Web Server Administration

Chapter 5Managing a Server

Overview Understand the Web server

administrator's view of server management

Examine networking models Learn how users are authenticated Manage users and groups Manage file system permissions Share resources in a network Enforce network policies

Web Administrator's View of Server Management Web server software is a product that

works with the operating system The server computer can run more than

one software product such as e-mail and FTP

With both a LAN and the Web, controlling access is very important

The Web server can be part of the LAN Web communication and LAN

communication are different

Microsoft LAN Networking Models-Workgroup

Treats each computer in the network as an equal, or peer Also called peer-to-peer networking

Each computer is a client and a server When you allow others to access resources

on your computer, your computer is acting as a server

When you access resources on another computer, your computer is acting as a client

Microsoft LAN Networking Models-Workgroup

Appropriate for networks with 10 or less computers

A number of disadvantages Most users do not want to administer

resources on their computer Need user names and passwords of

users who need resources (fig 5-1 pg 200)

Difficult to keep track of changing passwords

Typical peer-to-peer

Microsoft LAN Networking Models-Domain

One or more servers centralize control Fig 5-2 page 201

Computers are part of a domain Single, centralized logon Single point of control Users can be given access to

resources anywhere in the domain

Microsoft Domain (don’t confuse with Internet Domain)

Client/Server Networking Model Client represents a program such as a

browser or an e-mail client Server has a corresponding program

that communicates with the client Server program known as a service in

Windows or a daemon in Linux Networking in Linux follows the

client/server model Telnet is used to log on to another computer

Authenticating Users

Process of determining a user's true identity

Three basic methods What you know – user name and

passwords What you have – entry card (ATM card

combines what you know and have) Who you are – biometrics

Implementing an Authentication System

If a Windows network has older computers running NT, 95, or 98, the server must use NTLM

It is not as secure as Kerberos, which is the default for Windows 2000, 2003, and XP

Managing Users and Groups Users need accounts to access

resources on a server Web server software logs on to a restricted

user account that is used on behalf of Internet users. This user does NOT have authority to update web pages – only to view them.

In a LAN, users with common resource needs are put in a group, and the group is given access to the resource

Managing Users and Groups

Windows has an account called system It represents the operating system and

it has many of the same privileges of the administrator

Often needed by server programs Linux typically uses unique accounts

for each daemon (fig 5-3 pg 206)

Default user (daemon)accounts in Linux

Users and Groups in Windows Local accounts exist on a single

computer and can be used to control resources only on that computer

Domain accounts can be used to control resources on all the computers that are part of the domain

Active Directory (AD) allows domains to be grouped into a forest Microsoft Exchange requires AD

Groups in Windows Domain local groups have members from

the same domain Assign permissions to resources in the same

domain Global groups have members from the

same domain Can be used to assign permissions to resources

in any domain Universal groups can have members from

any domain Can be used to assign permissions to resources

in any domain

Users and Groups in Linux Properties of user accounts

Item Description

User name Logon name of the user

Full name The full name of the user or any comment

Password The password must be at least six characters

Home directory The default is /home/username

Group The default is to create a group with the same name as the user

Login shell The default is /bin/bash, which determines the characteristic of the shell environment

File System Permissions Permission allow you to control access

to the resources on a computer such as a Web page, a document, or a program

In Windows, the NTFS file system is required in order to assign permissions

All Linux file systems incorporate permissions

File System Permissions in Windows

Permission Description

Full Control Full Control includes all other permissions and allows you to take ownership of the file or folder and change the attributes of a file

Modify Allows read, write, and delete

Read With this permission, you can read files but cannot execute them

Write When set on a file, this permission allows you to write to files; when set on a folder, you can write to the folder

Read & Execute Read files and run programs

List Folder Contents This permission allows you to view the contents of a folder

Special Permissions(Windows 2003

only)

This is not a specific permission; under the list of permissions for users, when this permission is checked, it means that this user has one or more of the 14 individual permissions set

Sharing Resources in a Windows Network

Shared folders require permissions When comparing share permissions and NTFS

permissions, the most restrictive permission takes precedence

Shared permissions (below) are much simpler and fewer in number than NTFS permissions (note page 228 mistakenly describes below as “Linux” permissions.

Permission Description

Full Control Allow files to be added, deleted, changed, and read

Change Allow existing files to be written to

Read Can only read files

Enforcing Network Policies

You can control a number of policies in both Windows and Linux

Windows has many more policies but the majority are appropriate for LANs

A common policy involves passwords Number of days before change allowed Number of days before change required

Web Server Administration

Chapter 5Managing a Server