Exploring Linux Inside Out: From Kernel Architecture to Process Management and Security

Linux Overview

Linux inherits the design goals of UNIX, providing a multi‑user, multi‑process environment that runs on a wide range of devices. It follows the principle of least surprise, meaning commands behave as users expect.

The principle of least surprise states that a feature should behave in a way that matches user expectations.

Common commands include ls A* to list files starting with A and rm A* to remove them.

Shell and Command Line

The shell is a command‑line interface that reads a prompt, parses the first word as the program name, executes it, and waits for completion. cp src dest Options (flags) are prefixed with -, e.g., head -20 file prints the first 20 lines. head -20 file Pipelines connect commands using the pipe symbol |, allowing the output of one command to become the input of the next without temporary files.

sort < f | head -30

Process and Thread Fundamentals

Linux creates a new process with the fork() system call, which duplicates the parent’s address space, file descriptors, and registers. The child receives a non‑zero PID; the parent receives zero. After fork(), exec() replaces the process image with a new program.

pid = fork();
if (pid < 0) {
    // error
} else if (pid > 0) {
    // parent code
} else {
    // child code
}

Linux implements threads as lightweight processes; each thread has its own task_struct and shares the parent’s address space.

Inter‑Process Communication (IPC)

Signals (e.g., SIGKILL, SIGSTOP) for asynchronous notifications.

Pipes ( pipe()) for byte‑stream communication.

Named pipes (FIFOs) for persistent streams.

Shared memory ( shmget, shmat, shmdt, shmctl) for fast data exchange.

Message queues for ordered messages.

Sockets (TCP/UDP) for networked communication.

Memory Management

Each process has a virtual address space divided into text, data, and stack segments. The kernel uses a three‑level page table and paging to map virtual pages to physical frames. The buddy allocator manages physical pages, and copy‑on‑write delays copying until a write occurs.

Virtual Memory

On‑demand paging loads pages only when accessed. When physical memory is exhausted, the Least Recently Used (LRU) algorithm selects pages to swap out to a swap file.

Caches

Page cache speeds up file reads.

Buffer cache speeds up block‑device I/O.

TLB caches recent page‑table translations.

Scheduling

Linux classifies tasks as real‑time FIFO, real‑time round‑robin, or time‑sharing. Each thread has a nice value (‑20 … +19) influencing its static priority. Modern kernels use the Completely Fair Scheduler (CFS), which maintains a red‑black tree of runnable tasks and always selects the task that has used the least CPU time.

File Systems

The Virtual File System (VFS) layer abstracts concrete file systems such as ext2, ext4, NFS, etc., managing superblocks, dentries, inodes, and file objects.

Ext2 layout includes a boot block, superblock, group descriptors, block and inode bitmaps, inode tables, and data blocks. Ext4 adds journaling (via JBD) and supports larger files and file systems.

Mount points attach external file systems into the global namespace. Hard links create additional directory entries pointing to the same inode; the file is removed only when the last link is deleted.

The /proc pseudo‑filesystem provides a dynamic view of process information, while NFS allows remote directories to be mounted using a client‑server protocol over TCP or UDP.

I/O Subsystem

All devices appear as special files under /dev. Block devices support fixed‑size block I/O; character devices provide byte streams. The generic block layer unifies caching and scheduling for block I/O.

Network sockets are created with socket(), returning a file descriptor. Sockets can be stream (TCP) or datagram (UDP) types.

Loadable Kernel Modules

Modules can be inserted at runtime, allowing drivers and other kernel code to be added without rebooting. During insertion the kernel resolves symbols, allocates resources, and registers interrupt handlers.

Security Model

Linux is a multi‑user system. Every file has an owner UID, a group GID, and permission bits for owner, group, and others (read/write/execute). The superuser (UID 0) bypasses all checks. The setuid and setgid bits allow executables to run with the file owner’s privileges.

Key security‑related system calls include chmod, chown, access, setuid, setgid, getuid, getgid, geteuid, and getegid.

Conclusion

This summary provides a concise blueprint of Linux internals, covering processes, memory management, filesystems, I/O, scheduling, loadable modules, and security.