LinuxFoundation

1. Linux Filesystem Tree Layout

• one large logical filesystem which can contain one or many distinct filesystems mounted at various points

• Filesystem Hierarchy Standard : shareable (can shared between hosts)

	shareable	unshareable
static	/usr /opt	/etc /boot
-----------	------------------	--------------------
variable	/var/mail	/var/run /var/lock

• Main directories:
  • /bin : contains binary executable files (cat, kill, ps) . Command binaries which are deemed non essential enough are in /usr/bin.
  • /lib: contains libraries needed to execute the binaries in /bin or /sbin . Also kernel module are in /lib/modules/
  • /boot: essential files for booting the system (vmlinuz compressed linux kernel and initrd initial RAM filesystem which is mounted before the real root filesystem becomes available, config to configure kernel compilation)
  • /dev: device nodes aka device files (byte-stream or block I/O devices). Network devices (eth1 , eth2) do not have device nodes
  • /usr: can be thought of as a secondary hierarchy, need not reside in the same partition as the root directory
  • /etc: contains machine-local configuration files/scripts (/etc/systemd contains config scripts for starting, stopping system services using systemd ; also /etc/init.d which contains scripts for System V initialization)
  • /var: logs in /var/log and cron jobs, mail file in /var/spool, lock files in /var/lock or cat /var/log/yum.log
  • /proc: is the mount point for a pseudo-filesystem, where all information resides only in memory, not on disk. The entires in /proc are called virtual files with zero bytes in size.

# List files opened by a process
lsof -p PID 
# equivalent more or less with 
ls -l /proc/PID/fd

---

2. Processes

• Process = executing program and associated resources (open files, signal handlers) and has various states: running, sleeping
• Every process has a PID , PPID(parent PID), pgid(process group ID)
• init usually is the first process run on a system, and is the ancestor of all subsequent processes running on the system (except for thos with [] arounf their name , they are initiated by the kernel)
• orphaned processes (parent process dies before child) are adopted by init (thus the ppgid is set to 1) or (in distributions which use systemd) the ppgid is set to 2 (adopted by kernel thread known as kthreadd)
• zombie process (defunct) is a process which terminates before his parent and released almost all the resources and remained only to convey (communicate) his exit status
• processes are controlled by scheduling
• process context = snapshot of process by trapping the state of the CPU registers
• process permissions: programs marked with s (execute bit on) aka setuid programs run with the user-id of the user who owns the program versus program non-setuid which run with the permissions of the user who starts the program. (setuid program owned by root can be a security issue)
• when process is launched: it runs with the effective user-id and group-id of the user who started it, and with the corresponding privileges. This behaviour can be modified by using special permissions

#setuid programs (e.g.: owned by root)
/etc/passwd
/etc/shadow

# setuid bit is represented by an s in place of x
ls -l /bin/passwd
-rwsr-xr-x. 1 root root 27768 Feb 11  2017 /bin/passwd

• The setuid bit has no effect on directories. setuid or setgid bits are set, but the executable bit is not

• When a process is started it has its own isolated space and it uses system calls to indirectly access the HW (the HW is managed by the kernel)

# ulimit command that displays/resets a number of resource limits associated with processes running under a shell
ulimit -a


# increase no of file descriptors (soft resources)
ulimit -n 1600

# no of leak-ed file descriptors supported by OS
ulimit -n 

** process states : running, sleeping(waiting), stopped(suspended Ctrl+Z sends SIGSTOP), zombie