PowerPoint Presentation

The University of AkronSummit CollegeBusiness Technology Dept.2440: 141Web Site Administration

Server ManagementInstructor: Enoch E. Damson

Web Administrator's View of Server ManagementThe Web server software is a product that works with the operating systemThe server computer can run more than one software product such as e-mail and FTPWith both a LAN and the Web, access control is very importantServer Management2Networking ModelsTwo main approaches to networking includes:Microsoft LAN approach to networkingClient/server approach to networkingServer Management3Microsoft LAN Networking ModelsMicrosoft Windows LAN is configured using one of these two models:WorkgroupDomain The model determines how users are organizedServer Management4Workgroup Networking ModelTreats each computer in the network as an equal, or peerAlso called peer-to-peer networkingEach computer is a client and a serverWhen you allow others to access resources on your computer, your computer is acting as a serverWhen you access resources on another computer, your computer is acting as a clientAppropriate for networks with 10 or less computersServer Management5Workgroup Networking ModelDisadvantages:Most users do not want to administer resources on their computerNeed user names and passwords of users who need resourcesDifficult to keep track of changing passwordsServer Management6Domain Networking ModelOne or more servers centralize controlComputers are part of a domain Single, centralized logonSingle point of controlUsers can be given access to resources anywhere in the domainServer Management7Client/Server Networking ModelClient represents a program such as a browser or an e-mail clientServer has a corresponding program that communicates with the clientClient and server communicate using a protocolWeb browsers (client) and Web servers use HTTP to communicateAccess to servers controlled by a service/daemonNetworking in Linux follows the client/server modelEach computer has its own database of users/passwordsServer Management8Server UsersUser account consists of a username and password to identify each userUsually has a home directory for storing filesUser owns any files created in the home directoryUsually a users email address (if an email service is provide on the system)Users can log in and upload files if an FTP server is running on the machineUsers & Documents9User AccountsSystems administrators need to maintain user accounts by:Creating new user accountsMaintaining the integrity of user accountsDeleting accounts of users not needing accessScripts can be used to speed things up when creating many user accountsUsers & Documents10Creating User AccountsCreating an account generally involves:Creating a home directory for a userSetting permissions and groupsInstalling any login scripts or default directories and files for the userConfiguring e-mail if necessaryUsers & Documents11Maintaining User AccountsWith many users, the users home directories should all be in a partition or drive separate from the core operating systemKeeps the server running smoothly even if users fill available space on the driveUsers must be given a quota to keep them from taking up too much spaceUsers & Documents12Authenticating UsersAuthentication the process of determining a users true identityProcess of determining a user's true identityThree basic methodsWhat you know user name and passwordsWhat you have entry cardWho you are biometricsWindows authentication could be accomplished using:Kerberos developed at MIT to allow exchange of private information across a networkCertificates guarantees the identify of an organization or userServer Management13Managing Users and GroupsUsers need accounts to access resources on a serverOn a Web server there is a restricted account that is used on behalf of Internet usersIn a LAN, users with common resource needs are put in a group, and the group is given access to the resourceServer Management14Managing Users and GroupsWindows has an account called systemIt represents the operating system and it has many of the same privileges of the administratorOften needed by server programsLinux typically uses unique accounts for each daemonServer Management15Users and Groups in WindowsLocal accounts exist on a single computer and can be used to control resources only on that computerDomain accounts can be used to control resources on all the computers that are part of the domainActive Directory (AD) allows domains to be grouped into a forestServer Management16Groups in WindowsDomain local groups have members from the same domainAssign permissions to resources in the same domainGlobal groups have members from the same domain Can be used to assign permissions to resources in any domainUniversal groups can have members from any domainCan be used to assign permissions to resources in any domainServer Management17Users and Groups in LinuxProperties of user accounts

ItemDescriptionUser nameLogon name of the userFull nameThe full name of the user or any commentPasswordThe password must be at least six charactersHome directoryThe default is /home/usernameGroupThe default is to create a group with the same name as the userLogin shellThe default is /bin/bash, which determines the characteristic of the shell environmentServer Management18File System PermissionsPermission allow you to control access to the resources on a computer such as a Web page, a document, or a programIn Windows, the NTFS file system is required in order to assign permissionsAll Linux file systems incorporate permissionsServer Management19File System Permissions in WindowsPermissionDescriptionFull ControlIncludes all other permissions and allows ownership of the file or folder and change the attributes of a file ModifyAllows read, write, and deleteRead Read files but cannot execute themWriteWrite to files or foldersRead & ExecuteRead files and run programsSpecial PermissionsView the contents of a folderServer Management20File System Permissions in LinuxPermissionUsed on FilesUsed on DirectoriesRead (r)Read a file or copy a fileList the contents of a directoryWrite (w)Write to the file, including deleting the fileCreate filesExecute (x)Execute programs and shell scripts, which are text files containing Linux commandsModify the file permissionsServer Management21Linux File Permission CommandsThe following commands are used for Linux permissions:umask sets the default file/directory permissionchmod changes the access permissions of a file or directorychgrp changes the group associated with a filechown changes the owner associated with a file

Server Management22Linux File PermissionsPermissions are set for three types of users:User (u)Group (g)Others (o)The three permissions (with their numeric values) are:Read (r) = 4Write (w) = 2Execute (x) = 1Linux permissions may be set using the chmod command in two ways:Numeric valuesMnemonicsServer Management23Mnemonic Characters for Linux File PermissionsTypes of users:a allu userg groupo otherPermissions:d directoryr read (4)w write (2)x execute (1)- none (0)Actions:= assigns permission+ adds permission- removes permissionUse commas to separate assignment units, with no spacesServer Management24Linux File Permission ExamplesUsing umaskThe umask command uses the numeric values for read (4), write (2) and execute (1) permissions to determine which ones will be unavailable to the category of users (user, group, others) when a file is createdSetting default file permissions for all three categories of users (user, group, others) to have all (read, write and execute) permissionsumask 000Setting default file permissions for all three categories of users (user, group, others) to have none of the permissions (read, write and execute)umask 777Server Management25Setting Linux Default File PermissionsCommandDefault PermissionsUserGroupOtherumask 011rwxrw-rw-umask 233r-xr--r--umask 000rwxrwxrwxServer Management26Linux File Permission ExamplesUsing chmodAssigning read, write and execute permissions to all users on a file:chmod a=rwx filechmod ugo=rwx filechmod u=rwx,g=rwx,o=rwx filechmod 777 fileAssigning read, write permissions to user and execute permission to group and other users on a file:chmod u=rw,go=x filechmod 611 fileAdding read, write permissions to all users on a file:chmod ugo+rw filechmod a+rwAdding read, write permissions to user and group; and execute permission to other users on a file:chmod ug+rw,o+x fileRemoving read, write permissions from all users:chmod a-rw filechmod ugo-rw fileRemoving write permission from group and other users:chmod go-w file

Server Management27Setting Linux File Permissions Using Numeric ValuesCommandPermissionsUserGroupOtherchmod 755 myfilerwxr-xr-xchmod 540 myfiler-xr-----chmod 744 myfilerwxr--r--Server Management28http://permissions-calculator.orgSetting Linux File Permissions Using MnemomicsCommandPermissionsUserGroupOtherchmod u=rwx,go=rx myfilerwxr-xr-xchmod u=rx,g=r,o= myfiler-xr-----chmod u=rwx,go=r myfilerwxr--r--Server Management29http://permissions-calculator.orgSharing Resources in a Windows NetworkShared folders require permissionsWhen comparing share permissions and NTFS permissions, the most restrictive permission takes precedencePermissionDescriptionFull ControlAllow files to be added, deleted, changed, and readChangeAllow existing files to be written toReadCan only read filesServer Management30Enforcing Network PoliciesYou can control a number of policies in both Windows and Linux Windows has many more policies but the majority are appropriate for LANsA common policy involves passwordsNumber of days before change allowedNumber of days before change requiredServer Management31Document HierarchyFiles and directories on Web servers are organized in a file system.File system determines:Where files are stored on a computers hard driveHow many letters a filename can containThe security of files stored on the computerThere are many different file systems and most modern operating systems can support more than oneUsers & Documents32Common File SystemsSome of the most common file systems are:FAT32 Microsoft file systemNTFS Windows NT file systemUFS UNIX file systemext3, ext4 Linux file systemHFS Macintosh hierarchical file systemNFS Network file systemUsers & Documents33