[CentOS] Re: A good primer to User Administration?

Wed Nov 14 02:31:20 UTC 2007
Craig White <craigwhite at azapple.com>

On Wed, 2007-11-14 at 10:11 +1000, redhat at mckerrs.net wrote:
> ----- Original Message -----
> From: "Eric B." <ebenze at hotmail.com>
> To: centos at centos.org
> Sent: Wednesday, November 14, 2007 9:58:15 AM (GMT+1000)
> Australia/Brisbane
> Subject: [CentOS] Re: A good primer to User Administration?
> "Shibu C Varughese" <shibucv at itmission.org> wrote 
> in message news:4739E414.4060504 at itmission.org...
> >> My question is the following.  I've been searching online for a
> good 
> >> reference to describe good practices when building a linux network,
> but 
> >> haven't really been able to find much when it comes to best
> practices for 
> >> user administration, ACLs, "optimal" (or recommended) file
> locations, 
> >> etc. For example, I know I need an LDAP server, but not sure how
> that 
> >> ties into system login, or how to use a Linux LDAP server as the
> basis 
> >> for a primary domain controller (is it still called that given
> Windows AD 
> >> world?), etc. Or even how to properly create group structures and
> ACLs 
> >> that accurately reflect group ownership/etc.  The octal permissions
> at 
> >> the file level are only good enough for a single group; I need to
> give 
> >> multiple groups different permissions on the same files, etc.
> >>
> >> I realize that there are a lot of questions that I need to
> research, but 
> >> I was hoping someone could point me in the direction of some
> advanced 
> >> admin docs with best practices, etc.  Most of the stuff I find
> relates on 
> >> how to set up a basic standalone PC, without any reference to how
> to 
> >> network together a bunch of servers running off central
> authentication, 
> >> etc...
> >>
> >
> > Eric,
> >
> > if you are thinking of setting up ldap, email, address book ...etc..
> all 
> > in one go ... then you need to test out ...something like  zimbra
> from 
> > zimbra.com
> >
> Thanks for the input;  I have already looked at Zimbra, and it looks
> like a 
> very interesting soln for me once I have everything else set up.  I
> see 
> Zimbra as a nice group-ware pkg, but not as something to help me with 
> user-authentication to the server (for shell access), setting up file 
> permissions, shares, SMB permissions/shares, etc, etc, etc.
> Tx!
> I'll vote for zimbra too, has been brilliant for me. It is sort of
> appliance like in that you typically don't need to do much to a server
> to turn it into a working system. Mine runs as a Xen VM and I'll soon
> (5.1) be clustering it.
> As far as tutorials go, I found that http://howtoforge.com/ is an
> excellent source of such types of articles.
Now I know that there are a few Zimbra users on this list - probably
most of them won't agree with the author of my link below whom I think
it can be determined was not very happy with Zimbra...


cyrus-imapd is used by some serious mail administrators so the
discussions on this list tend to be technical.

I have no experience with Zimbra so I am incapable of adding to the
discussion but thought the link to a different point of view should be

To the OP...

Linux by it's nature doesn't necessarily lend itself to a turnkey
solution - at least not Red Hat (or CentOS by inference), nor the other
Linux distributions.

Obviously Microsoft has done an excellent job at exploiting this

I suppose you could fool with Sun's various services, Novell offers
similar, and I suppose so does Red Hat but none are fully integrated and
lead you through wizard-wize from start to finish and setup an entire
network infrastructure.

What I found that worked for me was to learn LDAP and the book that made
it happen for me was 'LDAP System Administration by Gerald Carter' While
this book is getting old and out of date, it actually makes LDAP very
clear and once you get the basic idea of LDAP down, then adding
everything else to it (samba/windows networking, cups, various
authentication services) all become obvious. There are no magic tools
that teach you LDAP - you can't install some GUI thing and understand
what is going on...it doesn't happen that way.