1 / 99

Resource Sharing Over a Network

Resource Sharing Over a Network. Guide to Operating Systems Second Edition. Objectives. After reading this chapter and completing the exercises you will be able to: Explain the principles behind sharing disks and files on a network

callie-sweet
Télécharger la présentation

Resource Sharing Over a Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Resource Sharing Over a Network Guide to Operating Systems Second Edition Chapter 9

  2. Objectives After reading this chapter and completing the exercises you will be able to: • Explain the principles behind sharing disks and files on a network • Set up accounts, groups, security, and disk and file sharing on network server operating systems Chapter 9

  3. Objectives After reading this chapter and completing the exercises you will be able to: • Set up disk and file sharing on client operating systems • Set up printer sharing on server and client operating systems • Discuss how network and Internet servers are used for vast information-sharing networks Chapter 9

  4. Sharing Disks, Files and Printers • Sharing files was one of the first reasons for linking a workstation’s operating system onto a network, and it remains one of the most important reasons for networking • In terms of network operating systems, NetWare was early on the scene at the start of the 1980s to enable file sharing through a server • This was possible through two methods: (1) by downloading a file from a file server to a workstation, and (2) by purchasing third-party software to create a special shared drive for other computers or workstations to access over a network Chapter 9

  5. Sharing Disks, Files and Printers • Downloading a file directly from a file server was one of the first methods for sharing files, and was incorporated in the first version of NetWare • The concept of sharing resources quickly blossomed into other ways to access files, such as making shared drives available on a network, and making each shared drive look just like another local drive at the client • When a workstation accesses a shared drive, the process is called mapping Chapter 9

  6. Sharing Disks, Files and Printers • Mapping is a software process that enables a client workstation to attach to the shared drive of another workstation or server, and assign it a drive letter • The network drive that is attached is called a mapped drive in Windows-based operating systems • In the Mac OS, a mapped drive is called a mounted volume Chapter 9

  7. Securing Shared Resources • Sharing disks, files, and printers is a potential security risk because it is then possible for non-authorized users to access a file or use a printer • Fortunately, all of the operating systems discussed in this book offer security measures for protecting shared resources Chapter 9

  8. Securing Shared Resources • Access to a file, directory, or disk can be denied to those who are not authorized • Access to a shared network printer can be given to only a specific group of people • Also, permission to manage print jobs, such as to delete or prioritize the jobs submitted by coworkers, can be granted only to one or two qualified people who have the responsibility Chapter 9

  9. Sharing Disks and Files Through Server Network Operating Systems • Windows NT Server, Windows 2000 Server, Windows .NET Server, UNIX, Mac OS X Server, and NetWare are prime examples of server network operating systems that can share disks and files over a network • Further, each operating system enables the network administrator to establish security through techniques such as assigning accounts, account passwords, groups, and access privileges Chapter 9

  10. Windows NT Server • Windows NT Server uses accounts, groups, and permissions; in this respect, it is similar to UNIX and NetWare • The steps involved in sharing Windows NT Server resources over a network include setting up the following: • Groups – Account policies • User accounts – Permissions • Shared disk and folders Chapter 9

  11. Windows NT Server • With Windows NT Server, you use groups to manage resources and permissions to resources in a way that is similar to NetWare and UNIX • Windows NT Server employs two kinds of groups: local and global • A local group is generally used to manage resources such as shared disks, folders, files, and printers Chapter 9

  12. Managing Shared Resources Using Local and Global Groups Chapter 9

  13. Windows NT Server • A global group typically consists of user accounts, and can be made a member of a local group that is in the same or a different domain • A domain is a grouping of servers in a particular geographic area, business unit, department, or other functional area • The process of controlling shared resources in Windows NT involves creating the resource, such as a shared folder, and then creating a local group that has specific permissions to that shared resource Chapter 9

  14. Windows NT Server • Finally, a global group is created and user accounts are added to that global group, which is then designated as a member of an appropriate local group • The headquarters domain that contains the global group for managers is designated as a trusted domain, which means that it is granted access to the resources in each of the other domains • Also, the four other domains are designated as trusting domains, which means that they grant permission to the headquarters domain to access their resources Chapter 9

  15. Windows NT Server • Global and local groups are created by using the GUI tool, User Manager for Domains, in Windows NT Server • Figure 9-2 illustrates the Windows NT dialog box that is used to create a new global group Chapter 9

  16. Windows NT Server • User accounts are also created through the User Manager for Domains • Windows NT Server uses account policies and restrictions, as does NetWare, which accomplish many of the same ends as follows: • Require a password • Set a minimum password length • Require that a password is changed within a specified interval • Require that a new password is used each time the old one is changed Chapter 9

  17. Windows NT Server • Limit the number of unsuccessful attempts to log onto an account • Set time restrictions that specify when users can log on • Set intruder detection capabilities • Specify from which workstations an account can be accessed • Control remote access to a server, such over as a dial-up line Chapter 9

  18. Windows NT Server • As is true for UNIX and NetWare, access privileges (permissions) are associated with Windows NT Server disks, folders, and files • Windows NT Server recognizes two main file systems, FAT16 and the NT File System (NTFS) Chapter 9

  19. Attributes and File Permissions Compared Chapter 9

  20. Attributes and File Permissions Compared Chapter 9

  21. Attributes and File Permissions Compared Chapter 9

  22. Windows NT Server • After groups, user accounts, and permissions are set up in Windows NT Server, disk volumes, folders, and files can be accessed through the network by creating shares • A share is an object—a disk or folder, for example—that is given a name and made visible to network users, such as through Network Neighborhood in Windows 95, 98, and NT, or My Network Places in Windows 2000 and XP • A disk or folder is shared through its properties Chapter 9

  23. Windows NT Server • Figure 9-4 illustrates the sharing properties for a folder called “Public” • One of the problems associated with permissions is that there can be permission conflicts, such as between the NTFS permissions granted to a user account, and those granted to a group to which the user belongs Chapter 9

  24. Windows NT Server • Or, there can be a conflict between the NTFS permission granted to a user or group and the share permissions granted to the same user or group • When you assign or troubleshoot permissions, remember that NTFS permissions are cumulative with one another (accept for No Access), but share permissions are not cumulative with NTFS permissions Chapter 9

  25. Windows NT Server • NTFS and share permissions on the same folder are not cumulative, however • A summary of the permissions rules are: • NTFS permissions are cumulative, with the exception that if an account or group is given No Access, this overrides other permissions • When a folder has both NTFS and share permissions, the most restrictive permissions apply Chapter 9

  26. Windows NT Server • There are only four share permissions, as follows: • No Access: The specified groups and users have no access • Read: The specified groups and users can read and execute files • Change: The specified groups and users can read, add, modify, execute, and delete files • Full Control: The specified groups and users have full access to the files and folders, including the ability to take ownership or change permissions Chapter 9

  27. Windows 2000 Server • Windows 2000 Server is similar to Windows NT Server in that it uses groups, account policies, user accounts, permissions, and shared disks and folders to offer resources over a network • The principles for how you use these elements are the same in Windows 2000, but new features are added because Windows 2000 can deploy Active Directory • When Active Directory is not implemented in Windows 2000 Server, the scope of resources is limited to the standalone server, and only local groups are created Chapter 9

  28. Windows 2000 Server • In contrast, the implementation of Active Directory increases the scope from a local server or domain to all domains in a forest • The types of groups and their associated scopes are as follows: • Local • Domain local • Global • Universal Chapter 9

  29. Windows 2000 Server • In Windows 2000, all of these groups are defined as security or distribution groups • Security groups are used to enable access to resources on a standalone server or in Active Directory • Distribution groups are used for e-mail or telephone lists, to provide quick, mass distribution of information • When Active Directory is implemented, Windows 2000 Server adds the ability to have container objects that are larger than domains: trees and forests Chapter 9

  30. Windows 2000 Server • A container object is an entity that is used to group together resources in a directory service, such as Microsoft’s Active Directory • A tree consists of one or more domains, and a forest houses one or more trees • When Active Directory is not installed, you create a local group or a user account by right-clicking My Computer on the desktop, clicking Manage, and clicking Local Users and Groups Chapter 9

  31. Windows 2000 Server • Figure 9-5 illustrates how to use the Active Directory Users and Computers tool to create a new global security group • In Windows 2000 Server with Active Directory installed, access rights and account policies are set up through group policies that can apply to a local server, a domain, or an entire tree of domains Chapter 9

  32. Windows 2000 Server • Before any accounts are created, it is wise to establish the account policies, such as for a domain • You can set account policies that are similar to Windows NT Server 4.0, but in Windows 2000 Server, there are more options, which are grouped in three categories: • Password Policy • Account Lockout Policy • Kerberos Policy Chapter 9

  33. Windows 2000 Account Policies Chapter 9

  34. Setting NTFS Permissions in Windows 2000 Chapter 9

  35. Windows 2000 NTFS Folder and File Permissions Chapter 9

  36. Windows 2000 Server • The available share permissions are: • Read: permits groups or users to read and execute files • Change: enables users to read, add, modify, execute, and delete files • Full Control: provides full access to the folder including the ability to take control or change share permissions Chapter 9

  37. Windows 2000 Server • Notice that the dialog box in Figure 9-8 has a button for caching • Caching enables you to set up a folder so that it can be accessed by a client, even when the client is not connected to the network • Also, Windows 2000 enables you to set up Web sharing, which makes files available on a Web server for HTML or FTP access • Tables 9-3 and 9-4 show the two sets of permissions used for Web sharing: access permissions and application permissions Chapter 9

  38. Windows 2000 Server Chapter 9

  39. UNIX • Access to directories and files on a UNIX server is also governed through user accounts, groups, and access permissions • Each user account in UNIX is associated with a user identification number (UID) • Also, users who have common access needs can be assigned to a group via a group identification number (GID), and then the permissions to access resources are assigned to the group, instead of to each user Chapter 9

  40. UNIX • The password file (/etc/passwd) contains the following kinds of information: • The user name • An encrypted password or a reference to the shadow file, a file associated with the password file that makes it difficult for intruders to determine the passwords of others • The UID which can be a number as large as 60,000 • A GID with which the user name is associated • Information about the user, such as a description or the user’s job • The location of the user’s home directory • A command that is executed as the user logs on, such as which shell to use Chapter 9

  41. UNIX • The shadow file (/etc/shadow) is normally available only to the system administrator • It contains password restriction information that includes the following: • The minimum and the maximum number of days between password changes • Information on when the password was last changed • Warning information about when a password will expire • Amount of time that the account can be inactive before access is prohibited Chapter 9

  42. UNIX • The useradd command enables you to create a new user • The parameters that can be added to useradd include the following: • -c gives an account description • -d specifies the user’s home directory location • -e specifies an account expiration date • -f specifies the number of days the account can be inactive before access is prohibited • The remainder are listed on pages 454 and 455 of the textbook Chapter 9

  43. UNIX • Home directories are areas on the server in which users store data • If you do not want a group automatically created at the time you create an account, use the –n parameter with the useradd command • Useradd, usermod, and userdel generally work in all versions of UNIX except IBM’s AIX, which uses mkuser, chuser, and rmuser Chapter 9

  44. UNIX • Information about groups is typically stored in the /etc/group file (see Figure 9-10), and group security information is in the /etc/gshadow file (or the /etc/security/group file in AIX and the /etc/logingroup file in HP-UX) Chapter 9

  45. UNIX • UNIX files are assigned any combination of three permissions: read, write, and execute • Executable programs can have a special set of permissions called Set User ID (SUID) and Set Group ID (SGID) Chapter 9

  46. UNIX • Permissions are granted on the basis of four criteria: ownership, group membership, other (or World), and all (all is not used in every version of UNIX, but is included in Red Hat Linux) • Permissions are set up by using the chmod command in UNIX • Chmod has two different formats, symbolic and octal • In the symbolic format, you specify three parameters: (1) who has the permission, (2) the actions to be taken on the permission, and (3) the permission Chapter 9

  47. Mac OS X Server • The Mac OS X Server is built on the Mac OS X foundation, but is designed as a true server for file sharing, printer sharing, managing network users and groups, and providing Web services • A computer running Mac OS X Server can support up to several thousand users • Mac OS X Server includes the Apache Web server software, which was originally designed for UNIX computers and has been adapted for Mac OS X Server Chapter 9

  48. Mac OS X Server • Through Apache, you can set up multiple Web sites and enable users to participate in Web authoring • As is true of Mac OS X , Mac OS X Server supports TCP/IP and AppleTalk • Two important tools are included with Mac OS X Server that enable server management: Server Admin and Macintosh Manager • Accounts and groups can be created and managed through the Server Admin tool Chapter 9

  49. Mac OS X Server • Through Server Admin, you can set up logging of events on a Mac OS X Server • The events log can include: • Login and Logout events • Opened files • Newly created files • Newly created folders • Deleted files and folders Chapter 9

  50. NetWare • When a Novell NetWare server is installed, one of the first projects is to design a file structure that makes it easy to establish drive mappings • Consider, for example, a NetWare server set up for use by accountants • The main disk volume composing the root directory is the system volume, called the SYS volume • The server would have default directories on the SYS volume created during installation, which are available to users, such as PUBLIC, LOGIN, HOME, APPS, and DATA Chapter 9

More Related