Network Administration CNET443 1 Chapter 3 User Management

  • Slides: 23
Download presentation
Network Administration CNET-443 1 Chapter 3 User Management

Network Administration CNET-443 1 Chapter 3 User Management

Issues 2 User management is about interfacing humans to computers. This brings to light

Issues 2 User management is about interfacing humans to computers. This brings to light a number of issues: Accounting: Registering new users and deleting old ones. Comfort and convenience. Support services. Ethical issues. Trust management and security.

User Registration 3 One of first issues on a new host is to issue

User Registration 3 One of first issues on a new host is to issue accounts for users. The tools provided by OS are at best, primitive and rarely suitable for the task without modification. Users can be registered at a centralized location by the system manager. All users to be registered to ensure unique identities. No acceptable, standardized user registration methods have been widely adopted. The reason is that the requirements of each organization is different.

Local and Network Accounts 4 Each user will have the same password on each

Local and Network Accounts 4 Each user will have the same password on each host in the network. With a local account, a user has permission to use only the local host. With a network account, the user can use any host which belongs to a network domain. Both Unix and NT support the creation of accounts locally on a single host or globally within a network domain. Users will be moving around from host to host, so they need distributed accounts to access system resources wherever they are.

Local and Network Accounts 5 Standardizing usernames across all platforms simplify both the logistics

Local and Network Accounts 5 Standardizing usernames across all platforms simplify both the logistics of user management and opens the way for cross-platform compatibility. User names longer than eight characters can cause problems with Unixlike systems and FTP services. Users normally expect to be able to use the same password to log onto any host and have access to the same data, except for hosts with special purposes. At universities hundreds of students are registered at the same time. No system administrator would type in all the names by hand. Perl scripts are excellent ways of making user installation scripts

UNIX Accounts 6 To add a new user to a Unix-like host we have

UNIX Accounts 6 To add a new user to a Unix-like host we have to: Find a unique username, user-id number and password for the new user. Update the system database of user accounts. Create a login directory (home directory) for the user. Choose a shell for the user (if appropriate). Copy some configuration files like. cshrc or. profile into the new user’s directory, or update the system registry. Because every site is different, user registration requires different tools and techniques in almost every case. Newer Unix-like systems make use of shadow password files, which conceal the encrypted form of the password for ordinary users.

Windows Accounts 7 Single Windows accounts are added with the command or using the

Windows Accounts 7 Single Windows accounts are added with the command or using the GUI. Windows does not provide any assistance for mass registration of users. The additional Resource Kit package contains tools which allow lists of users to be registered but only at additional cost. Windows users begin in the root directory by default. Network users conventionally have their home directory on the domain server mapped to the drive. There is only a single choice of shell (command interpreter) for NT, so this is not specified in the user registration procedure. Several possibilities exist for creating user profiles and access policies, depending on the management model used.

Groups of Users 8 Both Unix and NT allow users to belong to multiple

Groups of Users 8 Both Unix and NT allow users to belong to multiple groups. A group is an association of usernames which can be referred to collectively by a single name. File and process permissions can be granted to a group of users. Groups are defined statically by the system administrator. The names and numbers of system groups vary with different flavors of Unix. The root group has super-user privileges. NT also allows the creation of groups. Groups are created by command, rather than by file editing. NT distinguishes global groups (consisting only of domain registered users) from local groups, which may also contain locally registered users. Some standard groups are defined by the system. The Administrators group has privileged access to the system.

Account Policy 9 Most organizations need a strict policy for assigning accounts and opening

Account Policy 9 Most organizations need a strict policy for assigning accounts and opening the system for users. There are many ways in which accounts can be abused. Policy rules are required for guiding user behavior, and also for making system rules clear. An account policy contain: 1. Rules about what users are allowed/not allowed to do. 2. Specifications of what mandatory enforcement users can expect, e. g. tidying of garbage files. Any account policy should contain a clause about weak passwords. If weak passwords are discovered, it must be understood by users that their account can be closed immediately. It is occasionally tempting to create guest accounts for visitors and transient users.

Login Environment 10 When a new user logs in for the first time, he

Login Environment 10 When a new user logs in for the first time, he or she expects the new account to work straight away. Printing should work, programs should work and there should be no strange error messages about files not being found or programs not existing. Most users want to start up a window environment. If users will be able to log on to many different kinds of operating system, we have to balance the desire to make systems look alike, with the need to distinguish between different environments. Users need to understand the nature of their work environment at all times in order to avoid hapless errors.

User Support Services 11 All users require help at some time or another. The

User Support Services 11 All users require help at some time or another. The fact that normal users are not privileged users. It means that they must occasionally rely on a super-user to clean up a mess, or fix a problem which is beyond their control. If we are to distinguish between privileged and non-privileged users, we cannot deny users this service.

Support Policy 12 The amount of support that one offers users is a matter

Support Policy 12 The amount of support that one offers users is a matter of policy. One has the choice between supporting users directly, and investing time in making them self sufficient. In almost all cases both strategies are needed. Thus one looks for a mixture of the following: 1. Training users. 2. Helping users. 3. Documenting and providing the answers to frequently asked questions. The proportion of time spent on each must be chosen as policy. A recent development in user assistance is the Virtual Network Computing model from AT&T. Through this, an administrator can log onto an existing user session and have dual controls, allowing users to be nursemaided through difficulties online.

Checklist 13 The provision of a service to users suggests the need for quality

Checklist 13 The provision of a service to users suggests the need for quality controls. Checklists are a useful algorithmic aid to securing predictable results. The basic checklist for user services is this: 1. Read the user request properly. 2. Do you understand the request? 3. Is the request in line with policy? 4. Are you competent to deal with the request? 5. Schedule the request (rapid response mitigates frustration). Some administrators are good at talking users through their logical analysis, while others tend to keep their thoughts to themselves. Human users generally appreciate being included in the procedures.

Controlling User Resources 14 Every system has a mixture of passive and active users.

Controlling User Resources 14 Every system has a mixture of passive and active users. Passive users utilize the system often minimally, quietly accepting the choices which have been made for them. Active users, on the other hand, follow every detail of system development. They frequently find every error in the system and contact system administrators frequently, demanding upgrades of their favorite programs. Active users can be of great help to a system administrator, because they test out problems and report them actively. They are an important part of the system administration team, or community, and can also go a long way to helping the passive users. An important point about active users, however, is that they are not authorized staff.

Resource Consumption 15 Disks fill up at an alarming rate. Users almost never throw

Resource Consumption 15 Disks fill up at an alarming rate. Users almost never throw away files unless they have to. To keep hosts working it is necessary to remove files, not just add them. Quotas limit the amount of disk space users can have access to. Disk quotas mean that users have a hard limit to the number of bytes they are allowed to use on the disk. Disk quotas have advantages and disadvantages. The advantage is that users really cannot exceed their limits. There is no way around this. • The disadvantage is that disk quotas are very restrictive and when a user exceeds their limit they often do not understand what has happened.

Quotas and Limits in General 16 One way of protecting operating systems from users

Quotas and Limits in General 16 One way of protecting operating systems from users and from faulty software is to place quotas on the amount of system resources which they are allowed. Disk quotas: Place fixed limits on the amount of disk space which can be used per user. CPU time limit: Some faulty software packages leave processes running which consume valuable CPU cycles to no purpose. Users of multiuser computer systems occasionally steal CPU time by running huge programs which make the system unusable for others. Policy decisions: Users collect garbage. To limit the amount of it, one can specify a system policy which includes items of the form: ‘Users may not have mp 3, wav, mpeg etc. files on the system for more than one day’.

Killing old Processes 17 Processes sometimes do not get terminated when they should. There

Killing old Processes 17 Processes sometimes do not get terminated when they should. There are several reasons for this. Sometimes users forget to log out. Sometimes poorly written terminal software does not properly kill its processes when a user logs out. Sometimes background programs simply crash or go into loops from which they never return. One way to clean up processes in a work environment is to look for user processes which have run for more than a day. Cfengine can also be used to clean up old processes. Cfengine’s processes commands are used to match processes in the process table (which can be seen by running ps ax on Unix).

Moving Users 18 When disk partitions become full, it is necessary to move users

Moving Users 18 When disk partitions become full, it is necessary to move users from old partitions to new ones. Moving users is a straightforward operation, but it should be done with some caution. A user who is being moved should not be logged in while the move is taking place, or files could be copied incorrectly. Begin by looking for an appropriate user, perhaps one who has used a particularly large amount of disk space. Users need to be informed about the move. Also, the user’s account must be closed by altering their login shell, for instance, before the files are moved.

Deleting Old Users 19 Users who leave an organization eventually need to be deleted

Deleting Old Users 19 Users who leave an organization eventually need to be deleted from the system. Before deleting a user completely, a backup of the data can be made for safe-keeping. Then we have to remove the following: 1. Account entry from the password database. 2. Personal files. 3. E-mail and voice mail and mailing lists. 4. Removal from groups and lists (e. g. mailing lists). 5. Removal of cron and batch tasks. 6. Revocation of smartcards and electronic ID codes

Online User Services 20 There are many instances of using the World Wide Web

Online User Services 20 There are many instances of using the World Wide Web to provide online registration of data. It requires users to be managed in a potentially different way for part of the time. These are significant challenges at present. Since current online technologies are not well standardized in a way that is ideally suited to this task. Until some dedicated software is available for this purpose. It is a task for system administration to make interim solutions possible.

Security Perspective 21 Security is the discipline of protecting interests and things of value.

Security Perspective 21 Security is the discipline of protecting interests and things of value. Security spans a number of issues like: Trust: The fundamental issue in any security system is where one places one’s trust; it is about deciding what is an acceptable risk. For example, staff might trust students never to cheat. If that is the case, security is very simple. On the other hand, staff might only trust students not to cheat in a supervised room. Reliability: The reliability of the examination procedure must be secured against both malicious exploitation and accidental error. If a machine can be made to perform the grading, then clearly the only source of error would be a systematic error. Integrity: Integrity concerns the ability to transmit information, or intent, without alteration or error. The disturbing lack of standardization in browser technology means that not all data can be rendered in any browser.

Security Perspective 22 Authenticity and Identity: The act of confirming one’s identity by use

Security Perspective 22 Authenticity and Identity: The act of confirming one’s identity by use of a secret password or other means is called authentication. Students need to trust the authenticity of the exam paper, or the problems they are to answer. It would be unacceptable for a malicious party to replace the actual exam with a fake exam, or an exam to which the students already had the written solutions. Privacy: Finally, can the process of evaluation be conducted with sufficient respect for individual privacy? The teacher’s privacy is needed to prevent students from cheating by finding the solutions or by gaining knowledge of the problems in advance, and the student’s privacy is needed to prevent their identities from compromising the objectivity (reliability) of the process.

23 Thanks

23 Thanks

NETWORK ADMINISTRATION CNET443 Chapter 4 Network Management StandardsNETWORK ADMINISTRATION CNET443 Chapter 4 Network Management Standards
NETWORK ADMINISTRATION CNET443 Chapter 4 Network Management StandardsNETWORK ADMINISTRATION CNET443 Chapter 4 Network Management Standards
Network Administration CNET443 1 Chapter 5 SNMP ManagementNetwork Administration CNET443 1 Chapter 5 SNMP Management
Network Administration CNET443 1 Chapter 6 RMON RemoteNetwork Administration CNET443 1 Chapter 6 RMON Remote
What is Network Administration Network administration can beWhat is Network Administration Network administration can be
Network Management Network Management Overall administration from InitialNetwork Management Network Management Overall administration from Initial
Lec 3 Network Management Outline Network Management NetworkLec 3 Network Management Outline Network Management Network
Health Administration Health Administration or Healthcare Administration isHealth Administration Health Administration or Healthcare Administration is
Account Administration SAP Account Administration Account Administration LearningAccount Administration SAP Account Administration Account Administration Learning
Health Administration Health Administration or Healthcare Administration isHealth Administration Health Administration or Healthcare Administration is
Public Administration Public Administration Public administration has beenPublic Administration Public Administration Public administration has been
CONSTRUCTION MANAGEMENT AND ADMINISTRATION Construction Management and AdministrationCONSTRUCTION MANAGEMENT AND ADMINISTRATION Construction Management and Administration
Money Management QHG User Management Admin Platform AdministrationMoney Management QHG User Management Admin Platform Administration
User Guide Prime Portal User Administration CGI GroupUser Guide Prime Portal User Administration CGI Group
IT information Students user administration and user IDsIT information Students user administration and user IDs
LCLS User Research Administration Cathy Knotts Manager UserLCLS User Research Administration Cathy Knotts Manager User
User Interface Subsystem User Interface Subsistem UI UserUser Interface Subsystem User Interface Subsistem UI User
Hiiiii USER PROPERTIES USER PROPERTIES User properties areHiiiii USER PROPERTIES USER PROPERTIES User properties are
n id user Name username user Name usern id user Name username user Name user
Unit 2 User Interface Design User interface UserUnit 2 User Interface Design User interface User
usertype USER ROLE USER User userid eduroot assistantusertype USER ROLE USER User userid eduroot assistant
user needs user need decent bets user demandsuser needs user need decent bets user demands