Professional Documents
Culture Documents
CSE 398: System Administration
CSE 398: System Administration
CSE 398: System Administration
Namespacesthelistsanddirectoriesinyour
environment
Spring2004
accountnamesinuse
printersavailable
namesofhosts
ethernetaddresses
servicename/portnumberlists
homedirectorylocationmaps
CSE398:SystemAdministration
2004BrianD.Davison
Namespaces
Somenamespacesareflat
Somenamespacesarehierarchical
therearenoduplicates
duplicateswithindifferentbranchesofatree
Needpoliciestogovernnamespaces
Spring2004
Ideally,writtenpolicies
CanbecometrainingfornewSAs
Neededtoenforceadherencetopolicy
CSE398:SystemAdministration
2004BrianD.Davison
Namespacechangeprocedures
Needproceduresforadditions,changes,and
deletions
Likelyrestrictedtosubgroup
Documentationcanprovideforenforcement,
trainingandstepbystepinstruction
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Namespacemanagement
Namespacemanagementshouldbe
centralized
Maintain,backup,anddistributefromonesource
Difficulttoenforceuniquenesswhendistributed
Centralizationprovidesconsistency
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Namespacepolicies
Namingpolicy
Whatnamesarepermitted/notpermitted?
Technologyspecificsyntax
Organizationalnotoffensive
Standardscompliance
Howarenamesselected?
Howarecollisionsresolved?
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Namespacepolicies(2)
Namingpolicy
Howarenamesselected?
Formulaic
Theme
Spring2004
e.g.,specificpurposeaccountsadmin,secretary,guest;
hostnamesdns1,web3;diskpartitions/finance,/devel
Nomethod
e.g.,usingplanetnamesforservers;coffeeforprinters
Functional
e.g.,hostnamepc0418;useridxyz4
Everyonepickstheirown,firstcomefirstserve
Onceyouchooseonescheme,difficulttochange
CSE398:SystemAdministration
2004BrianD.Davison
Namespacepolicies(3)
Commentsonnaming
Someschemesareeasiertousethanothers
Spring2004
easiertoremember/figureout,totype,etc.
Somenamesimplyinterestingtargets
secureserver,sourcecodedb,accounting,etc.
avoidexceptionstoformulaicnames
Formulaicnamessuggestproblemswhen
incomplete
Sometimeshelpfulwhendesktopsmatchuser'
s
name
CSE398:SystemAdministration
2004BrianD.Davison
Namespacepolicies(4)
Protectionpolicy
Whatkindofprotectiondoesthenamespace
require?
passwordlist
usersofacluster
UIDs
loginIDs,emailaddresses
Whocancreateanentry?
Whocanchangeanentry?
Spring2004
Needbackupstorollbackachange
CSE398:SystemAdministration
2004BrianD.Davison
Namespacepolicies(5)
Longevitypolicy
Spring2004
Whenareentriesremoved?
afterIPaddressnotusedformonths
contractorIDeachyear
studentaccountsayearaftergraduation
employeeaccountsthedaytheyleave
Functionalnamesmightbeexceptions
sales@company.com
president@university.edu
CSE398:SystemAdministration
2004BrianD.Davison
Namespacepolicies(6)
Scopepolicy
Whereisthenamespacetobeused?
Howwidely(geographically)shallitbeused?
GlobalauthenticationispossiblewithRADIUS
NISoftenprovidesadifferentspacepercluster
Howmanyserviceswilluseit?(thickness)
IDmightserveforlogin,email,VPN,nameonmodempools
Acrossdifferentauthenticationservices
Whathappenswhenausermustspannamespaces?
Spring2004
ActiveDirectory,NIS,RADIUS(evenwithdifferentpw)
DifferentIds?Confusing,leadtocollisions
Singleflatnamespaceisappealing;notalwaysneeded
CSE398:SystemAdministration
2004BrianD.Davison
Namespacepolicies(7)
Consistencypolicy
Wherethesamenameisusedinmultiple
namespaces,whichattributesarealsoretained?
E.g.,UNIXname,requiressame(real)person,same
UID,butnotsamepasswordforemail,login
Reusepolicy
Howsoonafterdeletioncanthenamebereused?
Spring2004
Sometimeswantimmediatereuse(newprinter)
Sometimeslongperiods(preventconfusionandold
emailfrombeingsenttonewuser)
CSE398:SystemAdministration
2004BrianD.Davison