Core Operating System Concepts: Processes, Shells, and Security

Operations on a Process

1. Process Creation: A user request or an already running process can create new processes. A parent process creates child processes using a system call, which, in turn, can create other processes, forming a tree of processes.
2. Process Pre-emption: A process is pre-empted if an I/O event or timeout occurs. The process then moves from the running state to the ready state, and the CPU loads another process from the ready state to the running state, if available.
3. Process Blocking: When a process requires an I/O event during its execution, it moves from the running state to the waiting state, and the CPU dispatches another process.
4. Process Termination: A process is terminated when it completes its execution. Additionally, events like an OS signal, a hardware interrupt, or a software interrupt can cause the termination of a process.

Unix I/O Systems

Standard I/O

Processes can open files as they like, but most processes expect three file descriptors (numbers 0, 1, and 2) to be open when they start. These file descriptors are inherited across the fork (and possibly the execv) that created the process. They are known as standard input (0), standard output (1), and standard error (2). All three are frequently open to the user's terminal. Thus, the program can read what the user types by reading standard input, and the program can send output to the user's screen by writing to standard output. The standard error file descriptor is also open for writing and is used for error output; standard output is used for ordinary output. Most programs can also accept a file (rather than a terminal) for standard input and standard output.

The Shell: Purpose and Function

In Unix, the shell is a program that interprets commands and acts as an intermediary between the user and the inner workings of the operating system. Providing a command-line interface (i.e., the shell prompt or command prompt), the shell is analogous to MS-DOS and serves a purpose similar to graphical interfaces like Windows, Mac OS X, and the X Window System.

Purpose of the Shell

There are three main uses for the shell:

• Interactive use
• Customization of your UNIX session
• Programming

Interactive Use

When the shell is used interactively, the system waits for you to type a command at the UNIX prompt. Your commands can include special symbols that let you abbreviate filenames or redirect input and output.

Customization of Your UNIX Session

A UNIX shell defines variables to control the behavior of your UNIX session. Setting these variables will tell the system, for example, which directory to use as your home directory or the file in which to store your mail. Some variables are preset by the system; you can define others in start-up files that are read when you log in. Start-up files can also contain UNIX commands or special shell commands. These will be executed every time you log in.

Programming

UNIX shells provide a set of special (or built-in) commands that can be used to create programs called shell scripts. In fact, many built-in commands can be used interactively like UNIX commands, and UNIX commands are frequently used in shell scripts. Scripts are useful for executing a series of individual commands. This is similar to BATCH files in MS-DOS. Scripts can also execute commands repeatedly (in a loop) or conditionally (if-else), as in many high-level programming languages.

Networking Features of Windows NT

Windows NT supports both peer-to-peer and client-server networking. It also has facilities for network management. The networking components in NT provide data transport, interprocess communication, file sharing across a network, and the ability to send print jobs to remote printers.

NT supports many protocols that are used in computer networking. A domain is a group of NT server machines that share a common security policy and user database. Finally, NT has mechanisms for name resolution that enable one computer to look up the address of another computer, given that computer's name.

To describe networking in NT, we will refer to two of the internal networking interfaces, called the Network Device Interface Specification (NDIS) and the Transport Driver Interface (TDI). The NDIS interface was developed by Microsoft and 3Com in 1989 to separate network adapters from the transport protocols so that either could be changed without affecting the other.

Linux Security Model and Mechanisms

Linux's security model is closely related to typical UNIX security mechanisms. The security issues can be classified into two groups:

Authentication

Authentication in UNIX has typically been performed through the use of a publicly readable password file. When a user presents a password to the system, it is recombined with the value stored in the password file and is passed through the same one-way transformation. If the result matches the contents of the password file, then the password is accepted.

Access Control

Access control under UNIX systems, including Linux, is performed through the use of unique numeric identifiers. A user identifier (UID) identifies a single user or a single set of access rights. A group identifier (GID) is an extra identifier that can be used to identify rights belonging to more than one user.

Linux Security Mechanisms

Linux implements the standard UNIX setuid mechanism. This mechanism allows a program to run with privileges different from those of the user running the program. Under Linux, this mechanism is augmented in two ways. First, Linux implements the POSIX specification's saved user ID mechanism, which allows a process to drop and reacquire its effective UID repeatedly. For security reasons, a program may want to perform most of its operations in a safe mode, waiving the privileges granted by its setuid status, but may wish to perform selected operations with all its privileges.

The Layered Architecture of Unix

Unix Architecture Components

The following is a basic block diagram of a Unix system:

The main concept that unites all versions of Unix is the following four basics:

• Kernel: The kernel is the heart of the operating system. It interacts with the hardware and handles most tasks like memory management, task scheduling, and file management.
• Shell: The shell is the utility that processes your requests. When you type in a command at your terminal, the shell interprets the command and calls the program that you want. The shell uses standard syntax for all commands. C Shell, Bourne Shell, and Korn Shell are the most famous shells available with most Unix variants.
• Commands and Utilities: There are various commands and utilities which you can make use of in your day-to-day activities. cp, mv, cat, and grep are a few examples of commands and utilities. There are over 250 standard commands plus numerous others provided through third-party software. All the commands come with various options.
• Files and Directories: All the data of Unix is organized into files. All files are then organized into directories. These directories are further organized into a tree-like structure called the filesystem.

System Components of Windows NT

The architecture of NT is a layered system of modules. The figure below shows the architecture of NT Version 4. The main layers are the hardware abstraction layer, the kernel, and the executive that run in protected mode, and a large collection of subsystems that run in user mode. The user-mode subsystems are in two categories. The environmental subsystems emulate different operating systems; the protection subsystems provide security functions.