Guide to operating systems 4 th ed
This presentation is the property of its rightful owner.
Sponsored Links
1 / 51

Guide to Operating Systems, 4 th ed. PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on
  • Presentation posted in: General

Guide to Operating Systems, 4 th ed. Chapter 10: Resource Sharing over a Network. Explain the principles behind sharing disks, files, and printers on a network Set up accounts, groups, security, and disk and file sharing on network server operating systems

Download Presentation

Guide to Operating Systems, 4 th ed.

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Guide to operating systems 4 th ed

Guide to Operating Systems, 4th ed.

Chapter 10: Resource Sharing over a Network


Objectives

Explain the principles behind sharing disks, files, and printers on a network

Set up accounts, groups, security, and disk and file sharing on network server operating systems

Set up disk and file sharing on client (workstation) operating systems

Set up printer sharing on server and client operating systems

Discuss how network and Internet servers are used for vast information-sharing networks

Objectives

Guide to Operating Systems, 4th ed.

2


Sharing disks files and printers

Sharing Disks, Files, and Printers

Sharing files was one of the first reasons to network computers

Network OSs were available at the start of the 1980’s to share files through a server. There were two methods:

By downloading a file from a file server to a workstation

Purchasing third-party software to create a special shared drive for other workstations to access over a network

Mapping – software process that enables a client workstation to attach to a shared drive and assign it a drive letter

In UNIX/Linux and Mac OS X a mapped drive is called a mounted volume

Guide to Operating Systems, 4th ed.


Securing shared resources

Securing Shared Resources

Sharing disks, files and printers is a potential security risk (possible for non-authorized users to access a file or use a printer)

All OSs discussed in this book offer security measures for protecting shared resources

Access to a file can be denied to unauthorized users

You may want a user to be able to read a file but not change it

Security privileges can be used to limit users to only those capabilities

Access to a shared network printer can be given only to a specific group of people

Permission to manage print jobs can be assigned on a user by user basis (only those who are qualified to do so)

Guide to Operating Systems, 4th ed.


Sharing disks and files through server network operating systems

Sharing Disks and Files through Server Network Operating Systems

Windows Server 2003/R2 and Server 2008/R2, UNIX/Linux, and Mac OS X are examples of server network operating systems

Enables the network administrator to establish security through techniques such as:

Assigning accounts

Account passwords

Creating groups

Access privileges

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r2

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

The steps involved in sharing resources over a network include setting up the following:

Groups

Account policies

User accounts

Permissions

Shared disks and folders

Group – a collection of computers and users

Reduce the amount of work of managing user accounts and security

Settings can be created for each group and applied to all computers and users in that group instead of applying the settings at one time

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r21

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

The following types of groups can be used in all Windows Server 2003/Server 2008 OSs:

Local – used on servers that are not part of a domain

Domain local – used when there is a single domain or to manage resources in a particular domain so that global and universal groups can access those resources

Global – used to group accounts from the same domain so that those accounts can access resources in the same and other domains

Universal – used to provide access to resources in any domain within a forest

All of these groups are also defined as security or distribution groups

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r22

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Security groups – used to enable access to resources on a standalone server or in Active Directory

Active Directory is a database of computers, users, shared printers, shared folders, and other network resources that are used to manage a network

Distribution groups – used for e-mail or telephone lists, to provide quick, mass distribution of information

In a small office setting, Active Directory may not be installed so only local groups can be created to manage access

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r23

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Container object – an entity that is used to group together resources in a directory service

Directory service – provides 3 important functions:

central listing of resources

a way to quickly find resources

the ability to access and manage resources

Domain – fundamental component or container that holds information about all network resources that are grouped within it

Tree – consists of one or more domains

Forest – houses one or more trees

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r24

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Sample Windows Server domain and tree models

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r25

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Example of working with groups:

College – has a domain for:

Students

Faculty and staff

Research organizations associated with the college

College’s executive council – needs access to all 3 domains

Create a domain local group called LocalExec in each domain

Give that group access to files, folders and other resource

Next, create a GlobalExec global group in the faculty and staff domain that has the executive council as members

Make that global group a member of all LocalExec groups

See figure on next slide

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r26

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Managing security through domain local and global groups

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r27

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

  • Guidelines to help simplify how to use groups:

    • Use global groups to hold user accounts as members

      • Give members access to resources by making the global group members of domain local or universal groups (or both)

    • Use domain local groups to provide access to resources in a specific domain

      • Avoid placing user accounts in domain local groups – give domain local groups access to shared folders and printers

    • Use universal groups to provide extensive access to resources

      • To simplify access when there are multiple domains

      • Give universal groups access to resources in any domain, tree or forest

    • Manage user account access by placing accounts in global groups and join those groups to domain local or universal groups

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r28

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Trusted domain – is given access to resources in another domain

Trusting domain – allows the access to its resources

A mutual relationship of trust between domain, managed by an Active Directory administrator or a security specialist

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r29

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Account Policies – used to set restrictions and security to help ensure that only authorized users are accessing the accounts

Parameters you can configure through Account Policies:

Password Policy

Account Lockout Policy

Kerberos Policy

Account policies should be configured before setting up user accounts

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r210

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Password security enables you to set requirements for how users set passwords

Some password security options

Enforce password history – users must choose new passwords and cannot use previously used passwords

Maximum password age – set a maximum time allowed until a password expires

Minimum password age – password must be used a minimum amount of time before being changed

Minimum password length

Passwords must meet complexity requirements – create a filter of customized password requirements

Store password using reversible encryption

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r211

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Account lockout – ability to lock out an account after a number of unsuccessful tries to login

Some lockout parameters that can be configured:

Account lockout duration – specify in minutes how long the system will keep an account locked out after reaching the specified number of unsuccessful logon attempts

Account lockout threshold – set a limit to the number of unsuccessful attempts to log onto an account

Reset account lockout count after – specify the number of minutes between two consecutive unsuccessful logon attempts to make sure that the account will not be lockout out too soon

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r212

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

  • Kerberos security – tickets are exchanged between the client who requests logon and the server that grants access

  • Kerberos configuration options:

    • Enforce user logon restrictions – turns on Kerberos security

    • Maximum lifetime for a service ticket

    • Maximum lifetime for a user ticket

    • Maximum lifetime for user ticket renewal – maximum # of days the same Kerberos ticket can be renewed each time a user logs on

    • Maximum tolerance for computer clock synchronization – how long a client will wait until synchronizing its clock with that of a server or Active Directory

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r213

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Configuring User Accounts – to be performed after account policies have been configured

When Active Directory is not installed:

A user account is created by right-clicking My Computer, Manage, and then click on Local Users and Groups

When Active Directory is installed:

Use the Active Directory Users and Computers tool to create a new account

Hands-on Project 10-4 enables you to create an account

After creating users, they are typically added to global groups

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r214

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

  • Configuring Access Privileges (Permissions) – enable you to protect the contents of files and folders

  • Permissions are set by clicking on Properties (Security Tab) for the file or folder you wish to set access to

    • Permissions from a higher-level folder can be automatically inherited. This is the default setting.

    • See Table 10-1 on the next slide for some of the permissions available for files and folders in Windows Server 2003/R2 and Server 2008/R2

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r215

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r216

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Configuring Shared Disks and Folders

A drive or folder is shared through its properties

When choosing to share a driver or folder you must provide a name for the share and configure how many people can access the share at the same time

Available share permissions:

Full Control – Provides full access to the folder including the ability to take control or change share permissions

Read – Permits groups or users to read and execute files

Change – Enables users to read, add, modify, execute, and delete files

You can also setup Web sharing, which makes files available on a Web server for HTML or FTP access

Must have Internet Information Services (IIS) installed

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r217

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

Web sharing access permissions

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r218

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

NTFS permission conflicts

If a user account has Read permission for a folder and belongs to a group that has Write permission, that user has both Read and Write permissions

The exception is Deny – If a user who has Read permission of a folder but belongs to a group for which all permissions are denied to that folder, the user does not have access to the folder

Summary of permission rules:

NTFS permissions are cumulative with the exception that if an account or group is denied access, this overrides other permissions

When a folder has both NTFS and share permissions, the most restrictive permissions apply

Guide to Operating Systems, 4th ed.


Windows server 2003 server 2003 r2 and server 2008 server 2008 r219

Windows Server 2003/Server 2003 R2 and Server 2008/Server 2008 R2

When a file or folder is created, copied, or moved, the permissions can be affected:

A newly created file inherits the permissions already set up in a folder

A file that is copied from one folder to another on the same volume inherits the permissions of the folder to which it is copied

A file or folder moved from one folder to another on the same volume takes its permissions with it

A file or folder that is moved/copied to a different volume inherits the permissions of the folder to which it is moved/copied

A file or folder that is moved/copied from a FAT volume to a folder in an NTFS volume inherits the permissions already assigned in the NTFS folder

Guide to Operating Systems, 4th ed.


Unix and linux

UNIX and Linux

Each user account is associated with a user identification number (UID)

Users who have common access needs can be assigned to a group via a group identification number (GID)

Then permissions to access resources are assigned to the group, instead of each user

When a user logs on to access resources, the password file is checked to permit logon authorization

Guide to Operating Systems, 4th ed.


Unix and linux1

UNIX and Linux

  • The password file contains:

    • The user name

    • An encrypted password or a reference to a shadow file (file associated with the password file that makes it difficult for intruders to determine the passwords of others)

    • The UID, can be a number as large as 60,000

    • The GID, which is the primary group id

    • Information about the user, such as a description of the user’s job

    • The location of the user’s home directory (a work area for the user to store data on the server)

    • A command that is executed as the user logs on, such as which shell to use

Guide to Operating Systems, 4th ed.


Unix and linux2

UNIX and Linux

The shadow file (/etc/shadow) is normally only available to the system administrator

Contains password restriction information that includes:

The minimum and maximum number of days between password changes

Information on when the password was last changed

Warning information about when a password will expire

Amount of time that the account can be inactive before access is prohibited

Guide to Operating Systems, 4th ed.


Unix and linux3

UNIX and Linux

Information about groups is stored in the etc/group file

Typically contains an entry for each group consisting of the name, an encrypted group password, the GID, and a list of group members

In some versions of UNIX/Linux, every account is assigned to at least one group

User accounts and groups can be created by editing the password, shadow, and group files

Or by entering UNIX/Linux commands (recommended way)

Important to make sure that each group has a unique GID

Guide to Operating Systems, 4th ed.


Unix and linux4

UNIX and Linux

  • The useradd command enables you to create a new user

    • See page 509 for a list of some of the parameters that can be used with this command

  • Example:

    • useradd –c “Lisa Ramirez, Accounting Department, ext 221” –p green$thumb –u 700 lramirez

    • This command creates an account called lramirez with a comment that includes personal information, a password set to green$thumb, and a UID equal to 700

  • Useradd, usermod, and userdel generally work in all versions of UNIX/Linux

    • Except IBM’s AIX which uses mkuser, chuser, and rmuser

Guide to Operating Systems, 4th ed.


Unix and linux5

UNIX and Linux

  • Groups are created using the groupadd command

    • -g parameter is used to establish the GID and the group string creates a group name

    • Example – to create the auditors group:

      • groupadd –g 2000 auditors

  • Once a group is created, it is modified through the groupmod command

  • Groups are deleted using the groupdel command

Guide to Operating Systems, 4th ed.


Unix and linux6

UNIX and Linux

  • Files are assigned any combination of 3 permissions:

    • Read – enables the user to display its contents (signified by the letter r)

    • Write – ability to modify, save, and delete a file (signified by the letter w)

    • Execute – enables a user or group of users to run a program (signified by the letter x)

  • Permissions are granted on the basis of 4 criteria:

    • Ownership

    • Group membership

    • Other (or World)

    • All (All is not used in every version of UNIX/Linux)

Guide to Operating Systems, 4th ed.


Unix and linux7

UNIX and Linux

  • The owner of a file or directory typically has:

    • all permissions

    • can assign permissions

    • has the designation of u

  • Group members (g) – users who may have a complete set of permissions, one permission, or a combination of two (such as read and execute)

  • Other (o) – consists of non-owners who represent generic users

  • All (a) – represents the combination of u + g + o

Guide to Operating Systems, 4th ed.


Unix and linux8

UNIX and Linux

  • Permissions are set up by using the chmod

    • In the command chmod go -r-w-x * (used on all files – signified by the * )

      • The g signifies groups and o signifies others

      • The – means to remove a permission

      • The -r-w-x signifies removing the read, write, and execute permissions

    • In this example, only the owner and members of the owner’s group are left with read, write, and execute permissions on the files in this directory

  • Hands-On Project 10-10 offers practice configuring permissions in UNIX/Linux

Guide to Operating Systems, 4th ed.


Mac os x server

Mac OS X Server

  • Built on the foundation of Mac OS X but is designed as a true server

  • A computer running Mac OS X Server can support up to several thousand users

  • Might deploy this OS Server in a company that creates publications or advertising materials or in a school laboratory

  • Mac OS X Server includes Apache Web server software

  • Permissions are similar to those for UNIX/Linux

Guide to Operating Systems, 4th ed.


Mac os x server1

Mac OS X Server

  • Mac OS X Server supports TCP/IP

    • Opens door to communication with other computers that use TCP/IP

    • Compatible with the Internet e-mail protocol Simple Mail Transfer Protocol (SMTP)

  • Server Admin tool – used to:

    • Create and manage accounts and groups

    • Manage file and print sharing

    • Establishes share points (shared resources on the server)

    • Log events such as login and logout, opening, creating, and deleting files and folders

    • Monitor/create print queues

    • Hold, release, and delete print jobs

Guide to Operating Systems, 4th ed.


Accessing and sharing resources in windows xp server 2003 r2

Accessing and Sharing Resources in Windows XP/Server 2003/R2

  • Click the Start menu, right click My Computer, and click Map Network Drive

  • Click the Browser button

  • Find the workgroup, domain, or other entity in which the computer sharing the drive resides, click it

  • Click the folder that you want to access, click OK

  • Set the Drive letter to which you want to map the network drive

  • Click Finish

Guide to Operating Systems, 4th ed.


Accessing and sharing resources in windows xp server 2003 r21

Accessing and Sharing Resources in Windows XP/Server 2003/R2

Configuring a shared folder in Windows XP

Guide to Operating Systems, 4th ed.


Accessing and sharing resources in windows vista 7 server 2008 r2

Accessing and Sharing Resources in Windows Vista/7/Server 2008/R2

  • Click the Start menu, click Computer, and click Map network drive

  • Set the drive letter to which you want to map the network drive

  • Click the Browse button

  • Find the workgroup, domain, or other entity in which the computer sharing the drive resides, click it

  • Click the folder you want to access, click OK

  • Check the Reconnect at Login box if you want the mapping to be there after a reboot

  • Click Finished when done

Guide to Operating Systems, 4th ed.


Accessing and sharing resources in windows vista 7 server 2008 r21

Accessing and Sharing Resources in Windows Vista/7/Server 2008/R2

Mapping a drive in Windows 7

Guide to Operating Systems, 4th ed.


Accessing shared resources via unix linux and specialized utilities

Accessing Shared Resources via UNIX/Linux and Specialized Utilities

  • UNIX/Linux enable resource sharing by using Network File System (NFS)

    • NFS enables one computer to mount a partition on another computer and then access file systems on the mounted partition as if they were local

  • To use NFS in Red Hat Enterprise Linux, the following services must be enabled:

    • portmap – establishes and manages the remote connections through designated User Datagram Protocol (UDP) ports

    • rpc.mounted – handles the RPC request to mount a partition

    • rpc.nfsd – enables the Linux kernel to manage specific requests from a client

Guide to Operating Systems, 4th ed.


Accessing shared resources via unix linux and specialized utilities1

Accessing Shared Resources via UNIX/Linux and Specialized Utilities

  • Security that controls which clients can use NFS is handled through entries in two files:

    • /etc/hosts.allow – contains the clients that are allowed to use NFS

    • /etc/hosts.deny – contains computers that are not allowed to use NFS

  • Samba – utility that uses the Server Message Block (SMB) protocol to allow access to shared Windows drives

Guide to Operating Systems, 4th ed.


Accessing and sharing resources via mac os

Accessing and Sharing Resources via Mac OS

  • Uses Samba to connect to another computer that is sharing a disk or folder

  • To mount a shared drive:

    • Open the Go menu, select Connect to Server, and enter the address of the server or use the Browse button to find it

      Connect to Server dialog box in Mac OS X

Guide to Operating Systems, 4th ed.


Accessing and sharing resources via mac os1

Accessing and Sharing Resources via Mac OS

  • In Mac OS X – turn on file sharing through System Preferences

  • Some of the resources that you can configure for sharing:

    • File Sharing – To share folders with other Mac OS X computers

    • Web Sharing – To share information on the Web

    • Remote Login – To allow another computer to remotely log into your computer

    • Remote Apple Events – So that other Mac OS X computers can send events to this computer

    • Printer Sharing – To enable others to use your computer’s printer

Guide to Operating Systems, 4th ed.


Sharing printing devices

Sharing Printing Devices

  • Windows Systems – once a printer is setup, it can be configured for printer sharing through Properties

    • Different Windows versions have different steps in order to share a printer

  • When you configure sharing, make sure you configure share permissions for the shared printer

    • The following are share permissions you will see:

      • Print – Can send print jobs and manage your own jobs

      • Manage Documents – Can manage your print jobs or those sent by any other user

      • Manage Printers – Can access the share, change share permissions, turn off sharing, configure printer properties

      • Special Permissions – shows whether special permissions are configured, and if they are allowed or denied

Guide to Operating Systems, 4th ed.


Sharing printing devices1

Sharing Printing Devices

  • UNIX/Linux printing is essentially the process of logging onto the UNIX/Linux server and printing to one of its printers

    • Uses Berkeley Software Distribution (BSD) spooling system

    • BSD uses 3 components for printing

      • lpr print program

      • lpd daemon

      • The file /etc/printcap to specify printer properties (a text file that can be modified via a text editor)

  • In Red Hat Enterprise Linux or Fedora – use the GNOME Print Manager tool

Guide to Operating Systems, 4th ed.


Sharing printing devices2

Sharing Printing Devices

  • In Mac OS X Systems there are 2 ways to set up printer sharing

    • First method:

      • Open System Preferences from the Dock or by clicking Go, clicking Applications, and double-clicking System Preferences

      • Double-click Sharing

      • Check the box for Printer Sharing

      • Close the Sharing Window

    • Second method:

      • Open System Preferences from the Dock or by clicking Go, clicking Applications, and double-click System Preferences

      • Double-click Print & Fax

      • Check the box for Share my printers with other computers and close the window

Guide to Operating Systems, 4th ed.


Sharing printing devices3

Sharing Printing Devices

Accessing a shared printer via Mac OS X

Guide to Operating Systems, 4th ed.


Network and internet resource servers

Network and Internet Resource Servers

  • UNIX/Linux, Windows, and Mac OS X servers can be set up as resource servers to provide network and Internet resources

    • E-mail servers

    • E-commerce

    • Videoconferencing

    • Multimedia

    • Instant messaging

    • Alerts for weather and security-related activities

    • Web servers

    • Intranet and virtual private network (VPN) servers

    • FTP servers

Guide to Operating Systems, 4th ed.


Chapter summary

Chapter Summary

  • Resource sharing is why networks exist starting with sharing files, which led to sharing disks and folders, which led to printing and program services

  • Whenever network resources such as folder and printers are shared, it is important to secure these resources to make sure that only authorized users can access them

  • When you configure Windows resources, the process typically involves creating security groups for easier management, establishing account policies and user accounts, setting permissions on the resources, and configuring sharing of the resources

  • UNIX/Linux systems also use groups, user accounts, and permissions to enable resource access and security

Guide to Operating Systems, 4th ed.


Chapter summary1

Chapter Summary

  • Mac OS X Server is a server version of Mac OS X for providing more extensive access to resources through user accounts and sharing services

  • Client operating systems – such as Windows, UNIX/Linux, and Mac OS X – come with utilities to enable them to access shared resources over a network and to offer resources to share

  • All of the OSs discussed in this book offer the ability to share printers and to access printers that are shared through a network

  • Network server OSs continue to offer more and more ways to share resources such as e-mail, e-commerce, videoconferencing, multimedia distribution, and database access

Guide to Operating Systems, 4th ed.


  • Login