Cover V07, I07


Editor's Forum

Although most of us would prefer to run shops of pure UNIX, few of us have that luxury. Some form of Microsoft Windows, either Windows 3.x or Windows 95, is on most of our users' desktops, and we likely have Windows NT servers in at least a couple of departments. Third party vendors, such as FTP Software, Hummingbird, and WRQ, have supplied the terminal emulation and file sharing products, along with TCP/IP stacks, needed to integrate Windows desktops with UNIX servers for years. Those same vendors added X Windows servers to their arsenal when X Windows became the interface of choice on the UNIX side, allowing PC users to conveniently access X-based applications running on their UNIX servers. Similarly, UNIX vendors have added elements to their operating systems that make PC integration easier and more seamless.

The current state of systems integration, however, has become more complicated, with various forces contributing to that complexity. While there is currently a trend toward re-centralization and server consolidation, there is also a trend toward greater distribution of server functions. Add to that the impact of the Internet, and all of the associated security concerns, and you have the tip of the current integration iceberg. Although in the past desktop connectivity was largely a one-way street leading from the PC to the server, so-called innovations at the desktop have opened another deck on the freeway. Security concerns are now spread across servers, desktops, and network components alike.

UNIX security has always been straightforward. While some would say that UNIX had no security, more-aware individuals counter that the UNIX security model is layered. At the core of UNIX security is the traditional user-group-other file-permission scheme. UNIX file-access permissions create an intentionally permissive environment in which users can share data and services conveniently. Should we wish to impose Orange Book-level security, we add or implement the additional layers of software provided by our UNIX vendors.

Windows NT, however, has a substantially different security model rooted in the inherently single-user nature of that OS. Understanding the ins and outs of the NT security model becomes an important aspect of integrating such servers into our overall system architectures. For that reason, we take a back-to-basics approach with our NT integration theme this month. Our excerpt from Nik Okuntseff's book, "Windows NT Security," examines the basic model of NT security so we can better understand how to integrate NT servers into our environments.

Not to bore you too much with matters Redmond, however, we also examine various, more traditionally UNIX topics in this issue. Edward Quillen's article tours his tool, SLAM, which manages symbolic links. Tony Mobily looks at PHP, a server-side scripting language for writing simple programs directly in your Web Pages. Bob McCormick, meanwhile, examines the GNU Cfengine, a tool for automating configuration file maintenance across UNIX systems. Jim McKinstry discusses RAID implementations, and Joseph Berry delves into NFS performance issues. And, for those who have not been awarded their wizard's robes yet, Russ Hill provides his own 10-step program for becoming a UNIX system administrator. While we couldn't find a corresponding program for "recovering" UNIX administrators, our T-shirt sales are up-suggesting that we relish our UNIX insanity. All in all, July seems an appropriate month to celebrate the freedoms afforded by UNIX. For those in the United States, have a bang-up Fourth of July, and may we all be independent of [insert oppressive force here].

Sincerely yours,
Ralph Barker