Linux: Bastion of Freedom

Should we purchase Server 2008, or should we wait for Server 8? How much time will it take us to effectively implement Active Directory, and who should receive what permissions? Should we purchase an enterprise license, or should we purchase individual licenses? If we’re working with a finite budget, in what areas should we emphasize our expenditures, and what areas can we afford to neglect?

These are just a few questions that system administrators must answer when piecing together a strategy for network architecture implementation, and you can rest assured that small- to medium-sized businesses must make some rather tough calls when the decision to implement a Windows server architecture has been made. However, is there a way for system administrators to have their cake and eat it too? In fact, they can. In this case the sweet treat in network architecture is a Linux distribution.

3 Most Popular Distros

Linux distributions are the snowflakes of the IT world. From afar, each distribution looks the same, but upon closer inspection of the finer details, it's clear that every distribution offers something different.

According to http://distro watch.com/, the three most popular Linux distributions for the six-month period leading up to January 28, 2012 were:

Mint
Ubuntu
Fedora

Popularity was determined by hits per Web page, and when one examines the ranking of the top three distributions over the course of one week, it quickly becomes clear that the above-mentioned distributions are in a perpetual battle with one another in terms of who will be that day’s alpha male. As of January 28, 2012, the alpha is Linux Mint.

One could call the Linux Mint distribution the Microsoft Windows of the Linux world. Mint’s primary purpose is to be out-of-the-box user friendly, and its multimedia features are as numerous as they are easy to use. Mint’s website claims that the Mint OS is the fourth most popular operating system in the world behind Windows, Apple, and Canonical’s Ubuntu.

The Wonderful World of Permissions

While working on a network at home, one may or may not give any thought to file, group, or individual permissions. Just sign on as root and let Ker rip, right? Well, this may be satisfactory at home, where there are very few nodes to keep track of, but what about in an enterprise environment?

One of the reasons Linux is so appealing in an enterprise environment (aside from its cost) is the obsessive way that each Linux distribution implements permissions. In a Windows environment, a differentiation may be made between administrators and everyone else, but non-administrators are often able to create and/or manipulate the infamous dynamic-link libraries. Linux tends to place more isolation between its shared libraries, as well as more separation between application-level processes and background processes.

When assigning permissions to groups or individuals, system administrators may choose between owner, group and all users. When assigning permissions to actual files, administrators can categorize a user’s options as read, write or execute. (To learn more check out this Linux tutorial on understanding file permissions.)

To a system administrator with any semblance of Linux experience, this should seem like a simple review of the fundamentals, but therein lies the genius of Linux permissions – their simplicity! Does the system administrator want Group A to run certain executables as opposed to reading and writing them? Or maybe the administrator would like User B to simply read the contents of certain files. The possible combinations are almost too numerous to count, while the level of understanding needed to assign permissions is no more than what's required to play "Angry Birds" on an iPhone.

Conversely, if a system administrator can understand the many intricacies of Windows permissions categories such as full control, modify, list folder contents, etc., and if she can fully grasp the many nuances of the group policy object, then it may be possible to accurately say that she’s smarter than everyone else. The question is, is the network secure?

An Open Mind Regarding OpenLDAP

According to RFC 1960, the Lightweight Directory Access Protocol (LDAP) defines a network representation of a search filter transmitted to an LDAP server. Basically, when a client needs to locate information on an LDAP server, certain naming conventions are practiced that allow for the location of certain information within certain folders on a server. LDAP works rather similarly to the way DNS works, and the level of complexity is roughly the same. Windows servers typically intertwine Active Directory with LDAP, and as far as Windows products are concerned, the level of granularity and restrictive access to users is fairly robust. However, the premise here is freedom, and a natural extension of that is affordability.

Fortunately for the enterprising system administrator, LDAP is not a proprietary standard, so the naming conventions from platform to platform will remain roughly the same. Furthermore, most current Linux distributions offer their own version of an LDAP client, which should allow for a smoother implementation in the enterprise. So, for those who are ready to dive into the realm of OpenLDAP, they need only download the open-source software, and begin the install.

A Move Toward Open-Source Solutions

With budget restrictions, staffing reductions and increasing demands for functionality, it may be a safe assumption that a move toward an open source solution such as Linux could be rapidly approaching. When one considers the free licensing, the free software, and the free access to solutions online, system administrators may find that top decision makers within their respective organizations do not care so much about the pragmatism involved with such a move as they care about the bottom line. (Using Server 2008? Get some tips in Windows Server 2008: How to Reduce Disk Space.)