, or 98, the
server must use NTLM
It is not as secure as Kerberos, which is
the default for Windows 2000, 2003,
and XP
Managing Users and Groups

Users need accounts to access
resources on a server


On a Web server there is a restricted
account that is used on behalf of Internet
users
In a LAN, users with common resource
needs are put in a group, and the group
is given access to the resource
Managing Users and Groups in
Windows

Windows has an account called system



It represents the operating system and it
has many of the same privileges of the
administrator
Often needed by server programs
Linux typically uses unique accounts for
each daemon
Users and Groups in Windows



Local accounts exist on a single computer and
can be used to control resources only on that
computer
Domain accounts can be used to control
resources on all the computers that are part
of the domain
Active Directory (AD) allows domains to be
grouped into a forest

Microsoft Exchange requires AD
Groups in Windows

Domain local groups have members from the
same domain


Global groups have members from the same
domain


Assign permissions to resources in the same domain
Can be used to assign permissions to resources in any
domain
Universal groups can have members from any
domain

Can be used to assign permissions to resources in any
domain
Users and Groups in Linux

Properties of user accounts
Item
Description
User name
Logon name of the user
Full name
The full name of the user or any comment
Password
The password must be at least six characters
Home directory
The default is /home/username
Group
The default is to create a group with the same name as the user
Login shell
The default is /bin/bash, which determines the characteristic of the
shell environment
File System Permissions



Permission allow you to control access
to the resources on a computer such as
a Web page, a document, or a program
In Windows, the NTFS file system is
required in order to assign permissions
All Linux file systems incorporate
permissions
File System Permissions in
Windows
Permission
Description
Full Control
Full Control includes all other permissions and allows you to take
ownership of the file or folder and change the attributes of a file
Modify
Allows read, write, and delete
Read
With this permission, you can read files but cannot execute them
Write
When set on a file, this permission allows you to write to files; when
set on a folder, you can write to the folder
Read & Execute
Read files and run programs
List Folder Contents
This permission allows you to view the contents of a folder
Special Permissions
(Windows 2003
only)
This is not a specific permission; under the list of permissions for
users, when this permission is checked, it means that this user
has one or more of the 14 individual permissions set
File System Permissions in
Linux
Permission When used with files
type
When used with
directories
Read
Read a file or copy a file
List the contents of a
directory
Write
Write to the file, including deleting
the file
Create files
Execute
Execute programs and shell scripts,
which are text files containing Linux
commands
Modify the file permissions
Linux Permissions


Permissions are set for user, group, and
others
Each permission is set with a single
digit from 0 to 7 based on the
combination of permissions



read = 4
write = 2
execute = 1
Using chmod to Set
Permissions
Command
Permissions
Owner
Group
Other
chmod 755 myfile
rwx
r-x
r-x
chmod 540 myfile
chmod 744 myfile
r-x
rwx
r-r--
--r--
Sharing Resources in a
Windows Network


Shared folders require permissions
When comparing share permissions and
NTFS permissions, the most restrictive
permission takes precedence
Permission
Description
Full Control
Allow files to be added, deleted, changed, and read
Change
Allow existing files to be written to
Read
Can only read files
Enforcing Network Policies



You can control a number of policies in
both Windows and Linux
Windows has many more policies but
the majority are appropriate for LANs
A common policy involves passwords


Number of days before change allowed
Number of days before change required
Summary





The Web server has a guest user account
that is used to access Web pages
Windows LAN models include the workgroup
and domain models
Linux only uses the client/server model
Authentication is based on what you know,
what you have, and who you are
Core of security incorporates users, groups,
and permissions
Download