Download Windows Server 2008

Document related concepts

AppleTalk wikipedia , lookup

Computer security wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Server Message Block wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Lag wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Transcript
Guide to Operating Systems,
4th ed.
Chapter 10: Resource Sharing over a
Network
Objectives
• Explain the principles behind sharing disks, files,
and printers on a network
• Set up accounts, groups, security, and disk and file
sharing on network server operating systems
• Set up disk and file sharing on client (workstation)
operating systems
• Set up printer sharing on server and client
operating systems
• Discuss how network and Internet servers are used
for vast information-sharing networks
Guide to Operating Systems, 4th ed.
2
Sharing Disks, Files, and Printers
• Sharing files was one of the first reasons for linking a
workstation’s OS onto a network.
• It remains one of the most important reasons for
networking.
• Network OSs were available at the start of the 1980’s
to enable file sharing through a server. There were
two methods:
– By downloading a file from a file server to a workstation;
– Purchasing third-party software to create a special shared drive
for other workstations to access over a network.
Guide to Operating Systems, 4th ed.
3
Sharing Disks, Files, and Printers
• The concept of sharing resources quickly
blossomed into other ways to access files, such as
making shared drives available on a network, and
making each shared drive look just like another
local drive to the client.
• Mapping – A software process that enables a
client workstation to attach to the shared drive a
resource such as a folder or drive volume on
another workstation or server, and assign it a drive
letter.
– The network drive that is attached is called a mapped drive in
Windows-based Oss.
– In UNIX/Linux and Mac OS X a mapped drive is called a
mounted volume.
Guide to Operating Systems, 4th ed.
4
Securing Shared Resources
• Sharing files also opened the way for printer
sharing over a network.
• Where it is feasible, one printer connected to a
network server OS or network client OS can be
used by others in the same office area or location.
• Sharing disks, files and printers is a potential
security risk because it is then possible for nonauthorized users to access a file or use a printer.
Guide to Operating Systems, 4th ed.
5
Securing Shared Resources
• All OSs discussed offer security measures for
protecting shared resources.
– Access to a file, directory, or disk can be denied to
unauthorized users.
– You may want a user to be able to read a file but not change it.
– You want only specific users to be able to execute a file
(program).
• For these situations, a file directory, or disk can be assigned
security privileges that limit users to only these capabilities.
– Access to a shared network printer can be given only to a
specific group of people
• Permission to manage print jobs can be assigned on a user by
user basis (only those who are qualified to do so).
Guide to Operating Systems, 4th ed.
6
Sharing Disks and Files through
Server Network Operating Systems
• Windows Server 2003/R2 and Server 2008/R2,
UNIX/Linux, and Mac OS X are examples of server
network operating systems that can share disks
and resources over a network.
• Each of these OSs:
– Offers a way for client workstations to access a combination of
disk, file, and other shared resources.
– Enables the network administrator to establish security through
techniques such as:
• Assigning accounts
• Account passwords
• Creating groups and access privileges
Guide to Operating Systems, 4th ed.
7
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• The steps involved in sharing resources over a
network include setting up the following:
–
–
–
–
–
Groups
Account policies
User accounts
Permissions
Shared disks and folders
• Group – a collection of computers and users.
– Reduces the amount of work for managing user accounts and
security.
– Settings can be created for each group and applied to all
computers and users in that group instead of applying the settings
at one time.
Guide to Operating Systems, 4th ed.
8
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• The following types of groups can be used in all
Windows Server 2003/Server 2008 OSs:
– Local – used on servers that are not part of a domain. The
reach (scope) of this group type does not go beyond the local
server in which it is defined.
– Domain local – used when there is a single domain or to
manage resources in a particular domain so that global and
universal groups can access those resources.
– Global – used to group accounts from the same domain so that
those accounts can access resources in the same and other
domains.
– Universal – used to provide access to resources in any domain
within a forest.
• All of these groups are also defined as security or distribution
groups.
Guide to Operating Systems, 4th ed.
9
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Security groups – used to enable access to
resources on a standalone server or in Active
Directory.
– Active Directory is a database of computers, users, shared
printers, shared folders, and other network resources that are
used to manage a network.
• Distribution groups – used for e-mail or telephone
lists, to provide quick, mass distribution of
information.
• In a small office setting, Active Directory may not
be installed so only local groups can be created to
manage access to an individual server.
Guide to Operating Systems, 4th ed.
10
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• When Active Directory is implemented, Windows
Server 2003/Server 2003 R2 and Server 2008/Server
2008 R2 add the ability to have container objects that
include domains, trees, and forests.
• Container object – an entity that is used to group
together resources in a directory service, such as
Microsoft Active Directory.
• Directory service – provides 3 important functions
on a network:
– A central listing of resources;
– a way to quickly find resources;
– the ability to access and manage resources.
Guide to Operating Systems, 4th ed.
11
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Domain – a fundamental component or container
that holds information about all network resources
that are grouped within it.
– Servers, printers, and other physical resources, users, and user
groups.
• Tree – consists of one or more domains.
• Forest – houses one or more trees
Guide to Operating Systems, 4th ed.
12
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
Sample Windows Server domain and tree models
Guide to Operating Systems, 4th ed.
13
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Example of working with groups:
– College – has a domain for:
• Students
• Faculty and staff
• Research organizations associated with the college
– College’s executive council – needs access to all 3 domains
• Create a domain local group called LocalExec in each domain that
provides the appropriate access to folders, files, and other
resources.
• Next, create a GlobalExec global group in the faculty and staff
domain that has the executive council as members
• Make that global group a member of all LocalExec groups
Guide to Operating Systems, 4th ed.
14
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Example of working with groups:
– These steps enable you to manage security for all of their
accounts at one time from one global group.
• If a member of the executive council leaves to take another job,
you simply delete (or disable) that person’s account from the
global group and later add an account for the replacement.
– You also can manage access to resources in each domain one
time through each domain local group, resulting in much less
management work.
• If a new printer is added to a domain, you can give the domain
local group full privileges to the printer.
Guide to Operating Systems, 4th ed.
15
Windows Server 2003/Server 2003 R2 and
Server 2008/Server 2008 R2
Managing security through domain local and global
groups
Guide to Operating Systems, 4th ed.
16
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• In an Active Directory context in which there are
multiple hierarchies of domains, trees, and forests,
universal security groups provide a means to
span domains and trees.
• Universal group membership can include user
accounts from any domain, global groups from any
domain, and other universal groups from any
domain.
• Universal groups are offered to provide an easy
means to access any resource in a tree or among
trees in a forest.
Guide to Operating Systems, 4th ed.
17
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Guidelines to help simplify how to use groups:
– Use global groups to hold user accounts as members.
• Give accounts access to resources by making the global groups to
which they belong members of domain local groups or universal
groups (or both).
– Use domain local groups to provide access to resources in a
specific domain.
• Avoid placing user accounts in domain local groups – but give
domain local groups access to resources in the domain, such as
shared folders and printers.
– Use universal groups to provide extensive access to resources
• To simplify access when there are multiple domains
• Give universal groups access to resources in any domain, tree or
forest
– Manage user account access by placing accounts in global groups
and joining those groups to domain local or universal groups
18
depending on which is most appropriate.
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• For group relationships to work between domains
and trees, trust relationships are established when
domains and trees are created.
– Thus, resources in one domain can be accessed by user
accounts and groups in another domain.
• Trusted domain – is given access to resources in
another domain.
• Trusting domain – allows the access to its
resources.
– A mutual relationship of trust between domain, managed by an
Active Directory administrator or a security specialist.
Guide to Operating Systems, 4th ed.
19
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Before you set up user accounts and populate
global groups with accounts, it is important to
configure account policies.
• Account Policies – used to set restrictions and
security to help ensure that only authorized users
are accessing the accounts.
• Parameters you can configure through Account
Policies:
– Password Policy
– Account Lockout Policy
– Kerberos Policy
Guide to Operating Systems, 4th ed.
20
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Password security enables you to set requirements
for how users set passwords.
• Some password security options:
– Enforce password history – users must choose new passwords
and cannot use previously used passwords.
– Maximum password age – set a maximum time allowed until a
password expires.
– Minimum password age – password must be used for a minimum
amount of time before being changed.
– Minimum password length
– Passwords must meet complexity requirements – create a filter of
customized password requirements
– Store password using reversible encryption
Guide to Operating Systems, 4th ed.
21
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Account lockout – ability to lock out an account
after a number of unsuccessful tries to login.
• Some lockout parameters that can be configured:
– Account lockout duration – specify in minutes how long the
system will keep an account locked out after reaching the
specified number of unsuccessful logon attempts.
– Account lockout threshold – set a limit to the number of
unsuccessful attempts to log onto an account.
– Reset account lockout count after – specify the number of
minutes between two consecutive unsuccessful logon attempts
to make sure that the account will not be locked out too soon.
Guide to Operating Systems, 4th ed.
22
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Kerberos security – tickets are exchanged
between the client who requests logon or network
services access and the server or Active Directory
that grants access.
– When Active Directory is not used, each standalone server can
be designated as a Kerberos key distribution center (The server
stores user accounts and passwords).
– When Active Directory is used, each domain controller is a key
distribution center.
• A domain controller is a server that authenticates logons and
keeps track of all changes made to accounts in the domain.
Guide to Operating Systems, 4th ed.
23
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Kerberos security –
– When a user logs on:
• The client computer sends an account name and password to the
key distribution center.
• The key distribution center issues a temporary ticket that grants
the user access to the Kerberos ticket-granting service on a
domain controller (or standalone server), which then grants a
permanent ticket to that computer.
• The permanent ticket (service ticket) is good for the duration of a
logon session and enables the computer to access network
services beginning with the Logon service.
Guide to Operating Systems, 4th ed.
24
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Kerberos configuration options:
– Enforce user logon restrictions –Turns on Kerberos security;
– Maximum lifetime for a service ticket – The maximum amount
of time in minutes that a service ticket can be used to
continually access a particular service in one service session.
– Maximum lifetime for a user ticket – The maximum amount of
time in hours that a ticket can be used for one continuous
session for access to a computer or domain;
– Maximum lifetime for user ticket renewal – Maximum number of
days that the same Kerberos ticket can be renewed each time
a user logs on;
– Maximum tolerance for computer clock synchronization – How
long in minutes a client will wait until synchronizing its clock
with that of the server or Active Directory it is accessing.
Guide to Operating Systems, 4th ed.
25
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Configuring User Accounts – Performed after
account policies have been configured.
– When Active Directory is not installed:
• A user account is created by right-clicking My Computer or
Computer via the Start Menu, clicking Manage, and then click on
Local Users and Groups.
– When Active Directory is installed:
• Use the Active Directory Users and Computers tool to create a
new account by clicking Start, pointing to All Programs, pointing
Administrative Tools and click Active Directory Users and
Computers.
• After creating user accounts, they are typically
added to the appropriate global groups.
Guide to Operating Systems, 4th ed.
26
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Configuring Access Privileges (Permissions) –
Enable you to protect the contents of files and
folders so that only authorized people can access
them.
• Permissions on a file or folder are set by using My
Computer or Windows Explorer.
– After you locate the file or folder, right-click it;
– Click Properties;
– Click the Securities Tab.
Guide to Operating Systems, 4th ed.
27
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• In Windows servers, permissions from a higherlevel folder can be automatically inherited through
the Allow inheritable permissions from the parent to
propagate to this object and all child objects.
Include these with entries explicitly defined her
option, which is the default setting.
Guide to Operating Systems, 4th ed.
28
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
Guide to Operating Systems, 4th ed.
29
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Configuring Shared Disks and Folders
– A share is an object – a disk or folder – that is given a name
and made visible to network users.
– A drive or folder is shared through its properties.
• Access the drive or folder in My Computer or in Windows Explorer.
• Right-click the drive or folder.
• Click Sharing.
– When choosing to share a driver or folder you must provide a name
for the share and configure how many people can access the share at
the same time.
• Click the Permissions button to set share permissions.
Guide to Operating Systems, 4th ed.
30
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• Configuring Shared Disks and Folders
– The available share permissions are:
• Full Control – Provides full access to the folder including the
ability to take control or change share permissions.
• Read – Permits groups or users to read and execute files.
• Change – Enables users to read, add, modify, execute, and delete
files.
– You can also set up Offline Settings.
• Enables you to set up as folder so that it can be accessed by a
client, even when the client is not connected to the network.
– You can also setup Web sharing, which makes files available
on a Web server for HTML or FTP access.
• Must have Internet Information Services (IIS) installed.
Guide to Operating Systems, 4th ed.
31
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
Web sharing access permissions
Guide to Operating Systems, 4th ed.
32
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• NTFS permission conflicts:
– If a user account has Read permission for a folder and belongs
to a group that has Write permission, that user has both Read
and Write permissions
• The exception is Deny – If a user who has Read permission of a
folder but belongs to a group for which all permissions are denied
to that folder, the user does not have access to the folder
– Summary of permission rules:
• NTFS permissions are cumulative with the exception that if an
account or group is denied access, this overrides other
permissions
• When a folder has both NTFS and share permissions, the most
restrictive permissions apply
Guide to Operating Systems, 4th ed.
33
Windows Server 2003/Server 2003 R2
and Server 2008/Server 2008 R2
• When a file or folder is created, copied, or moved,
the permissions can be affected:
– A newly created file inherits the permissions already set up in a
folder.
– A file that is copied from one folder to another on the same
volume inherits the permissions of the folder to which it is copied.
– A file or folder moved from one folder to another on the same
volume takes its permissions with it.
– A file or folder that is moved or copied to a different volume
inherits the permissions of the folder to which it is moved/copied.
– A file or folder that is moved/copied from an NTFS volume to a
folder in a FAT volume is not protected by NTFS permissions, but
it does inherit share permissions if they are assigned to the FAT
folder.
– A file or folder that is moved or copied from a FAT volume to a
folder in an NTFS volume inherits the permissions already
34
assigned in the NTFS folder.
UNIX and Linux
• Access to directories and files on a UNIX/Linux
server is also governed through user accounts,
groups, and access permissions.
• Each user account is associated with a user
identification number (UID).
• Users who have common access needs can be
assigned to a group via a group identification
number (GID).
– Then permissions to access resources are assigned to the
group, instead of each user.
• When a user logs on to access resources, the
password file is checked to permit logon
authorization.
Guide to Operating Systems, 4th ed.
35
UNIX and Linux
• The password file (/etc/passwd) contains:
– The user name
– An encrypted password or a reference to a shadow file (file
associated with the password file that makes it difficult for
intruders to determine the passwords of others)
– The UID, can be a number as large as 60,000
– The GID, which is the primary group id
– Information about the user, such as a description or the user’s
job
– The location of the user’s home directory (a work area for the
user to store data on the server)
– A command that is executed as the user logs on, such as which
shell to use
Guide to Operating Systems, 4th ed.
36
UNIX and Linux
• The shadow file (/etc/shadow) is normally only
available to the system administrator
• Contains password restriction information that
includes:
– The minimum and maximum number of days between
password changes
– Information on when the password was last changed
– Warning information about when a password will expire
– Amount of time that the account can be inactive before access
is prohibited
Guide to Operating Systems, 4th ed.
37
UNIX and Linux
• Information about groups is stored in the etc/group
file
– Typically contains an entry for each group consisting of the
name, an encrypted group password, the GID, and a list of
group members
– In some versions of UNIX/Linux, every account is assigned to
at least one group
• User accounts and groups can be created by
editing the password, shadow, and group files
– Or by entering UNIX/Linux commands (recommended way)
– Important to make sure that each group has a unique GID
Guide to Operating Systems, 4th ed.
38
UNIX and Linux
• The useradd command enables you to create a
new user
– See page 509 for a list of some of the parameters that can be
used with this command
• Example:
– useradd –c “Lisa Ramirez, Accounting Department, ext 221” –p
green$thumb –u 700 lramirez
– This command creates an account called lramirez with a
comment that includes personal information, a password set to
green$thumb, and a UID equal to 700
• Useradd, usermod, and userdel generally work in
all versions of UNIX/Linux
– Except IBM’s AIX which uses mkuser, chuser, and rmuser
Guide to Operating Systems, 4th ed.
39
UNIX and Linux
• Groups are created using the groupadd command
– -g parameter is used to establish the GID and the group string
creates a group name
– Example – to create the auditors group:
• groupadd –g 2000 auditors
• Once a group is created, it is modified through the
groupmod command
• Groups are deleted using the groupdel command
Guide to Operating Systems, 4th ed.
40
UNIX and Linux
• Files are assigned any combination of 3
permissions:
– Read – enables the user to display its contents (signified by the
letter r)
– Write – ability to modify, save, and delete a file (signified by the
letter w)
– Execute – enables a user or group of users to run a program
(signified by the letter x)
• Permissions are granted on the basis of 4 criteria:
–
–
–
–
Ownership
Group membership
Other (or World)
All (All is not used in every version of UNIX/Linux)
Guide to Operating Systems, 4th ed.
41
UNIX and Linux
• The owner of a file or directory typically has:
– all permissions
– can assign permissions
– has the designation of u
• Group members (g) – users who may have a
complete set of permissions, one permission, or a
combination of two (such as read and execute)
• Other (o) – consists of non-owners who represent
generic users
• All (a) – represents the combination of u + g + o
Guide to Operating Systems, 4th ed.
42
UNIX and Linux
• Permissions are set up by using chmod
• Chmod has two different formats – symbolic and
octal.
– In the symbolic format, you specify three parameters;
• (1) who has the permission;
• (2) the actions to be taken on the permission;
• (3) the permission.
– In the command chmod go -r-w-x * that is used on all files
(signified by the * ) in a directory.
• The g signifies groups and o signifies others
• The – means to remove a permission
• The -r-w-x signifies removing the read, write, and execute
permissions.
.
– In this example, only the owner and members of the owner’s
group are left with read, write, and execute permissions on the
43
files in this directory
UNIX and Linux
• Chmod has two different formats – symbolic and
octal.
– The octal format is more complex because it assigns a number
on the basis of the type of permission and on the basis of
owner, group, and other (World) – all is omitted from this
scheme.
• Execute permission is assigned a 1, write is 2, and read is 4.
• These permission numbers are added together for a value
between 0 and 7.
• There are four numeric positions (xxxx) after the chmod
command.
–
–
–
–
.
The first position gives the permission number of the SUID/SGID.
The second position gives the permission number of the owner.
The third gives group permissions.
The fourth position gives the permission number of other.
» The command chmod 0755 * assigns no permissions to SUID/SGID
(0); read, write, and execute permissions to owner (7); and read and
execute permissions to both group and other (5 in both positions) for
44
all files (*).
Mac OS X Server
• Built on the foundation of Mac OS X but is
designed as a true server for file sharing, printer
sharing, managing network users and groups, and
providing Web services.
• A computer running Mac OS X Server can support
up to several thousand users.
• Might deploy this OS Server in a company that
creates publications or advertising materials or in a
school laboratory.
• Mac OS X Server includes the Apache Web server
software.
Guide to Operating Systems, 4th ed.
45
Mac OS X Server
• File permissions on a Mac OS X Server are very
similar to those for UNIX/Linux.
– Mac OS X Server is based on the UNIX/Linux system.
• There are basically three methods of setting
permissions on a Mac OS X Server.
– You can use the Info windows in the Mac OS X Finder;
– A third-party tool;
– UNIX/Linux commands.
Guide to Operating Systems, 4th ed.
46
Mac OS X Server
• Mac OS X Server supports TCP/IP.
– Opens the door for communications with other computers that
use TCP/IP.
– Makes the Mac OS X Server compatible with the Internet e-mail
protocol Simple Mail Transfer Protocol (SMTP).
• Out of the box, Mac OS X Server includes:
• A Mail Server for e-mail communications;
• An FTP Service (File Transfer Protocol) that can be used to
transfer documents to or from the server over the Internet.
Guide to Operating Systems, 4th ed.
47
Mac OS X Server
• Mac OS X includes ServerAdmin that enables
server management:
– Accounts and groups can be created and managed.
– Users can set up:
• A login shell.
– Similar to a login script of actions that occur before the user logs on.
• A home directory.
– Manages file and print sharing.
– Establishes share points (shared resources on the server).
– Log events such as login and logout, opening, creating, and
deleting files and folders.
– Monitor/create print queues.
– Hold, release, and delete print jobs.
Guide to Operating Systems, 4th ed.
48
Accessing and Sharing Resources in
Windows XP/Server 2003/R2
• You can find My Network Places using several
techniques, such as through Control Panel, My
Computer, or Windows Explorer.
• The fastest is to use the following:
– Click the Start menu, right click My Computer, and click Map
Network Drive.
– Click the Browse button.
– Find the workgroup, domain, or other entity in which the
computer sharing the drive resides, and click it.
– Click the folder that you want to access, click OK.
– Set the Drive letter to which you want to map the network drive.
– Click Finish.
Guide to Operating Systems, 4th ed.
49
Accessing and Sharing Resources in
Windows XP/Server 2003/R2
• Disconnecting from a shared drive involves the
same steps as in earlier versions of Windows:
– Find the drive in My Computer or Windows Explorer.
– Right-click the drive.
– Click Disconnect.
Guide to Operating Systems, 4th ed.
50
Accessing and Sharing Resources in
Windows XP/Server 2003/R2
Configuring a shared folder in Windows XP
Guide to Operating Systems, 4th ed.
51
Accessing and Sharing Resources in
Windows Vista/7/Server 2008/R2
• Click the Start menu, click Computer, and click Map
network drive.
• Set the drive letter to which you want to map the
network drive.
• Click the Browse button.
• Find the workgroup, domain, or other entity in which the
computer sharing the drive resides, and click it.
• Click the folder you want to access, and click OK.
• Check the Reconnect at Login box if you want the
mapping to be there after a reboot.
• Click Finished when done.
Guide to Operating Systems, 4th ed.
52
Accessing and Sharing Resources in
Windows Vista/7/Server 2003/R2
• Disconnecting from a shared drive involves the
same steps as in earlier versions of Windows:
– Find the drive in My Computer or Windows Explorer.
– Right-click the drive.
– Click Disconnect.
Guide to Operating Systems, 4th ed.
53
Accessing and Sharing Resources in
Windows Vista/7/Server 2008/R2
Mapping a drive in Windows 7
Guide to Operating Systems, 4th ed.
54
Accessing Shared Resources via
UNIX/Linux and Specialized Utilities
• UNIX/Linux enable resource sharing by using
Network File System (NFS)
– NFS enables one computer to mount a partition on another
computer and then access file systems on the mounted
partition as if they were local.
• When a client mounts an NFS volume on a host,
both the client and host use remote procedure
calls (RPCs).
– An RPC enables services and software on one computer to use
services and software on a different computer.
Guide to Operating Systems, 4th ed.
55
Accessing Shared Resources via
UNIX/Linux and Specialized Utilities
• To use NFS in Red Hat Enterprise Linux, the
following services must be enabled:
– portmap – establishes and manages the remote connections
through designated User Datagram Protocol (UDP) ports.
– rpc.mountd – handles the RPC request to mount a partition.
– rpc.nfsd – enables the Linux kernel to manage specific
requests from a client.
Guide to Operating Systems, 4th ed.
56
Accessing Shared Resources via
UNIX/Linux and Specialized Utilities
• Security that controls which clients can use NFS is
handled through entries in two files:
– /etc/hosts.allow – contains the clients that are allowed to use
NFS
– /etc/hosts.deny – contains computers that are not allowed to
use NFS
– The resources mounted through NFS are also protected by the
permissions on the directories and files.
• Samba – utility that uses the Server Message
Block (SMB) protocol to allow access to shared
Windows drives.
Guide to Operating Systems, 4th ed.
57
Accessing and Sharing Resources via
Mac OS
• Uses Samba to connect to another computer that is
sharing a disk or folder
• To mount a shared drive:
– Open the Go menu, select Connect to Server, and enter the
address of the server or use the Browse button to find it
Connect to Server dialog box in Mac OS X
Guide to Operating Systems, 4th ed.
58
Accessing and Sharing Resources via
Mac OS
• In Mac OS X – turn on file sharing through System
Preferences.
• Some of the resources that you can configure for
sharing:
– File Sharing – To share folders with other Mac OS X computers
– Web Sharing – To share information on the Web
– Remote Login – To allow another computer to remotely log into
your computer
– Remote Apple Events – So that other Mac OS X computers can
send events to this computer
– Printer Sharing – To enable others to use your computer’s
printer
Guide to Operating Systems, 4th ed.
59
Sharing Printing Devices
• Windows Systems – Add Printer Wizard is used to
set up a printer.
– Once a printer is setup, it can be configured for printer sharing
through the printer’s Properties.
– Different Windows versions have different steps in order to
share a printer.
• In Windows XP/Server 2003/Server 2003 R2:
– Open the Printers option or folder.
• In Windows XP and Windows Server 2003/Server 2003 R2:
– Click Start and click Printers and Faxes.
• Select the printer you want to share and right-click it to access
menu options.
• Click Sharing and select the option to enable sharing.
• Enter a name for the shared printer.
Guide to Operating Systems, 4th ed.
60
Sharing Printing Devices
• When you configure sharing, make sure you
configure share permissions for the shared printer.
– The following are share permissions you will see:
• Print – Can send print jobs and manage your own jobs
• Manage Documents – Can manage your print jobs or those sent
by any other user
• Manage Printers – Can access the share, change share
permissions, turn off sharing, configure printer properties, and
delete the share
• Special Permissions – shows whether special permissions are
configured, and if they are allowed or denied
Guide to Operating Systems, 4th ed.
61
Sharing Printing Devices
• UNIX/Linux printing is essentially the process of
logging onto the UNIX/Linux server and printing to
one of its printers.
– Uses Berkeley Software Distribution (BSD) spooling system or
the System V Release 4 (SVR4) spooling system.
– BSD uses 3 components for printing:
• lpr print program
• lpd daemon
• The file /etc/printcap to specify printer properties (a text file that
can be modified via a text editor).
Guide to Operating Systems, 4th ed.
62
Sharing Printing Devices
• UNIX/Linux printing is essentially the process of
logging onto the UNIX/Linux server and printing to
one of its printers.
– In SVR4, the spooling system consists of the lp print program
and the lpsched daemon
• SVR4 printer properties are stored in the file /etc/ printcap, which
is modified by using the lpadmin utility.
Guide to Operating Systems, 4th ed.
63
Sharing Printing Devices
• In Red Hat Enterprise Linux or Fedora – use the
GNOME Print Manager tool.
–
–
–
–
Click Main Menu.
Point to System Tools and Click Print Manager.
To configure a new queue, click the Action menu.
Click New queue OR To configure sharing, select the queue
from which to share.
– Click Action.
– Click Sharing.
Guide to Operating Systems, 4th ed.
64
Sharing Printing Devices
• In Mac OS X Systems there are 2 ways to set up
printer sharing
– First method:
•
•
•
•
•
Open System Preferences from the Dock or by clicking Go.
Click Applications, and double-click System Preferences.
Double-click Sharing.
Check the box for Printer Sharing.
Close the Sharing Window.
– Second method:
•
•
•
•
•
Open System Preferences from the Dock or by clicking Go.
clicking Applications, and double-click System Preferences.
Double-click Print & Fax.
Check the box for Share my printers with other computers.
close the window.
Guide to Operating Systems, 4th ed.
65
Sharing Printing Devices
Accessing a shared printer via Mac OS X
Guide to Operating Systems, 4th ed.
66
Network and Internet Resource
Servers
• UNIX/Linux, Windows, and Mac OS X servers can
be set up as resource servers to provide network
and Internet resources:
– E-mail servers
• A wide range of programs can turn a UNIX/Linux or Windows
Server into an e-mail server.
• Mac OS X Server can process e-mail through its Sendmail
program.
– E-commerce
• Consists of thousands of servers connected to the Internet
conducting business, taking and fulfilling product orders.
• Process billions of dollars in business transactions.
Guide to Operating Systems, 4th ed.
67
Network and Internet Resource
Servers
• UNIX/Linux, Windows, and Mac OS X servers can
be set up as resource servers to provide network
and Internet resources:
– Videoconferencing
• Companies are implementing videoconferencing capabilities on
servers and workstations as a way to save money by reducing
travel expenses.
– Multimedia
• Servers are popular for business applications, education,
government, and entertainment purposes.
• Provide academic courses that you can access from a home
computer or mobile device over the Internet.
Guide to Operating Systems, 4th ed.
68
Network and Internet Resource
Servers
• UNIX/Linux, Windows, and Mac OS X servers can
be set up as resource servers to provide network
and Internet resources:
–
–
–
–
Instant messaging
Text messaging
Alerts for weather and security-related activities
Web servers
• Provide a huge range of services that include the ability to quickly
access information and download it through FTP servers.
– Web servers can also act as FTP servers.
– Intranet and virtual private network (VPN) servers
• Enable information to be obtained through private networks.
– FTP servers
Guide to Operating Systems, 4th ed.
69
Chapter Summary
• Resource sharing is why networks exist starting with sharing
files, which led to sharing disks and folders, which led to
printing and program services
• Whenever network resources such as folder and printers are
shared, it is important to secure these resources to make
sure that only authorized users can access them
• When you configure Windows resources, the process
typically involves creating security groups for easier
management, establishing account policies and user
accounts, setting permissions on the resources, and
configuring sharing of the resources
• UNIX/Linux systems also use groups, user accounts, and
permissions to enable resource access and security
Guide to Operating Systems, 4th ed.
70
Chapter Summary
• Mac OS X Server is a server version of Mac OS X for
providing more extensive access to resources through user
accounts and sharing services
• Client operating systems – such as Windows, UNIX/Linux,
and Mac OS X – come with utilities to enable them to access
shared resources over a network and to offer resources to
share
• All of the OSs discussed in this book offer the ability to share
printers and to access printers that are shared through a
network
• Network server OSs continue to offer more and more ways to
share resources such as e-mail, e-commerce,
videoconferencing, multimedia distribution, and database
access
Guide to Operating Systems, 4th ed.
71