What Makes Linux Tick? A Deep Dive into Kernel, Processes, Memory, Filesystems, I/O and Security

Linux is presented as a multi‑purpose, multi‑user operating system that evolved from UNIX, and the article begins by describing its origins and the principle of least surprise that guides its design.

Kernel and System Calls

The kernel runs in privileged mode and provides system calls that transition between user and kernel space. Core calls such as fork, exec, waitpid, exit, and various scheduling calls are explained, showing how a new process is created by copying the parent’s address space (copy‑on‑write) and then replacing its image with exec.

Processes and Threads

Processes are represented by task_struct objects; each has a unique PID, its own memory map, and a set of descriptors (open files, signals, etc.). Threads are lightweight tasks that share most of the process resources but have separate kernel stacks. The article details the life‑cycle of fork, the role of pid values, and how the scheduler distinguishes parent and child.

Inter‑Process Communication (IPC)

Six IPC mechanisms are covered: signals, pipes, shared memory, named pipes (FIFOs), message queues, and sockets. Each mechanism’s purpose, typical usage, and relevant system calls ( kill, pipe, shmget, mkfifo, msgctl, socket) are described, with examples of how signals like SIGKILL and SIGSTOP differ.

Scheduling

Linux historically used the O(1) scheduler (active/expired run‑queues) and later the Completely Fair Scheduler (CFS) based on a red‑black tree. The article explains how tasks are prioritized, the role of the nice value, and how real‑time policies (FIFO, RR) differ from the default time‑sharing class.

Memory Management

Virtual memory is introduced as a page‑based abstraction, with each virtual address split into a page‑frame number and offset. The article walks through page tables (three‑level hierarchy), the mmap / brk system calls, demand paging, and the page‑replacement algorithm (LRU). It also explains the buddy allocator for physical pages, copy‑on‑write, and the handling of page faults.

Filesystem Architecture

The Virtual File System (VFS) layer abstracts diverse concrete filesystems (ext2, ext4, NFS, procfs). Key VFS objects—superblock, dentry, inode, and file—are defined, and the article shows how path resolution works via cached dentries. Ext2 layout (boot block, superblock, group descriptors, block bitmap, inode table, data blocks) is illustrated, along with directory entry format and the role of hard links.

Ext4 and Journaling

Ext4 builds on ext3’s journaling to guarantee consistency after crashes. The journal is a circular buffer managed by the JBD layer, grouping low‑level changes into atomic transactions that are replayed on mount if the filesystem was not cleanly unmounted.

I/O Subsystem

All devices appear as special files under /dev. Block devices use buffered I/O with a unified block layer and caching (page cache), while character devices provide unbuffered streams and may use line disciplines for terminals. Network I/O is handled via sockets (TCP/UDP) and the generic block layer’s I/O scheduler (elevator, deadline) reduces seek overhead.

Security Model

Linux enforces UID/GID ownership, nine permission bits (rwx for owner, group, others) plus the set‑uid/set‑gid bits. The article explains how the chmod, chown, access, and related system calls manipulate these attributes, and how the root user bypasses all checks. It also covers the role of the login program, password hashing, and the use of set‑uid binaries to grant limited privileged operations.

Overall, the article stitches together low‑level kernel mechanisms, user‑space interfaces, and practical examples to give readers a holistic view of how Linux works from boot to shutdown.