Network Operating Systems

Early network operating systems provided just the basics in terms of network services, such as file and printer sharing. Today's network operating systems offer a far broader range of network services; some of these services are used in almost every network environment, and others are used in only a few. Despite the complexity of operating systems, the basic function and purpose of a network operating system is straightforward: to provide services to the network. The following are some of the most common of these services:
y Authentication services y File and print services y Web server services y Firewall and proxy services y Dynamic Host Configuration Protocol (DHCP) and Domain Name

System (DNS) services These are just a few of a large number of services that a network operating system can provide. The following sections discuss the major operating systems currently in use and how each of them deals with basic services such as authentication, security, and file and print services.

Linux/UNIX
Providing a summary of Linux in a few paragraphs is a difficult task. Unlike other operating systems, each of which has only a single variation, Linux is a freely distributable open source operating system that has many variants called distributions. Each of these distributions offers a slightly different approach to certain aspects of the operating system, such as installation and management utilities. Some of the most common Linux distributions include Red Hat, SuSE, Debian, and Caldera. In light of the many versions of Linux, if a command or an approach is listed in this section and is not available in

Linux Authentication People who are used to working on a Windows-based system will no doubt discover that administration on a Linux system is very different. authentication information such as a list of users is kept in a text file. controls who can and cannot log on to the system. NFS makes it possible for areas of the hard disk on a Linux system to be shared with other clients on the network. Linux has a file system permission structure that makes it possible to restrict access to files or directories. you can look for an equivalent command or approach in your version. a valid username and password combination must be supplied. one of two file sharing services is commonly used: y y NFS NFS is the original file-sharing system used with Linux. For a user to log on to the system. In much the same way as on Windows servers. This file. /etc/passwd. Linux File and Print Services Although it is not the most obvious choice for a file and print server platform.the version of Linux you are using. In Linux. In a base configuration. each file or directory can be assigned a very basic set . For instance. the volumes on a Linux server are not available to network clients. Samba facilitates the sharing of folders that can then be accessed by Windows client computers. As with the other NOS discussed in this chapter. Samba Samba provides Server Message Block functionality so that areas of the Linux server disks can be made available to Windows clients. Once the share has been established from the client side. the fact that the drive is on another system is transparent to the user. Samba also makes it possible for Linux printer resources to be shared with Windows clients. To make them available. Linux can perform the role of a file and print server admirably. Both of these pieces of information are case sensitive. and you will very likely find one.

but it is still more than sufficient in many environments. chances are that it is available for Linux in some form. such as NetWare. RWX) or a numeric format (777). as discussed earlier. which. Many people. all applications created for Linux are third-party applications in that Linux itself is only an operating system kernel. The basic rights are Read. On the assumption that a network server will have a number of requirements. This means that application support for Linux is on par with. . or from an "everyone" designator. Printing on a Linux system occurs through a service called the Line Printer daemon. Write. even if it has not yet reached the levels achieved by Windows server platforms. is called a distribution. and Execute. The rights can be expressed in an alphabetic format (that is. In later versions of Linux. it is common practice for the Linux kernel to be bundled with various applications and provided to customers as a package. In a sense. The rights to a file can be derived from the file ownership. The applications that run on this kernel provide Linux with its functionality. however.of file rights that dictates the actions that can be performed on the file. if not greater than. you can find software for the Linux platform that is written by an equally enthusiastic army of small software development companies and individuals. from a group object. some distributions have started to provide a more enhanced printing system called the Common UNIX Printing System (CUPS). The Line Printer functionality can be accessed by any user on the network who is properly authorized and connected. still prefer to use the traditional Line Printer system because of its simplicity and efficiency. The Linux file permission structure might not be as sophisticated as those found in other network operating systems. Linux Application Support If you can think of an application that you might need. which covers all users who are authenticated on the server. As well as highly sophisticated commercial applications produced by large software companies. that in other network operating systems.

Developed in the same spirit as Linux itself. Although it can be said that there are also free server-type applications for Windows and NetWare. access to resources on a Linux network is controlled through permissions. Linux is a very secure operating system. there are certainly not as many of them as there are for Linux. y File and directory security The default file system used by Linux is the EXT2 file system. (Note that we are referring to server applications. The following are a few highlights of Linux security: y Resource access As in the other network operating systems. in the form of a username and a password. When it is configured correctly. EXT2 allows administrators to assign permissions to individual files and folders.deny and hosts. and in many cases governed by the same licensing types. Access control lists identifying systems and who can access what resources are held in text files such as hosts. .) Linux Security Considerable effort has been put into making Linux a very secure network operating system. These permissions are used to control who is allowed access to specific data on the server. these free applications can seriously reduce the cost of maintaining a network server. which is used with Windows servers. is required. it is often used as a company's firewall server. Like NTFS. Permissions for network resources and services can be assigned to an individual user or to a group of users. not applications targeted at workstation or end-user applications. and those efforts are evident. therefore. A secure server should have permissions set on the important data in the system.allow. y User authentication To access the local system resources or any network resources. user authentication. The user account information is kept in a text file known as the /etc/passwd file in the Linux system.One aspect in which Linux certainly has the edge over other operating systems is that many Linux applications are free.

Mac OS X Server Mac OS is the operating system created for Apple Computer's line of personal computers. the next three for the group. Apple released its last major revision to its aging 'Classic' operating system. or the entity "everyone. although for most environments. and the next three for the "everyone" assignment. it will become an increasingly common sight in server rooms of organizations of all sizes. The next three values specify the file rights for the user. or modified Execute Allows files to be executed (that is. Table 1 File Permissions on UNIX/Linux Right Read Write Description Allows files to be listed. run) The file permissions are listed to the right of the file. this approach is more than sufficient. File permissions can be assigned to either the creator of a file or directory. In 1999. written to. a group. with the original version being released in 1984 to run on the original Macintosh computer. opened. Mac OS has a long history. . UNIX and Linux have the most simplistic approach to file system security.As Linux continues to grow in popularity. you should prepare yourself for when you encounter a Linux systemnot if. These rights are listed in Table 1. and read Allows files to be created. UNIX and Linux have only three rights that can be assigned. As a network administrator." which includes any authenticated user. The first value specifies whether the file is a file (-) or a directory (d). Mac OS 9. Of the platforms discussed in this chapter.

HFS+ supports disk quotas.1. byte-range locking. and more. y y .The successor to the Classic Mac OS was Mac OS X. the system keeps a log of the hard disk's main data activity. MFS was used with earlier Mac versions including Mac OS 13. finder information in metadata. and so on. restoring the system to its previous state instead of having to go through the lengthy process of rebuilding the data. In a journaled file system. the file system can retrieve lost data by consulting the "journal" log. FAT16. the original Mac file system was Apple's Macintosh File System (MFS). Mac OS X File Systems and File and Print Services As you might expect. a UNIX-like operating system with a friendly and familiar user interface. Successive versions of Mac OS X have a decimal numeralfor example. X. support for hiding file extensions on a per-file basis. HFS+ includes many enhanced features. Mac OS 4 introduced Apple's Hierarchical File System (HFS). when HFS was replaced by HFS Plus. Instead of the FAT or FAT32 file system. the file systems used on Windows-based PCs is different from those used in an Apple system. until Mac OS 8.2. One of the more publicized features of HFS+ is journaling. and FAT32). The following is a list of other file systems supported by Mac OS X: y ISO9660 Mac supports the ISO9660 file system standard. most of the previous section on Linux applies to a Mac OS X server. Mac OS X. Like NTFS. NTFS Mac OS X includes read-only support for NTFS. In case of a crash or other system failure. HFS was the primary file system format used on the Macintosh Plus and later models. This is a system-independent file system for read-only data CDs. Because Mac OS X uses Linux/UNIX technology.1. MS-DOS Mac OS X includes support for MS-DOS file system (FAT12. HFS+ is the file system most commonly associated with Mac OS X.

y UDF UDF (Universal Disk Format) is the filesystem used by DVD-ROM (including DVD-video and DVD-audio) discs and by many CD-R/RW packet-writing programs. Mac OS X offers a wide-range of support for network file and print services supporting various file sharing protocols. you can turn on Apple File Protocol (AFP). Macs will be able to see the server. It provides the commands for opening. the protocols that enable file sharing between network nodes in a Windows environment. Whenever possible. In order for a client to have access to multiple servers running different operating systems. NetWare. Macintosh. reading. Samba is a networking tool originally designed to integrate Windows file sharing protocol (SMB/CIFS) and UNIX systems on a network. it allows Windows to share files and printers on the UNIX host. Running on a UNIX system. either the client supports the file sharing protocol of each operating system or the server supports the file sharing protocol of each client. If you have a Windows NT or Windows 2000\ 2003 server. Server Message Blocks/ Common Internet File System (SMB/CIFS) Mac OS X includes cross-platform support for SMB/CFS. Using Mac OS X. Macintosh clients can connect directly to Windows servers thanks to the SMB client built in to the Mac OS. writing. Software that adds this capability is very common and enables interoperability between Windows. The following is a list of file sharing protocols supported by Mac OS X: y y Apple Filing Protocol (AFP) The Apple Filing Protocol (AFP) is an Apple proprietary protocol for file sharing over the network using TCP/IP. and it also allows UNIX users to access resources shared by Windows systems. AFP is the native Macintosh file sharing protocol and when enabled. When working in a heterogeneous network environment (one that uses different OS platforms). use Mac OS X v10. Each OS has a different protocol used as the file sharing protocol. and UNIX platforms. A file sharing protocol is a high-level network protocol that provides the structure and language for file requests between clients and servers. Support for SMB/CFS is supplied by the Samba software package. and installed on all versions of Mac OS X by default.2 or greater to ensure . and closing files across the network.

Network Filing System (NFS) NFS is a file sharing protocol associated with UNIX/Linux systems. When using the SMB protocol to connect to a Windows 2000 or 2003 file server. Clients using Mac OS X are able to connect to Linux/UNIX servers using NFS. Mac OS X Security As with any other OS. The most fundamental level of security lies within the operating system itself. As of Mac OS X v10. y y Limited The most restricted type of account. whose options can be configured in the Accounts area in the System Preferences application. system administrators can also restrict network access to lists of approved websites and email addresses. limited users might only be able to see certain parts of the file system. Standard users are also restricted from making any . unless otherwise specified by the server administrator. Mac OS X has been designed to meet the security needs of today's businesses. but can only write to their home directories and directories that have been set up for them by a system administrator.4.y the best compatibility with Windows file servers. The first level is user authentication. Standard Most users on a machine will fall into this category. make sure that SMB signing (packet signing) is disabled on that server. This includes security measures in the local network and security protocols to be used on remote networks. Three account types are available on Mac OS X client machines (machines not a part of a Windows domain or Mac OS X Server infrastructure). Mac OS X implements role-based user accounts. NFS can be problematic because file permissions are applied to newly created files and folders on the server based on the user ID and group ID from the client computer. just like the other UNIX stations on the network. and only run applications approved by an administrative user. Any interaction with the system requires some form of authentication. Standard users are allowed to run any applications that are installed in directories they have access to.

Being a UNIX-like operating system. Fortunately for those not familiar with the chmod and chown GNU commands. However. Every Mac OS X computer must have at least one administrative account. In the info window for any file or folder on the computer. and Everyone (or Other). Refer to Table 1 for details on Mac OS X permissions. change permissions of files and directories they do not directly own. . continues Novell's tradition of providing feature rich enterprise class network operating systems. Every file and folder on the machine has three levels of access with three possible settings each. The latest version of NetWare. two key groups are automatically created and maintained to assist with machine administration: y y All administrator level users automatically belong to the Admin group. Novell NetWare Once the network operating system of choice for all but a few networks. groups cannot be created or modified. The three levels of access for each file and folder are Owner. Mac OS X naturally inherits a UNIXstyle file system permission system. The owner is usually the user who created the object on the system. NetWare is still widely used in many environments. Linux. and manage accounts. including government and education.5. the MAC Finder provides an interface for managing permissions in the Get Info window. Persons familiar with UNIX. there is an Ownership & Permissions area listing all possible permissions variables for the given object. and BSD systems will feel right at home with this environment. Groups are logical collections of users on a machine.y configuration changes that affect anything beyond their user account (such as network settings). version 6. NetWare's popularity has declined significantly over recent years. Group. Administrator This account type allows the user to make systemwide changes to the machine. On Mac OS X Client machines. All other users belong to the Staff group. however.

These processes are known as partitioning (the dividing) and replication (the distribution among servers on the network).One of the features that really put NetWare on the networking map was Novell Directory Services (NDS). and that they are allowed to . including allowed logon times and station restrictions. These prevent users from logging on during restricted times and from certain workstations. Information about the user account and what the user can and can't access is stored in the NDS. Although introduced as NDS with NetWare 4. Also. NetWare also supports numerous other authentication mechanisms such as smartcards and biometrics. Novell has now renamed the product eDirectory and made it platform independent. This database can then be divided and distributed among different servers on the network. NetWare is a full-featured operating system that offers all the functions required by an organization. For this reason. each time a user attempts to access a resource. NetWare Authentication As with all the other network operating systems discussed in this chapter. Like the other network operating systems. including file and print services. DNS and DHCP servers.x. an assortment of restrictions is evaluated. a copy of the NDS must be available in order for the user to be able to log on. NetWare also supports a wide range of third-party hardware and software. Like Microsoft's Active Directory. As well as supplying this information. After a user has been validated to the eDirectory tree. by default NetWare authentication is performed by using a username and password combination. and FTP and Web servers. their authentication status is checked in the NDS to make sure that they are who they say they are. users also need to tell client software which NDS tree to authenticate to and the location of the user object in the NDS tree. NDS (which has been around since 1994) is a directory services system that enables network objects to be stored in a database.

folders. where appropriate. though NFS is also enabled by default in NetWare 6. When you are used to it. File system security on NetWare is the most sophisticated of any of the popular network operating systems. Instead. NetWare File Services For many years.x. which is called "long. NetWare uses a file sharing system in which all areas of the disk are available to all users who have permissions. Only the areas of the volume to which the user has been assigned permissions are available to that user.access the resource. NetWare was considered the operating system of choice for providing file and print services. users can map a drive to an area of a disk called a volume. Most commonly. NetWare also accommodates file permission inheritance and filters to cancel out that inheritance. For those who are unfamiliar with the various features of NetWare file system security. In addition to a full set of file permissions." is used. These permissions can be assigned to individual files or. the driver that mimics the file properties of Windows clients. you realize that it allows an extremely high level of control over files and directories. Novell offers compatibility with various client operating systems by using special software drivers known as name spaces to make drives available to clients. Although that might no longer be the case. At the core of NetWare file system security are the basic permissions. many people in the IT industry still see NetWare as primarily a file and print server platform. it can all seem a bit bewildering. The file system rights available on a NetWare server are listed in Table 2 . though. One benefit of this system is that a user need only log on once in order to be permitted resources anywhere on the network. There is no concept of share points as with Windows server operating systems. although it is possible for a user to connect to a specific folder on the server if necessary.

which allows users to see graphical maps of the network and point and click to access network devices. which enables a more dynamic printing environment to be created. the process has been hidden behind the graphical interface of the client software and is largely unnoticed. Today. and print queues were associated with those printers. In NetWare 6. printers were defined on the server. files can also be assigned a range of attributes. called capture. . Traditionally. NetWare Print Services Printing with NetWare can be implemented in a variety of ways. clients capture the output that would normally be directed to a local printer port and send it to the network printer. These attributes include options such as Rename Inhibit and Delete Inhibit. NetWare 6 also introduced a new feature called iPrint. this was a process performed by using a command-line utility. To access a printer on NetWare.Table 2 File Permissions on a NetWare Server Right Supervisor Read Write Create Erase Modify Filescan Description Supervisoryimplies all rights Allows the file to be read Allows the file to be written to Allows new files to be created Allows files to be deleted Allows the attributes of the file to be changed Allows the file to be viewed Access Control Allows the file permissions to be manipulated In addition to file permission rights. In early versions of NetWare. a feature called Novell Distributed Print Services was introduced. on a NetWare server.

Rights to objects can be inherited or gained from other user IDs through a process called security equivalence. a user needs to provide only a username and password. This way. as is everything else related to security. or to an eDirectory container object in which the user resides. User authentication As with the other network operating systems. File and directory security NetWare provides a very comprehensive file and directory permissions system. through directory services. Without the correct context. accessing a NetWare server and network resources requires a username and password combination. Context is a term used to refer to the location of an object. groups. The key areas of NetWare security include the following: y y y Resource access Resource access in NetWare is controlled. in this case the user object. printer. For a user to gain access to a network resourcewhether it be a file. to a group to which the user belongs. Much the same process is used to . it's common practice to configure users' workstations to default to a certain tree and context rather than requiring them to provide this information. Permissions can be granted to the user.NetWare Security Similar to the other network operating systems. which allows rights to be assigned to users. the context of the user must also be specified and. directory. and other directory services objects. NetWare has many security features to help secure the server and the network. which means that rights assigned at one file system level flow down through the structure until they reach the end of the file system tree. Because the context can be quite complex and the tree name is generally not used except at the point of login. the name of the eDirectory or NDS tree must also be provided. or serverthe appropriate permissions must be applied through the directory. unless they are countered by an inherited rights mask or by an explicit trustee assignment. To log on to a NetWare server. the security subsystem is unable to identify the correct user ID and does not grant access to the server. in some instances. in the eDirectory tree. Rights are inheritable.

Additionally. With the proliferation of Microsoft Windows server platforms. and many organizations still have Windows 2000 Server systems deployed. The NetWare console can and should be locked for security purposes. But if you do. Microsoft still currently supports Windows 2000. Windows Server 2003 Enterprise Edition. you'll find that there is good reason why NetWare was king of the network operating system hill for so long. and Windows Server 2003 Datacenter Edition. Windows 2000 Professional has the majority of features. and Datacenter Server. Windows 2000 built on the success of its predecessor and offered many improvements and advancements. so interoperability between the editions is seamless. In 2003. Windows Server 2003 Web Edition is designed as a platform for Web-based applications and services. although the actual set of rights that can be assigned is different. and it quickly established itself as a reliable and robust operating system. Three different versions of Windows 2000 are available for server platforms: Windows 2000 Server. and strengths of Windows 2000 Server products but omits the server-type network services and capabilities. Windows 2000 and Windows Server 2003 Windows 2000 was the follow-up to the popular Windows NT 4 network operating system. You can lock the NetWare console by using a utility called scrsaver.manage and assign rights within the eDirectory tree. . Windows 2000 is also available as a workstation operating system: Windows 2000 Professional. there are also a number of versions of Windows Server 2003. capabilities. you might not actually get to work with a NetWare server. Windows Server 2003 Standard Edition. which you run from the server command line. Microsoft fully expects that you will mix and match editions of Windows Server 2003 on a network. Advanced Server. Like Windows 2000. Microsoft released the latest version of its Windows server family of productsthe aptly named Windows Server 2003.

a more flexible approach is required. In addition to having superb third-party application support. In addition to the standard authentication mechanism of usernames and passwords. . Although it is completely possible to use a single operating system for all the common network server tasks. Windows server operating systems come with a complete set of tools and services that satisfy almost every need a company could have from a network operating system. These applications include DNS and DHCP server services. meaning that you might encounter more than one of the major network operating systems functioning on the same network. Operating System Interoperability Rather than use the same network operating system on all servers. such as a Web server. and subsequently to access all the network resources to which they have permissions. remote access capabilities. performance-monitoring tools. Windows server platforms also support other authentication systems such as smartcards and biometrics. and network monitoring tools. Web server applications.Windows Authentication The authentication process facilitated by a Windows server allows users logging on to the network to identify themselves to the Active Directory. The nature of directory services means that other applications. modern networks often work in multivendor environments. Windows server platforms have the best overall level of support by third-party applications. Implementation of these methods requires additional hardware and software. in some situations. Windows Application Support Of all the network operating systems discussed in this chapter. can interface with the directory and use the same authentication information. This means that it is necessary to log on only once to access all the resources on the network.

network operating system manufacturers build in features and services that enable their operating systems to coexist on networks with other vendors' operating systems.To facilitate such environments. . The following sections take a brief look at how well some of the major network operating systems "play" with each other.