Fundamentals of Soft Resource Sharing By Nanda Ganesan, Ph.D. © Nanda Ganesan

Fundamentals of Soft Fundamentals of Soft Resource SharingResource Sharing

By Nanda Ganesan, Ph.D.By Nanda Ganesan, Ph.D.© Nanda Ganesan© Nanda Ganesan

Chapter Objectives• Describe the step-by-step process of placing

a soft resource for sharing and removing the same from sharing

• Discuss the access control that could be exercised at the file level

• Relate permission to effective access control• Demonstrate the mapping of resources• Describe the concept of administrative

shares• Discuss the sharing process in a mixed

client-server and peer-to-peer environment

Chapter Modules

• Placing a Resource for Sharing• Case Example: Single User Permission• Case Example: Group Sharing• Case Example: Permission Given to

Creator Owner• Case Example: Special Access to

Resources• File Access Control• Removing a File from Access

Chapter Modules Cont.

• File Ownership• Effective Access Permission of a User• Removing a Soft Resources from Sharing:

Removing a Directory from Sharing• Removing a File from Sharing• Mapping a Resource for Sharing• Administrative Shares• Sharing in a Mixed Environment

CHAPTER CHAPTER

Fundamentals of Soft Fundamentals of Soft Resource SharingResource Sharing

Chapter Objectives

• Present an overview of the sharing mechanism in client-server networks

• Explain the different types of access controls that could be imposed on resources

• Describe the permissions that could be assigned to users for using resources

Chapter Modules

• Overview of Windows Client-Server Sharing

• Access Control in the Client-Server Environment

• Windows Permissions

© N. Ganesan, All rights

reserved.

MODULE

Overview of Client-Server Sharing

Module Objectives

• Basic client-server sharing• Resource administrator and the user• Resources, resource administrator and

users• Case example for demonstration• Client-server sharing: The two-step process• Resource classification for sharing• Overview of sharing of different resource

types

Basic Client-Server Sharing

• As in peer-to-peer sharing, the act of sharing usually involves the following persons:– Resource Administrator– Network User

• As the name implies, sharing is a two step process

Resource Administrator and the User

• Resource Administrator gives the user the permission to access certain – Known as the Administrator – Resources are, in general, held at the server– Different types of servers may be present in

a network• Application server, Exchange server etc.

• Network User uses the resource within the confines of his or her privileges – Different types of network users can be given

privileges to different resources

Resources, Resource Administrator and the

Users

Server

Client Client

FolderResource (Folder to be shared).

User User User

Administrator

Case Example

US

Mexico Canada

Tariff

Resource (Directory to be shared).

California

Administrator

Nevada Texas

A Note on Resource Administrator

• A resource holder need not always be the network Administrator

• A Print Operator can place a printer for sharing and subsequently remove it from sharing as well

• In Windows terminology, a resource holder is known as the Owner Creator

• In most cases, the person who created the resource such a folder becomes the Owner Creator

The Sharing Process

ResourceAccess

privilege

Administrator

Network user

Security

Server Client

Resource Classification for Sharing

• Soft resource– Files– Subdirectories and directories– Hard disks etc.

• Hard resource– Printer– Modem etc.

Sharing and Resource Types

Soft resource on the network

Share as any locallogical resource

Hard resource(device) onthe network

Install as a locallogical device

Share the logicaldevice

END OF MODULEEND OF MODULE


reserved.

MODULE

The Concept of Access Control in Network Environments

Module Objectives

• Overview of access control in client-server networks

• Permission: The effective access to a resource

• Basic permissions for files and directories• Read, write, execute, delete and taking

ownership• A sample permission entry• Demonstration on viewing a user’s

permission on a directory

Overview of Access Control in Client-Server

Networks

• More sophisticated than in peer-to-peer networks

• Peer-to-peer– Share level– User-level

• Client-Server– Share level– User level

Effective Access to a Resource

Resource User

Permission

Permission

• Permission to use a resource such as a directory by one or more identified users– Example: User California is given Read

permission to access the directory Tariff– The most restrictive of the permissions will be

in operation

• Comparison with peer-to-peer control (Win 9X)– Network users are all given Read access to

the directory Tariff• Share level control

Basic Permissions for Files and Directories

• Read (R)• Write(W)• Execute (X)• Delete (D)• Change Permission (P)• Take Ownership (O)

Read and Write• Read

– Folder• View the files and subdirectories

– File• Read the file’s data

• Write– Folder

• Add files and subdirectories

– Files• Write to the file

Execute and Delete

• Execute– Folder

• Enter subdirectories

– File• Execute the file

• Delete– Delete folder and file

Change Permission and Take Ownership

• Change Permission – Change the permission on the folder

and file

• Take Ownership– Take ownership of the folder and file

NTFS Predefined Permissions

• None (None) (None)• List (RX) (Not Specified)• Read (RX) (RX)• Add (WX) (Not Specified)• Add & Read (RWX) (RX)• Change (RWXD) (RWXD)• Full Control (All) (All)

Expression of Permission: An Example for User

California

California (RWX) (RX)

Folder

File

Checking User California’s Permission on the Directory

Tariff



reserved.

MODULE

The Concept of Placing a Resource for Sharing

Examples of Soft Resources

• Drives• Folders• Files

Shareable Entities

• Entire disk– Can be shared independently

• Folders– Can be shared independently

• Files– Within the context of the Folder in

which they reside

A Note on File Sharing

• Files are shared by making the folder containing the file shareable in the fist instance

• However, unlike in peer-to-peer sharing, considerable control can be exercised on file sharing in client-server sharing

Sharing in Different Architectures

• Peer-to-Peer network architecture (FAT Only)– Sharing is limited to access control based on

passwords– Also known as share level control– Control can be exercised based on user names

as well if the peer-to-peer network is based on an operating system such as Windows 2000 or Windows XP

• Client-Server network architecture (NTFS)– Sophisticated control of access to resources can

be exercised based on user names

Types of Access Control in Different Peer-to-Peer

Architectures

Peer-to-Peer Networks

Share-Level Control

User Level Control

Windows 9x/Me

Windows 2000 ProfWindows XP

Access Control in Client-Server Architecture

Client-Server Networks

User Level Control

Windows 2000 ServerWindows NT Server

File Systems and Sharing• Assignment of folder permission depends on

the file system• FAT file system

– Limited security– Share level access control

• NTFS– More extensive security and assignment of

permissions – User level access control

• Note that Windows 2000 could also be installed under the FAT file system although this is not recommended for security reasons

The FAT File System

• Known as FAT32• The older file system is known as FAT16• Supported in Windows 95 OSR2,

Windows 98 and Windows Me• NT 4.0 does not offer the support for

accessing disks formatted under FAT32• Windows 2000 and Windows XP,

however, do offer support for FAT32

Security Concerns with FAT

FAT NTFSA

Drive

Bootable

Non-bootable

Sample Server Configurations

NTFSNTFS

FAT

Windows 9x/NT OS

CD Copy

One or more partitions under NTFS

Folder Permissions

Windows 2000

FAT32 NTFS

Limited Expanded/Predefined

Permission based on shares

Permission based on User names

The Concept of Share-Name

• Each resource (folder or printer for example) is shared using a name

• The name can be the same name as the original resource (folder or printer for example) name itself

Share-Name View on the Network

Canada(Root Fol.)

Trade(Sub-Fol.)

Rules(Shared Sub-Fol.)

Canada(Peer)

Rules(Shared Sub-Fol.)

Local View Network View

The Concept of Owner Creator

• The user who creates a folder for instance becomes the owner creator of the folder

• He or she can assign the others permission to access the folder

• Note that access to a folder created in a user’s home directory can be restricted to the creator only– Even the network administrator cannot access

this folder

A Note on Sharing

• All files in the folder can be shared when the folder is shared

• It is also possible to limit the sharing to only a few files in the folder

Sharing Case Scenario

US

Canada Mexico

Tariff

Folder to be shared.

Rates

Access can be limited to a single file in the folder.

NAFTA (Domain)

(Server)



reserved.

MODULE

Case Example: Single User Permission

Module Objectives

• Giving folder access permission to a single user

• Placing the resource Tariff for sharing

• Giving access to user California

Sharing Scenario 1: Single User Permission

• User California is to be given access to the Tariff directory

• Permission is to be restricted to Change– (RWXD) (RWXD)

Placing the Resource Tariff on the Network for Sharing

Open the Explorerin the server

named US.

Right select thesubfolder

named Tariff.

Select Sharing.Select Shared As

and specify share name.

Giving Access to User California

Security Permissions

SelectCalifornia

Specify type of Access as Change.

Add/Show users

Add/OK

Check Replace Permissionon Existing Files.

Placing Sub-directory Tariff for Sharing by User California:

Demonstration



reserved.

MODULE

Case Example:Group Sharing

Module Objectives

• Group sharing scenario• Opening the folder permission windows• Assigning the Inspectors group access

permission to the directory Tariff• Demonstration of placing Tariff for

sharing by the Inspectors• Entries in the permission window• Demonstration involving other users

and groups

Sharing Scenario 2: Group Sharing

• Consider the Group Inspectors– Users in the group are Texas and

Nevada

• Provide the group Inspectors with Read permission to the subfolder Tariff

Group Sharing: Opening the Directory Permission

Windows

Open the Exploreron the server

named US.

Right select thesubdirectorynamed Tariff.

Select Sharing.Select Security andthen Permissions.

Assign the Group Inspectors the Permission

to Tariff

Folder Permissions Window

SelectInspectors

Specify type of Access as Change.

Add

Add/OK

Check Replace Permissionon Existing Files.

Placing the Sub-Folder Tariff for Sharing by the

Group Inspectors: Demonstration

More on the Entries in the Permission Window

• Administrator– Usually has access to all directories and files

except those private to a user that are usually kept in the home directory

• Creator Owner– Full access to a user to files and directories

created by that user

• System– System related access that should not

normally be changed

Other Users and Groups: Demonstration



reserved.

MODULE

Case Example:Permission Given to Creator

Owner

Module Objectives

• Use of creator owner to give permissions

• The required permissions• Permissions to be assigned• Demonstration of the creator

owner features

An Example on the Use of Creator Owner to Give

Permissions: Scenario 3

• Consider the case where the employees are required to provide reports for viewing in a subdirectory named Reports

• Allow the inspectors to make changes to the files in the subdirectory

Permissions Required

• Allow Everyone to create reports in the directory

• Permit Everyone to have full control over their own reports only

• Allow the inspectors permission to read, change and delete the reports

Permissions to be Assigned

Creator Owner- FullEveryone - Add

(WX) (Not Specified)

Inspectors- Change(RWXD) (RWXD)

Use of Creator Owner: Demonstration



reserved.

MODULE

Case Example:Special Access to Resources

Module Objectives

• Special access feature• Adding read access to everyone• Demonstration of adding read

access thorough the special access to directory feature

Special Access

• Directory and file access is not limited to pre-defined Microsoft access types (permissions)

• Customized permissions can also be granted

Special Access to a Resource: Scenario 4

• Allow everyone to read the files in the Report directory

• Add the Read permission to everyone– Using Special Access to Files option :

Adding the Read Access to the Files in the Directory

Reports for Everyone: Steps

Directory Permissions Window

SelectEveryone

Select Type of Access as Special

File Access.

Check Read access to grant Readpermission to the files to everyone.

Adding the Read Access Through Special Access to Directory: Demonstration



reserved.

MODULE

File Access Control

Module Objectives

• File permissions• File security permissions in NTFS • Predefined file access permissions• Illustration of the permission assignment

process using a case example• Assignment of read-only permission

assignment to the file Rates– The procedure– Demonstration

File Permissions

• Unlike in peer-to-peer networking (FAT), better file control is available in client-server networks

• Greater control on files can be exercised independent of the directory in which they reside

File Security Permissions in NTFS

• Read (R)• Write(W)• Execute (X)• Delete (D)• Change Permission (P)• Take Ownership (O)• No Access (None)

– None of the above

Microsoft Predefine File Access Permission

• No Access (None)• Read (RX)• Change (RWXD)• Full Control (Full)• Special Access

– Customized from available file security permissions

Specifying File Access Permission: Case Example

• Restrict the access to the file Rates in the directory Tariff to the inspectors only

• Limit the permission given to the file Rates to read only

• The intention is to prevent unauthorized changes from being made

Location of the File Named Rates

US

Canada Mexico

Tariff

Directory to be shared.

Rates

A file in the directory.

NAFTA (Domain)

(Server)

The Permission Assignment Process

• Open the file permission window• Set the type of access for

Inspectors to Read, by selecting Special Permissions and then ensuring that only the Read box is checked

Opening the File Permission Window


named US.

Reach and right select the file named Rates.

Select PropertiesSelect Security andthen Permissions.

Assigning Read Only Permission to the File

Rates

File Permissions Window

SelectInspectors

Select Type of Accessas Special Access.

Ensure that only the Read box is checked.

FinishOK/OK/OK

Assigning Read Only Permission to the File Rates: Demonstration



reserved.

MODULE

Removing a File from Access

Module Objectives

• Removing a file from access• Preventing Texas from accessing

the file Rates– Case example– Steps – Demonstration– Confirmation of access denial

Removing a File From Access

• Because of better control being exercised a file can easily be removed from access

• It is achieved by specifying the following type of access for the users who are to be prevented from accessing the file– No Access

Preventing Access to the File Rates: Case Example

• Prevent the user Texas from accessing the file Rates

• This would eliminate Texas from accessing the file although he/she is a part of the group Inspectors

• The group Inspectors was given access to the file Rates earlier

Preventing Texas from Accessing the File Rates:

Steps


AddTexas

Select Type of Accessas No Access

Finish

OK

OK

Preventing Texas from Accessing the File Rates:

Demonstration

Confirming the Prevention of Access for the User

Texas



reserved.

MODULE

File Ownership

Module Objectives

• A note on ownership• Finding the ownership of soft

resources• Steps for finding the ownership of

the directory named Tariff• Demonstration of finding the

ownership

A Note on Ownership

• In general ownership belongs to the creator of the file or directory

• Ownership can be granted to others• In general, the administrator will

have access to a variety of files• Exceptions are files in the home

directories and selected directories containing specific applications

Finding the Ownership of Soft Resources

• Finding ownership's of resources are necessary at times to change permissions etc.

• Ownership of a directory or file can be found through the security tab in the properties window of the resource

Finding the Ownership of the Directory Tariff: Steps


named US.

Reach and right select the directory

named Tariff.

Select PropertiesSelect Security andthen Ownership toview ownership.

Finding the Ownership: Demonstration



reserved.

MODULE

Effective Access Permissions of a User

Module Objectives

• Factors influencing the effective access permission

• A case example on the effective permission for access to a resource

• An illustration of effective permission

• A note on the assignment of permissions

• Permeation of permissions

Effective Access Permissions

User

Group 1 Group 2

Directory and file permission assigned to the user.

Effective Permissions for Access: Case Example

• Consider the case of Inspector Wilson with the following permissions to the directory Tariff

• Permission from the group Inspector:– (RX) (RX)

• Directory Permission assigned directly to Wilson– (WD) (D)

The Effective Permission

Wilson(RXWD) (RXD)

Inspectors(RX) (RX)

Directory and file permission assigned to the user.

(WD) (D)

A Note on the Assignment of Permissions

• Accumulation of permissions can become unduly complicated

• Suggestions for simplicity:– A modular approach to group formation– Minimize the assignment of permissions– Balance functional representation of

directories with minimizing duplicity of files– Alertness to permeation of permissions

Permeation of Permissions: Example

Directory Permissions

Replace Permissionson Subdirectories

Replace Permissionson Existing Files



reserved.

MODULE

Removing a Soft Resource from Sharing: Removing a

Directory form Sharing

Module Objectives

• Removing Tariff from sharing– Case example– Steps– Demonstration

Removing Tariff from Sharing: Case Example

US

Canada Mexico

Tariff Rates

A file in the directory.

NAFTA (Domain)

(Server)

Directory (Folder)

Steps for Removing Tariff from Sharing


named US.

Right select thesubdirectorynamed Tariff.

Select Sharing.Select

Not SharedEnd

OK

Removing of Tariff from Sharing: Demonstration



reserved.

MODULE

Removing a File from Sharing

Module Objectives

• Notes on removing a file from sharing

• Removing a file from sharing– Case example– Steps– Demonstration

Notes on Removing a File

• A file cannot be removed from sharing in the same manner as a directory

• One option is to remove the entire directory containing the file from sharing

• The other more practical option is to deny the users access to the file in the file permission list

Removing a File From Sharing: Case Example

• Remove the file Rates from sharing by nearly all the users

• The No Access type of permission may be give to achieve the above result– Better used for selective access control

• An easier method is to remove all the users from the permission list– It is a good practice to retain the permission

given to the administrator

Removing the File Rates from Sharing: Steps


Select Inspectors and remove.

Repeat until onlyAdministrators remain.

Finish

OK/OK

Removing the File Rates from Sharing:

Demonstration



reserved.

MODULE

Mapping a Resource for Sharing

Module Objectives

• Drive mapping defined• An illustration of drive mapping• Notes on drive mapping• Procedures for mapping• Drive mapping

– Case example, steps and demonstration

• Disconnecting a mapped drive– Steps and demonstration

Drive Mapping Defined

• A resource on the network can be mapped to a local logical drive by assigning a drive letter to the resource

• A logical drive is thus temporarily created at the local client corresponding to that network resource

Mapping of Drives

a: Floppyc: Local hard diskd: Local CD-ROMe: Logical drive

a

c

d

e

a

c

d

Logical disk

Mappeddisk

Client requesting to share the resource

Resource availableat the server for sharing

Notes on Mapping

• Resources that are usually mapped are as follows:– Drives– Directories

• Different procedures can be followed for drive mapping

• A mapped drive can be disconnected at any time

Procedures for Mapping

• Select My Computer and specify path for mapping the resource

• Locate and select the resource using the Explorer and map through right-clicking on the selection

Drive Mapping Case Example

US

Canada Mexico

Tariff

Shared directory.

Map

Server

Client

Drive Mapping Steps

My ComputerMap Network

Drive

Select adrive letter.

Specify network path to resource or browse below

for resource .

Path is \\US\Tariff

EndOK

Drive Mapping: Demonstration

Disconnecting a Mapped Drive: Steps

My Computer Disconnect Network Drive

Select the mapped drive tobe disconnected.

EndOK

Disconnecting a Mapped Drive: Demonstration



reserved.

MODULE

Administrative Shares

Module Objectives

• Overview of administrative shares• Examples of administrative shares• Managing a server from a remote

client• Notes on administrative share C$

Administrative Shares

• Administrative shares are created by Windows NT

• One of the purposes is to allow administrators to manage the resources from remote computers

• Examples are the management of server hardware, printer etc.

• Administrative shares are not displayed on the browsers of non-administrators

Some Administrative Shares

• ADMIN$• driveletter$• IPC$• PRINT$• REPL$• Administrative shares are followed

by the letter $

Managing a Server from a Remote Client: An

Example of Administrative Share

US

Canada Mexico

NAFTA

Map e: to \\US\C$ and manage US from Canada.

Server

Client

Notes on Administrative Share C$

• Only administrators can connect to administrative share– Administrators <-----> C$– Administrator and Print Operators <---

> PRINT$

• A demonstration is given in the module dealing with server management



reserved.

MODULE

Sharing in a Mixed Environment

Module Objectives

• Mixed environment• Client-server and peer-to-peer

networking environments• Peer-to-peer sharing in a client-server

environment• Sharing in the mixed environment• Other applications• Client-server and peer-to-peer sharing

demonstration

Mixed Environment

• Client-Server Environment• Peer-to-Peer Environment

Client-Server and Peer-to-Peer Networking

• A client-server network can include peer-to-peer network sharing as well

• Resources on the clients, if permitted, can be shared among one another in this instance

• One example would be the sharing of a color laser printer on one of the peers

Peer-to-Peer Sharing in a Client-Server Environment

Canada Mexico

Tariff

Shared directory.

Server

US

Printer

Shared Printer

Client-Server

Peer-to-Peer

Sharing in the Mixed Environment

• Client-server sharing of the directory

• Peer-to-peer sharing of the printer• The combined approach provides

the security and ease of management of a centralized resource and the flexibility of using the distributed resources

Other Applications

• Unorthodox file transfer among clients

• Execution of specialized programs on one or more clients by other clients

• etc.

Client-Server and Peer-to-Peer Sharing

Demonstration

END OF MODULE END OF MODULE END OF CHAPTER END OF CHAPTER

Open Demonstration of Soft Resource Sharing

Documents

Fundamentals of Soft Resource Sharing By Nanda Ganesan, Ph.D. © Nanda Ganesan