Linux, like UNIX, has a strong orientation around the file system. Many things appear in the file system tree that are no files at all. File system directory tree This is The root of the directory tree is shown at the top level. Neither the proc nor the dev directories are actually directories. Rather, they represent the running processes and the hardware (or virtual) devices on the system. References to these names will cause the Linux OS to invoke other functions that will return appropriate information about these elements when they are accessed. These are discussed further in Chapter 19.
The other interesting directories that can be seen in Figure 6.3 are the subdirectories under the /home directory. These are directories for individual users. When a user logs on to the Linux system the OS will set the current working directory to be the home directory for that user.
THE MULTIUSER OS ENVIRONMENT
Since Linux is modelled after UNIX and UNIX is a multiuser system, Linux is a multiuser system. Assuming that there are multiple users on the system introduces from the start a problem that we have not had to worry about too much until now— information security. When only one person can use a computer, the OS typically does not need to concern itself with the right of the user to access any files on the computer. It is assumed that any user of that computer can access any file and that file security is provided by limiting access to the machine or by using utility programs, external to the OS, to safeguard files by encrypting them.
Multiple users on the system at the same time require that the OS
Multiple users on the system at the same time require that the OS provides a facility to protect each user’s files from all other users. This will mean that the OS will need to know who the user is. This, of course, means that the user will need to log on to the computer with a user ID (identifier) and a password. Of course, sometimes users will want to share files, so the OS will need mechanisms to allow some files to be shared. All multiuser systems also function as servers and may have multiple users logged on remotely.
These OSs therefore also have security features, which are discussed in a later chapter. Of course, as we saw with the Mac OS, as computers are added to a network, even single-user systems will need to provide mechanisms for protecting various assets, so user logon and such is now a common feature in most OSs if only for network access.
The server version of the Linux OS allows multiple users to access files and other resources on the system remotely. This was not the main thrust of this OS, but the ability to run many services and many user applications at the same time meant that it also had to provide support for such advanced features as multiprogramming and multithreading. Supporting multiple users does not introduce any new requirements in this area, but Linux does take a different approach to this subject, especially considering its UNIX origins.
Linux supports the same model of file protection and sharing that other UNIX-like systems support. With respect to any particular file, Linux regards all users as being a member of one of three sets. The first set has only one member. This set is the file owner. Initially when a file is created the owner is the person who created the file. The second set is one that is predefined by the system administrator, or sysadmin as that person is commonly called. This set is normally a bunch of users that share some common interest in a set of files.
Perhaps it is a project team that is working to develop the documentation for a new product or is using the same source code and wishes to share it among the team members. The sysadmin designates a new group by name and assigns users to be members of the group. The third set is “everybody.” In this case, it refers to every user who is not a member of one of the other two sets. For members of each set, three types of access can be allowed for a specific file: reading, writing and executing.
The file owner can set the permissions on a file by using a utility called the child. This typically obscure Linux command stands for “change mode.” This utility takes two arguments, a file name and a “mode” that specifies the changes to be made to the file mode. Traditionally, this mode is a three-digit number. The digits of the number are limited to octal digits—that is, they can range from 0 to 7.
Each octal digit can be considered to be three bits. These three bits are used to allow the various operations—read, write, and execute, respectively—and the three digits relate to one of the three sets—owner, group, and everybody, respectively. File system directory tree The ls command, which lists the contents of a directory, can list these mode settings for a file or directory. Consider the following entry printed by the ls command:
File control blocks
Since there are multiple processes running for multiple users, two or more users might be working with some of the same files. But they might be processed in different parts of the file. As we see in Figure 6.4, the structures are in two pieces to support this use with minimum duplication of information. File system directory tree As we can see, there is a systemwide open file table. It is in the kernel and it contains metadata about the file that is the same for all users—where is the first block, how long is it, and so on. Each process has a per-process open file table as well. Each entry contains an index into the systemwide open file table and information about the use of the file by this process such as the current pointer.