SlideShare a Scribd company logo

Sharing system Linux using Network File Sharing

A
aldi219529

The document discusses the concepts and methods for sharing system files across networked servers, focusing on Unix and Linux environments. It examines different approaches such as Network File System (NFS), push and pull systems for configuration file distribution, and highlights the lightweight directory access protocol (LDAP) and network information service (NIS) as tools for managing user data and configurations. Additionally, it underscores the advantages and limitations of each system, including security considerations and best practices for implementation.

Technology
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Sharing System File Administrasi Peladen Jaringan Pertemuan 10
Outine • Konsep Sharing system files • Options in Sharing system files • Lightweight Directory Access Protocol (LDAP) • Network Information Service (NIS)
CONTENTS Konsep Sharing System File 1
Konsep Sharing System File • We’re all familiar with the concept of sharing data among computers accomplished through 1. email attachments, 2. transfer protocols such as HTTP and FTP, 3. or file-sharing services like those provided by NFS • However, UNIX and Linux systems can benefit from another type of sharing: the distribution of administrative configuration data. • User logins and passwords are a real-world example of the need for this kind of sharing. • You rarely want to add a user to a single machine; in most cases, you want to define that user on an entire class or network of machines (single sign on)
System Files that are commonly shared
Options in Sharing system files 2 CONTENTS
NFS Option • Some sites distribute configuration files by publishing them on an NFS server. • This is perhaps the simplest possible technique from an automation point of view—all you need on the client is cp, at least in theory. • However, we strongly advise against this configuration. It makes every system in the world dependent on one NFS server, and that server then has to actively serve all those clients. • Worse yet, many packages don’t expect remote systems to be locking their configuration files or creating temporary files in their configuration directories; the setup may not even work correctly.
Push systems • With push, the master server periodically distributes the freshest files to each client, whether the client wants them or not. • Files can be pushed explicitly whenever a change is made, or they can simply be distributed on a regular schedule. • The push model has the advantage of keeping the distribution system centralized on one machine. • Files, lists of clients, update scripts, and timetables are stored in one place, making the scheme easy to control. • One disadvantage is that each client must let the master modify its system files, thereby creating a security hazard.
Pull System • In a pull system, each client is responsible for updating itself from the server. • This is a less centralized way of distributing files, but it is also more adaptable and more secure. • When data is shared across administrative boundaries, a pull system is especially attractive because the master and client machines need not be run by the same administrative group or political faction.
Pull System vs Push System
Push Files Command -1 • rdist: push files 1. The rdist command is the easiest way to distribute files from a central server. 2. It has something of the flavor of make: you use a text editor to create a specification of the files to be distributed, 3. and then you use rdist to bring reality into line with your specification. 4. rdist copies files only when they are out of date, so you can write your specification as if all files were to be copied and let rdist optimize out unnecessary work.
Push Files Command -2 • rsync: transfer files more securely 1. rsync is available from rsync.samba.org. rsync, 2. written by Andrew Tridgell and Paul Mackerras, is similar in spirit to rdist but with a somewhat different focus. 3. It does not use a file-copying control file in the manner of rdist (although the server side does have a configuration file). 4. rsync is a bit like a souped-up version of scp that is scrupulous about preserving links, modification times, and permissions. 5. It is more network efficient than rdist because it looks inside individual files and attempts to transmit only the differences between versions.
Pull Files Command • The most straightforward way is to make the files available on a central FTP or web server and to have the clients automatically download them as needed. • One such utility that ships with most systems is the popular wget. It’s a straightforward little program that fetches the contents of a URL (either FTP or HTTP).
Lightweight Directory Access Protocol (LDAP) 3 CONTENTS
LDAP: THE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL • A directory service is just a database, but one that makes a few assumptions. Any data set that has characteristics matching the assumptions is a candidate for inclusion in the directory. The basic assumptions are as follows: 1. Data objects are relatively small. 2. The database will be widely replicated and cached. 3. The information is attribute based. 4. Data are read often but written infrequently. 5. Searching is a common operation • The current IETF standards-track system designed to fill this role is the Lightweight Directory Access Protocol (LDAP). The LDAP specifications don’t really speak to the database itself, just the way that it’s accessed through a network. But because they specify how the data is schematized and how searches are performed, they imply a fairly specific data model as well.
The structure of LDAP data
The advantage of LDAP -1 • LDAP can act as a central repository for information about your users, including everything from their phone numbers and home addresses to their login names and passwords. • In a similar vein, you can use LDAP to distribute configuration information for ancillary applications. Most mail systems—including sendmail, Exim, and Postfix—can draw a large part of their routing information from LDAP • LDAP makes it easy for applications (even those written by other teams and other departments) to authenticate users without having to worry about the exact details of account management. • Changes to LDAP data take effect immediately and are instantly visible to all hosts and client applications.
The advantage of LDAP -2 • It’s easy to access LDAP data through command-line tools such as ldapsearch. • Excellent web-based tools are available for managing LDAP, some examples being phpLDAPadmin (phpldapadmin.sourceforge.net) and Directory Administrator (diradmin.open-it.org). • LDAP is well supported as a public directory service. Most major email clients support the use of LDAP to access user directories. • Microsoft’s Active Directory architecture is based on LDAP
LDAP and security • The “standard” LDAP implementation grants unencrypted access through TCP port 389 → not recomended • LDAP-over-SSL (known as LDAPS, usually running on TCP port 686) is available in most situations on both the client and server. → recommended • Protects the information contained in both the query and the response. • Use LDAPS when possible.
When we use LDAP? • LDAP is well suited for 1. Information that is referenced by many entities and applications 2. Information that needs to be accessed from more than one location. 3. Information that is read more often than it is written • LDAP is not well suited for 1. Information that changes often (it is not a relational database) 2. Information that is unstructured (it is not a file system)
OpenLDAP • The traditional open source LDAP server • slapd is the standard LDAP server daemon → A stand-alone server • slurpd runs on the master server and handles replication by pushing changes out to slave servers → for multiple OpenLDAP servers
Network Information Service (NIS) 4 CONTENTS
What is NIS? • NIS, released by Sun in the 1980s, was the first “prime time” administrative database. It was originally called the Sun Yellow Pages, but eventually had to be renamed for legal reasons. • NIS commands still begin with the letters yp, so it’s hard to forget the original name. • NIS was widely adopted among UNIX vendors and is supported by every Linux distribution. • These days, however, NIS should not be used for new deployments. • Primarily because of the inevitable need to integrate with Windows systems, but also because of NIS’s various security and scalability shortcomings.
NIS Models • Master server 1. maintains the authoritative copies of system files. 2. contains the set of maps that the system administrator creates and updates as necessary 3. a single server as the master for all the maps (commonly) • Slave servers 1. a complete copy of the master set of NIS maps 2. handle any overflow of requests from the master server, minimizing “server unavailable” errors. • Clients of NIS servers 1. request data from maps on the servers 2. Clients do not distinguish between the master server and the slaves
NIS Operation
NIS with Slaves
Konsep Sharing System File 1 Options in Sharing system files 2 Lightweight Directory Access Protocol (LDAP) 3 Network Information Service (NIS) 4 CONTENTS

More Related Content

PDF
Linux Servers
Ranjith Siji
 
PPT
Ldap system administration
Ali Abdo
 
DOC
Lesson 4 intro to advanced o perating systems
Jo Ko
 
PPT
Directory services by SAJID
Sajid khan
 
PPTX
Directory Introduction
Aidy Tificate
 
PPT
Chapter 06
cclay3
 
PPT
Directory Services Nma Unit-1
GPAPassedStudents
 
PPTX
Lecture 3 more on servers and services
Wiliam Ferraciolli
 
Linux Servers
Ranjith Siji
 
Ldap system administration
Ali Abdo
 
Lesson 4 intro to advanced o perating systems
Jo Ko
 
Directory services by SAJID
Sajid khan
 
Directory Introduction
Aidy Tificate
 
Chapter 06
cclay3
 
Directory Services Nma Unit-1
GPAPassedStudents
 
Lecture 3 more on servers and services
Wiliam Ferraciolli
 

Similar to Sharing system Linux using Network File Sharing (20)

PDF
Ldap 121020013604-phpapp01
SANE Ibrahima
 
PDF
Ldap introduction (eng)
Anatoliy Okhotnikov
 
PPT
Active directoryfinal
Rafał Kucharski
 
PPT
Lecture 4 -_internet_infrastructure_2_updated_2011
Serious_SamSoul
 
PPTX
Ldap
Higher Private School of Engineering and Technology
 
PPT
linux
Ajay Chawda
 
PPTX
network administration directory access and remote access
Sangeetha Rangarajan
 
PDF
LDAP Theory
cyberleon95
 
PPT
The Ldap Protocol
Glen Plantz
 
PDF
Introduction to distributed file systems
Viet-Trung TRAN
 
ODP
Under the Hood 11g Identity Management
InSync Conference
 
PDF
ITFT_File system interface in Operating System
Sneh Prabha
 
PPT
Win2KServer Active Directory
Phil Ashman
 
PPT
Dns
tmavroidis
 
PPTX
LDAP
Chandanapriya Sathavalli
 
DOCX
Desktop interview qestions & answer
mandarshetye45
 
PPTX
OS and Applications.pptx
VijiRam8
 
PPTX
Linux Based Network Proposal
Chris Riccio
 
PDF
Directory Servers and LDAP
Wildan Maulana
 
PPT
AD & LDAP
Cynoteck Technology Solutions Private Limited
 
Ldap 121020013604-phpapp01
SANE Ibrahima
 
Ldap introduction (eng)
Anatoliy Okhotnikov
 
Active directoryfinal
Rafał Kucharski
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Serious_SamSoul
 
Ldap
Higher Private School of Engineering and Technology
 
linux
Ajay Chawda
 
network administration directory access and remote access
Sangeetha Rangarajan
 
LDAP Theory
cyberleon95
 
The Ldap Protocol
Glen Plantz
 
Introduction to distributed file systems
Viet-Trung TRAN
 
Under the Hood 11g Identity Management
InSync Conference
 
ITFT_File system interface in Operating System
Sneh Prabha
 
Win2KServer Active Directory
Phil Ashman
 
Dns
tmavroidis
 
LDAP
Chandanapriya Sathavalli
 
Desktop interview qestions & answer
mandarshetye45
 
OS and Applications.pptx
VijiRam8
 
Linux Based Network Proposal
Chris Riccio
 
Directory Servers and LDAP
Wildan Maulana
 
AD & LDAP
Cynoteck Technology Solutions Private Limited
 
Ad

Recently uploaded (20)

PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Encapsulation theory and applications.pdf
gurumoop
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
project resource management chapter-09.pdf
ssuser00e6e21
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Ad

Sharing system Linux using Network File Sharing

  • 1. Sharing System File Administrasi Peladen Jaringan Pertemuan 10
  • 2. Outine • Konsep Sharing system files • Options in Sharing system files • Lightweight Directory Access Protocol (LDAP) • Network Information Service (NIS)
  • 4. Konsep Sharing System File • We’re all familiar with the concept of sharing data among computers accomplished through 1. email attachments, 2. transfer protocols such as HTTP and FTP, 3. or file-sharing services like those provided by NFS • However, UNIX and Linux systems can benefit from another type of sharing: the distribution of administrative configuration data. • User logins and passwords are a real-world example of the need for this kind of sharing. • You rarely want to add a user to a single machine; in most cases, you want to define that user on an entire class or network of machines (single sign on)
  • 5. System Files that are commonly shared
  • 6. Options in Sharing system files 2 CONTENTS
  • 7. NFS Option • Some sites distribute configuration files by publishing them on an NFS server. • This is perhaps the simplest possible technique from an automation point of view—all you need on the client is cp, at least in theory. • However, we strongly advise against this configuration. It makes every system in the world dependent on one NFS server, and that server then has to actively serve all those clients. • Worse yet, many packages don’t expect remote systems to be locking their configuration files or creating temporary files in their configuration directories; the setup may not even work correctly.
  • 8. Push systems • With push, the master server periodically distributes the freshest files to each client, whether the client wants them or not. • Files can be pushed explicitly whenever a change is made, or they can simply be distributed on a regular schedule. • The push model has the advantage of keeping the distribution system centralized on one machine. • Files, lists of clients, update scripts, and timetables are stored in one place, making the scheme easy to control. • One disadvantage is that each client must let the master modify its system files, thereby creating a security hazard.
  • 9. Pull System • In a pull system, each client is responsible for updating itself from the server. • This is a less centralized way of distributing files, but it is also more adaptable and more secure. • When data is shared across administrative boundaries, a pull system is especially attractive because the master and client machines need not be run by the same administrative group or political faction.
  • 10. Pull System vs Push System
  • 11. Push Files Command -1 • rdist: push files 1. The rdist command is the easiest way to distribute files from a central server. 2. It has something of the flavor of make: you use a text editor to create a specification of the files to be distributed, 3. and then you use rdist to bring reality into line with your specification. 4. rdist copies files only when they are out of date, so you can write your specification as if all files were to be copied and let rdist optimize out unnecessary work.
  • 12. Push Files Command -2 • rsync: transfer files more securely 1. rsync is available from rsync.samba.org. rsync, 2. written by Andrew Tridgell and Paul Mackerras, is similar in spirit to rdist but with a somewhat different focus. 3. It does not use a file-copying control file in the manner of rdist (although the server side does have a configuration file). 4. rsync is a bit like a souped-up version of scp that is scrupulous about preserving links, modification times, and permissions. 5. It is more network efficient than rdist because it looks inside individual files and attempts to transmit only the differences between versions.
  • 13. Pull Files Command • The most straightforward way is to make the files available on a central FTP or web server and to have the clients automatically download them as needed. • One such utility that ships with most systems is the popular wget. It’s a straightforward little program that fetches the contents of a URL (either FTP or HTTP).
  • 14. Lightweight Directory Access Protocol (LDAP) 3 CONTENTS
  • 15. LDAP: THE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL • A directory service is just a database, but one that makes a few assumptions. Any data set that has characteristics matching the assumptions is a candidate for inclusion in the directory. The basic assumptions are as follows: 1. Data objects are relatively small. 2. The database will be widely replicated and cached. 3. The information is attribute based. 4. Data are read often but written infrequently. 5. Searching is a common operation • The current IETF standards-track system designed to fill this role is the Lightweight Directory Access Protocol (LDAP). The LDAP specifications don’t really speak to the database itself, just the way that it’s accessed through a network. But because they specify how the data is schematized and how searches are performed, they imply a fairly specific data model as well.
  • 16. The structure of LDAP data
  • 17. The advantage of LDAP -1 • LDAP can act as a central repository for information about your users, including everything from their phone numbers and home addresses to their login names and passwords. • In a similar vein, you can use LDAP to distribute configuration information for ancillary applications. Most mail systems—including sendmail, Exim, and Postfix—can draw a large part of their routing information from LDAP • LDAP makes it easy for applications (even those written by other teams and other departments) to authenticate users without having to worry about the exact details of account management. • Changes to LDAP data take effect immediately and are instantly visible to all hosts and client applications.
  • 18. The advantage of LDAP -2 • It’s easy to access LDAP data through command-line tools such as ldapsearch. • Excellent web-based tools are available for managing LDAP, some examples being phpLDAPadmin (phpldapadmin.sourceforge.net) and Directory Administrator (diradmin.open-it.org). • LDAP is well supported as a public directory service. Most major email clients support the use of LDAP to access user directories. • Microsoft’s Active Directory architecture is based on LDAP
  • 19. LDAP and security • The “standard” LDAP implementation grants unencrypted access through TCP port 389 → not recomended • LDAP-over-SSL (known as LDAPS, usually running on TCP port 686) is available in most situations on both the client and server. → recommended • Protects the information contained in both the query and the response. • Use LDAPS when possible.
  • 20. When we use LDAP? • LDAP is well suited for 1. Information that is referenced by many entities and applications 2. Information that needs to be accessed from more than one location. 3. Information that is read more often than it is written • LDAP is not well suited for 1. Information that changes often (it is not a relational database) 2. Information that is unstructured (it is not a file system)
  • 21. OpenLDAP • The traditional open source LDAP server • slapd is the standard LDAP server daemon → A stand-alone server • slurpd runs on the master server and handles replication by pushing changes out to slave servers → for multiple OpenLDAP servers
  • 22. Network Information Service (NIS) 4 CONTENTS
  • 23. What is NIS? • NIS, released by Sun in the 1980s, was the first “prime time” administrative database. It was originally called the Sun Yellow Pages, but eventually had to be renamed for legal reasons. • NIS commands still begin with the letters yp, so it’s hard to forget the original name. • NIS was widely adopted among UNIX vendors and is supported by every Linux distribution. • These days, however, NIS should not be used for new deployments. • Primarily because of the inevitable need to integrate with Windows systems, but also because of NIS’s various security and scalability shortcomings.
  • 24. NIS Models • Master server 1. maintains the authoritative copies of system files. 2. contains the set of maps that the system administrator creates and updates as necessary 3. a single server as the master for all the maps (commonly) • Slave servers 1. a complete copy of the master set of NIS maps 2. handle any overflow of requests from the master server, minimizing “server unavailable” errors. • Clients of NIS servers 1. request data from maps on the servers 2. Clients do not distinguish between the master server and the slaves
  • 27. Konsep Sharing System File 1 Options in Sharing system files 2 Lightweight Directory Access Protocol (LDAP) 3 Network Information Service (NIS) 4 CONTENTS