Embed Size (px)
Citation preview
Web Server Administration
Chapter 5Managing a Server
Overview
Understand the Web server administrator's view of server management
Examine networking models Learn how users are authenticated Manage users and groups
Overview
Manage file system permissions Share resources in a network Enforce network policies
Web Administrator's View of Server Management Web server software is a product that works
with the operating system The server computer can run more than one
software product such as e-mail and FTP With both a LAN and the Web, controlling
access is very important The Web server can be part of the LAN Web communication and LAN communication
are different
Microsoft LAN Networking Models-Workgroup
Treats each computer in the network as an equal, or peer Also called peer-to-peer networking
Each computer is a client and a server When you allow others to access resources on
your computer, your computer is acting as a server
When you access resources on another computer, your computer is acting as a client
Microsoft LAN Networking Models-Workgroup
Appropriate for networks with 10 or less computers
A number of disadvantages Most users do not want to administer
resources on their computer Need user names and passwords of users
who need resources Difficult to keep track of changing
passwords
Microsoft LAN Networking Models-Domain
One or more servers centralize control Computers are part of a domain
Single, centralized logon Single point of control Users can be given access to resources
anywhere in the domain
Client/Server Networking Model Client represents a program such as a
browser or an e-mail client Server has a corresponding program that
communicates with the client Server program known as a service in Windows or
a daemon in Linux Networking in Linux follows the client/server
model Telnet is used to log on to another computer
Authenticating Users
Process of determining a user's true identity
Three basic methods What you know – user name and
passwords What you have – entry card Who you are – biometrics
Implementing an Authentication System
If a Windows network has older computers running NT, 95, or 98, the server must use NTLM
It is not as secure as Kerberos, which is the default for Windows 2000, 2003, and XP
Managing Users and Groups
Users need accounts to access resources on a server On a Web server there is a restricted
account that is used on behalf of Internet users
In a LAN, users with common resource needs are put in a group, and the group is given access to the resource
Managing Users and Groups in Windows
Windows has an account called system It represents the operating system and it
has many of the same privileges of the administrator
Often needed by server programs Linux typically uses unique accounts for
each daemon
Users and Groups in Windows Local accounts exist on a single computer and
can be used to control resources only on that computer
Domain accounts can be used to control resources on all the computers that are part of the domain
Active Directory (AD) allows domains to be grouped into a forest Microsoft Exchange requires AD
Groups in Windows Domain local groups have members from the
same domain Assign permissions to resources in the same domain
Global groups have members from the same domain Can be used to assign permissions to resources in any
domain Universal groups can have members from any
domain Can be used to assign permissions to resources in any
domain
Users and Groups in Linux Properties of user accounts
The default is /bin/bash, which determines the characteristic of the shell environment
Login shell
The default is to create a group with the same name as the userGroup
The default is /home/usernameHome directory
The password must be at least six charactersPassword
The full name of the user or any commentFull name
Logon name of the userUser name
DescriptionItem
File System Permissions Permission allow you to control access
to the resources on a computer such as a Web page, a document, or a program
In Windows, the NTFS file system is required in order to assign permissions
All Linux file systems incorporate permissions
File System Permissions in Windows
This is not a specific permission; under the list of permissions for users, when this permission is checked, it means that this user has one or more of the 14 individual permissions set
Special Permissions(Windows 2003
only)
This permission allows you to view the contents of a folderList Folder Contents
Read files and run programsRead & Execute
When set on a file, this permission allows you to write to files; when set on a folder, you can write to the folder
Write
With this permission, you can read files but cannot execute themRead
Allows read, write, and deleteModify
Full Control includes all other permissions and allows you to take ownership of the file or folder and change the attributes of a file
Full Control
DescriptionPermission
File System Permissions in Linux
Modify the file permissionsExecute programs and shell scripts, which are text files containing Linux commands
Execute
Create filesWrite to the file, including deleting the file
Write
List the contents of a directory
Read a file or copy a fileRead
When used with directories
When used with filesPermissiontype
Linux Permissions Permissions are set for user, group, and
others Each permission is set with a single
digit from 0 to 7 based on the combination of permissions read = 4 write = 2 execute = 1
Using chmod to Set Permissions
r--r--rwxchmod 744 myfile
---r--r-xchmod 540 myfile
r-xr-xrwxchmod 755 myfile
OtherGroupOwner
PermissionsCommand
Sharing Resources in a Windows Network
Shared folders require permissions When comparing share permissions and
NTFS permissions, the most restrictive permission takes precedence
Can only read filesRead
Allow existing files to be written toChange
Allow files to be added, deleted, changed, and readFull Control
DescriptionPermission
Enforcing Network Policies
You can control a number of policies in both Windows and Linux
Windows has many more policies but the majority are appropriate for LANs
A common policy involves passwords Number of days before change allowed Number of days before change required
Summary The Web server has a guest user account
that is used to access Web pages Windows LAN models include the workgroup
and domain models Linux only uses the client/server model Authentication is based on what you know,
what you have, and who you are Core of security incorporates users, groups,
and permissions
