02 - Linux Core Concepts
What is Linux Kernel?
The Linux kernel is the core part of the Linux operating system and acts as a bridge between software applications and the computer hardware.
It is responsible for managing the system's resources, such as the CPU, memory, and input/output devices, ensuring efficient and secure operation.
The Linux kernel is monolithic, this means that the kernel carries out CPU scheduling, memory management and several operations by itself.
The Linux Kernel is also modular, which means it can extends its capabilities through the use of dynamically loaded kernel modules.
Key Functions of Linux Kernel
Process Management:
Manages running processes by scheduling them to share CPU resources.
Ensures efficient multitasking and handles process prioritization.
Memory Management:
Allocates and deallocates memory to processes.
Manages virtual memory, which allows systems to run applications even when physical memory is limited.
Device Management:
Provides a unified interface for hardware devices (keyboards, disks, network adapters).
Uses device drivers to communicate with hardware components.
System calls and Security:
Ensures user isolation and process security.
Implements permissions and encryption to safeguard data.
Linux Kernel Versions
Use
unamecommand to get the information about the kernel (by itself it doesn't provide much information except that the system uses theLinuxKernel).$ unameUse the
uname -roruname -acomamnd and option to print the kernel version$ uname -r $ uname -a 4.15.0.72-generic # 4 = kernel version, 15 = major version, 0 = minor version, 72 = path release, generic = Distro specific info
Kernel Space and User Space
In Linux, the system operates in two distinct regions of memory: kernel space and user space.
These regions separate system-level operations from user-level processes.
Kernel Space
Kernel space is the memory region in which the kernel executes/operates and provides its services.
A process running in the kernel space has unrestricted/full access to the hardware and system resources.
This space is reserved for core system tasks and cannot be directly accessed by user applications.
It is strictly reserved for running the kernel code, kernel extensions, and device drivers.
User Space (Userland)
User space is the memory region where user applications and processes run.
Applications in user space cannot directly access hardware or system resources; they rely on the kernel to mediate access.
Most Unix-like operating systems, including Linux come pre-packaged with all kinds of utilities, programming languages and graphical tools. This are called user-space applications.
Interaction Between Kernel Space and User Space
User space and kernel space communicate via system calls.
These calls act as a controlled gateway, allowing user applications to request kernel services.
How System Calls Work:
A user application makes a request (e.g., to open a file).
The request is passed to the kernel via a system call (e.g.,
open()).The kernel processes the request and returns the result to the application.
Working with Hardware
We will look at how linux works with the hardware resources available to the system and how to make use of kernel modules:
Lets take an example of
USB Diskbe used in the system.As soon as the
USB deviceis attached to the system a corresponding device driver which is part of the kernel space detects the stage change and generates an event.This event which is called
ueventsis then sent to theUser Spacedevice manager daemon calledudev.The
udevservice is then responsible for dynamically creating a device node associated with the newly attached USB drive in the/dev/filesystem.Once the process is complete, the newly attached disk should be visible under
/dev/filesystem.
Use
dmesgdisplay messages from the area of kernel calledRing Buffer.When a linux operating system boots up there were numerous messages generated by the kernel that appear on the display screen. These messages also contain logs from the hardware devices that the kernel detects and provide good indication wheather it is able to configure.
$ dmesg $ dmesg | grep -i usbThe
udevadmis the management utility forudevwhich queries the database for device information.$ udevadm info --query=path --name=/dev/sda5The
udevadm monitorlistens to the kernel newueventsupon detecting an event, it prints the details such as thedevice pathand thedevice nameon the screen. This command is handy to determine the details of the newly attached or removed device.$ udevadm monitorThe
lspcicommand list all PCI (Peripheral Component Interconnect) devices that are configured in the system. Examples of PCI devices areEthernet Cards,RAID Controllers,Video Cardsandwireless Adaptorsthat directly attached to PCI slots in the motherboard of the computer.$ lspciTo list information about
Block Devices$ lsblkTo display detail information about the
CPUsuch as CPU architecture, the number of cores, threads, model, cpu op-modes (32 bit, 64 bit) etc.$ lscpuTo list available memory in the system.
$ lsmem --summaryAnother alternate command to see the information about the memory. This command will list total used and free memory.
$ free -m # -m is to display the memory in mb, use k for kb and g for gbTo extract detail information about the entire hardware information of the machine such as exact memory configuration, firmware version, mainboard configuration, CPU version and speed, cache configuration, bus speed, etc.
$ lshw
SUDO
- In Linux,
sudo(short for "superuser do") is a command that allows users to execute commands with elevated privileges, typically as the root user.
How Does sudo Work?
Privileges:
- When a user runs a command with
sudo, the system temporarily elevates their privileges, allowing them to execute commands that require administrative rights.
- When a user runs a command with
Password Prompt:
- By default,
sudorequires the user's password (not the root password) to confirm their identity and authorize the command.
- By default,
Time-limited Access:
- Once a user successfully enters their password, they won’t need to re-enter it for subsequent
sudocommands within a default timeout period (typically 15 minutes).
- Once a user successfully enters their password, they won’t need to re-enter it for subsequent
The sudoers File
The
sudoersfile controls who can usesudoand what commands they are allowed to execute.Location:
/etc/sudoersEditing Safely: Use
visudoto edit thesudoersfile to prevent syntax errors.sudo visudo
Example Entry in
sudoersFile:username ALL=(ALL:ALL) ALL # This gives username full administrative privileges
Linux Boot
Sequence Overview
The boot process can be broken down into four stages:
BIOS POST
Boot Loader (GRUB2)
Kernel Initialization
INIT Process
How to initiate a linux boot process?
This can be achieved in one of the two ways.
The first method is to start a linux device which is in a halted or stopped state.
Second method is to reboot or reset a running system.
BIOS POST
The first stage, called BIOS POST has very little to do with linux itself.
POST Stands for Power On Self Test.
In this stage, BIOS runs a POST test, to ensure the hardware components that are attached to the device are functioning correctly, if POST fails the computer may not be operable and the system will not be proceed to next stage of the boot process.
Boot Loader
The next stage after BIOS POST is Boot Loader.
BIOS loads and executes the boot code from the boot device, which is located in the first sector of the hard disk. In Linux this is located in the
/bootfile system.The boot loader will provide the user with the boot screen, often with multiple options to boot into, such as Microsoft windows OS or Ubuntu 18.04 OS in an example of a dual boot system.
Once the selection is made at the boot screen, boot loader loads the kernel into the memory supplies it with some parameters and hands over the control to kernel.
A popular example of the boot loader is
GRUB2(Grand Unified Bootloader Version 2).
Kernel Initialization
After the kernel is selected, it decompress and then loads kernel into the memory.
At this stage, kernel carries out tasks such as initializing hardware and memory management tasks among other things.
Once it is completely operational , kernel looks for INIT Process to run. Which sets up the
User Spaceand the process is needed for the environment.
INIT Process
The INIT function calls the
systemddaemon. Thesystemdis responsible for bringing the linux host to usable state.systemdis responsible for mounting the file systems, starting and managing system services.Once of the key advantages of using
systemdoversystem V(five) init(used before) is that it reduces the system startup time by parallelizing the startup of services.
Note:
ls -l /sbin/init: To check theinitsystem used.If it is
systemdthen you will see a pointer to/lib/systemd/systemd.$ ls -l /sbin/init # command lrwxrwxrwx 1 root root 20 Feb 6 2020 /sbin/init -> /lib/systemd/systemd # output
Run Levels
Systemd Targets (Run Levels)
We can setup the server to boot either into graphical mode or non-graphical mode.
Linux can run in multiple modes and these modes are set by something called
runlevel.The operation mode which provide a graphical interface is called
runlevel 5The operation mode which provide a non-graphical mode is called
runlevel 3
To see the operation mode run in the system. Run the command
runlevelfrom the terminal$ runlevelIn the boot process section, the
systemdis used as theinitprocess in most new linux distributions suchs asUbuntu 18.04.In
systemd, runlevels are called astargets.The RunLevel 5 is called as the
graphical targetThe Runlevel 3 is called as the
multiuser target
Viewing and Changing Systemd Target
systemctl get-default: To see the default target. This command looks at the file located at/etc/systemd/system/default.target$ systemctl get-default # command graphical.target # outputsystemctl set-target <desired-target-name>: To change the default target.$ systemctl set-default multi-user.target
Note: Runlevels
The term runlevels is used in the sysV init systems. These have been replaced by systemd targets in systemd based systems.
The complete list of runlevels and the corresponding systemd targets can be seen below:
runlevel 0 -> poweroff.target
runlevel 1 -> rescue.target
runlevel 2 -> multi-user.target
runlevel 3 -> multi-user.target
runlevel 4 -> multi-user.target
runlevel 5 -> graphical.target
runlevel 6 -> reboot.target
File Types in Linux
There are three types of files.
Regular File: Most common type of files that contains text, data, images, etc.
Directory: Is a type of file that stores other files and directories within.
Special Files: Are categorized into five other file types:
Character Files:
These files represent devices under the
/devfile system that allows OS to communicate to IO devices serially.Examples: keyboard, mouse, etc.
Block Files:
These files represent block devices also located under
/dev/file system.Examples: hard disks, RAM, etc.
Links:
Links in linux is a way to associate two or more file names to the same set of file data.
There are two types of links:
The Hard Link:
It associates two or more file names that share the same block of data on the physical disk.
Although they behave as an independent files, deleting one link will delete the data.
The Soft Link:
Also known as symbolic link or symlink (can be compared to the shortcut we create in Windwos).
Deleting a symlink does not affect the data in the actual file.
Sockets:
- A sockets is a special file that enables the communication between two processes.
Named Pipes:
The Named Pipes is a special type of file that allows connecting one process as an input to another.
The data flow in a pipe is unidirectional from the first process to the second.
Identify File Types
Use of the
filecommand.$ file /home/rohit # command /home/rohit/: directory # output $ flle bash-script.sh # command bash-script.sh: Courne-Again shell script, UTF-8 Unicode text # output $ file insync1000.sock # command insync1000.sock: socket # output $ file /home/rohit/bash-script # command /home/rohit/bash-script: symbolic link to /home/xyz/bash-script.sh # outputAnother way to identify a file type is by making use of the
ls -ldcommandls -ld /home/rohit # command drwxr-xr-x 3 root root 4096 Mar 18 17:20 /home/rohit # output ls -l bash-script.sh # command -rwxr-xr-x 3 root root 4096 Mar 18 17:20 bash-script.sh # output
| File Type | Identifier |
| DIRECTORY | d |
| REGULAR FILE | - |
| CHARACTER DEVICE | c |
| LINK | l |
| SOCKET FILE | s |
| PIPE | p |
| BLOCK DEVICE | b |
File System Hierarchy
Linux uses single rooted, inverted tree like file system:
/home: It is the location that contains the home directories for all users, except therootuser (root user home directory is located at/root)/opt: If you want to install any third party programs put them in the/optfilesystem./mnt: It is the default mount point for any partition and it is empty by default. It is used to mount filesystems temporarly in the system/tmp: It is used to store temporary data/media: All external media is mounted on/media/dev: Contains the special block and character device files/bin: The basic programs such as binariescp,mv,mkdirare located in the/bindirectory/etc: It stores most of the configuration files in Linux./lib: The directory/liband/lib64is the place to look for shared libraries to be imported into your program/usr: In older systems,/usrdirectory is used forUser Home Directories, however in the modern linux operating systems it is the location where all user land applciations in their data reside/var: It contains variable data like mails, log files
To print all the mounted filesystems, run
df(disk filesystem) command$ df -hP