Web Server Administration

1
Web Server Administration

• Chapter 5
• Managing a Server

2
Overview

• Understand the Web server administrator's view of
  server management
• Examine networking models
• Learn how users are authenticated
• Manage users and groups

3
Overview

• Manage file system permissions
• Share resources in a network
• Enforce network policies

4
Web Administrator's View of Server Management

• Web server software is a product that works with
  the operating system
• The server computer can run more than one
  software product such as e-mail and FTP
• With both a LAN and the Web, controlling access
  is very important
• The Web server can be part of the LAN
• Web communication and LAN communication are
  different

5
Microsoft LAN Networking Models-Workgroup

• Treats each computer in the network as an equal,
  or peer
• Also called peer-to-peer networking
• Each computer is a client and a server
• When you allow others to access resources on your
  computer, your computer is acting as a server
• When you access resources on another computer,
  your computer is acting as a client

6
Microsoft LAN Networking Models-Workgroup

• Appropriate for networks with 10 or less
  computers
• A number of disadvantages
• Most users do not want to administer resources on
  their computer
• Need user names and passwords of users who need
  resources
• Difficult to keep track of changing passwords

7
Microsoft LAN Networking Models-Domain

• One or more servers centralize control
• Computers are part of a domain
• Single, centralized logon
• Single point of control
• Users can be given access to resources anywhere
  in the domain

8
Client/Server Networking Model

• Client represents a program such as a browser or
  an e-mail client
• Server has a corresponding program that
  communicates with the client
• Server program known as a service in Windows or a
  daemon in Linux
• Networking in Linux follows the client/server
  model
• Telnet is used to log on to another computer

9
Authenticating Users

• Process of determining a user's true identity
• Three basic methods
• What you know user name and passwords
• What you have entry card
• Who you are biometrics

10
Implementing an Authentication System

• If a Windows network has older computers running
  NT, 95, or 98, the server must use NTLM
• It is not as secure as Kerberos, which is the
  default for Windows 2000, 2003, and XP

11
Managing Users and Groups

• Users need accounts to access resources on a
  server
• On a Web server there is a restricted account
  that is used on behalf of Internet users
• In a LAN, users with common resource needs are
  put in a group, and the group is given access to
  the resource

12
Managing Users and Groups in Windows

• Windows has an account called system
• It represents the operating system and it has
  many of the same privileges of the administrator
• Often needed by server programs
• Linux typically uses unique accounts for each
  daemon

13
Users and Groups in Windows

• Local accounts exist on a single computer and can
  be used to control resources only on that
  computer
• Domain accounts can be used to control resources
  on all the computers that are part of the domain
• Active Directory (AD) allows domains to be
  grouped into a forest
• Microsoft Exchange requires AD

14
Groups in Windows

• Domain local groups have members from the same
  domain
• Assign permissions to resources in the same
  domain
• Global groups have members from the same domain
• Can be used to assign permissions to resources in
  any domain
• Universal groups can have members from any domain
• Can be used to assign permissions to resources in
  any domain

15
Users and Groups in Linux

• Properties of user accounts

Item Description
User name Logon name of the user
Full name The full name of the user or any comment
Password The password must be at least six characters
Home directory The default is /home/username
Group The default is to create a group with the same name as the user
Login shell The default is /bin/bash, which determines the characteristic of the shell environment
16
File System Permissions

• Permission allow you to control access to the
  resources on a computer such as a Web page, a
  document, or a program
• In Windows, the NTFS file system is required in
  order to assign permissions
• All Linux file systems incorporate permissions

17
File System Permissions in Windows
Permission Description
Full Control Full Control includes all other permissions and allows you to take ownership of the file or folder and change the attributes of a file
Modify Allows read, write, and delete
Read With this permission, you can read files but cannot execute them
Write When set on a file, this permission allows you to write to files when set on a folder, you can write to the folder
Read Execute Read files and run programs
List Folder Contents This permission allows you to view the contents of a folder
Special Permissions (Windows 2003 only) This is not a specific permission under the list of permissions for users, when this permission is checked, it means that this user has one or more of the 14 individual permissions set
18
File System Permissions in Linux
Permission type When used with files When used with directories
Read Read a file or copy a file List the contents of a directory
Write Write to the file, including deleting the file Create files
Execute Execute programs and shell scripts, which are text files containing Linux commands Modify the file permissions
19
Linux Permissions

• Permissions are set for user, group, and others
• Each permission is set with a single digit from 0
  to 7 based on the combination of permissions
• read 4
• write 2
• execute 1

20
Using chmod to Set Permissions
Command Permissions Permissions Permissions
Command Owner Group Other
chmod 755 myfile rwx r-x r-x
chmod 540 myfile r-x r-- ---
chmod 744 myfile rwx r-- r--
21
Sharing Resources in a Windows Network

• Shared folders require permissions
• When comparing share permissions and NTFS
  permissions, the most restrictive permission
  takes precedence

Permission Description
Full Control Allow files to be added, deleted, changed, and read
Change Allow existing files to be written to
Read Can only read files
22
Enforcing Network Policies

• You can control a number of policies in both
  Windows and Linux
• Windows has many more policies but the majority
  are appropriate for LANs
• A common policy involves passwords
• Number of days before change allowed
• Number of days before change required

23
Summary

• The Web server has a guest user account that is
  used to access Web pages
• Windows LAN models include the workgroup and
  domain models
• Linux only uses the client/server model
• Authentication is based on what you know, what
  you have, and who you are
• Core of security incorporates users, groups, and
  permissions