My Blog.

Operating Systems

Offer suggestions by opening an issue

Table of Contents

(not clickable right now)

Components

Process Scheduling

Non-preemptive - CPU allocated until process completes execution

Preemptive - CPU allocated for fixed time

Process Control Block - Data Structure

PID
State
Pointer
Priority
Program Counter
CPU Registers
I/O Info
Accounting Info

PCBs of particular process states placed in their respective queues:

  • Job Queue: All processes
  • Ready Queue: In memory, waiting to execute
  • Device Queue: Blocked due to unavailability of an I/O device

Scheduler

  • Loads job from queue into memory

  • CPU Changes process state (ready → running)

Swapping

  • Swaps suspended process (e.g., waiting for I/O) out of memory
  • Reintroduces into memory later

Context Switching

  • Kernel saves register, memory state of CPU into PCB
  • Loads saved state of the next process

Algorithms

  • FCFS, SJN, Priority Scheduling, SRT, Round Robin, Multiple-level Queue, etc

Memory Management

Memory Division

Pages - Fixed-size blocks

Segments - Variable-size logical units

Virtual Memory

Uses reserved storage space (swap) to extend physical memory (RAM)

Device Management

Kernel Modules

Drivers

  • Hardware devices → Interrupt Request (IRQ)

  • Register Interrupt Service Routine (ISR):

    • Handle interrupts generated by respective devices
    • Perform minimal processing and defer extensive processing to quickly return control to the interrupted process
    • Use Interrupt Controller:
      • ICs prioritize IRQs for CPU
      • APIC, MSI Controller

  • Device Drivers:

    • CPU, Network Drivers

  • File System Drivers:

    • Manage I/O and buffering
    • Example: NTFS

Pluggable Authentication Modules (PAM)

Provides framework for integrating authentication methods into applications

Network Protocol Modules

TCP/IP, UDP

Security Modules - Linux Security Modules (LSM)

Provide hooks for security decisions (file/network operations, process executions)

e.g. SELinux

Kernel Services

  • Manage software interrupts:
    • Exception Handling
    • System calls:
      • Examples: read(), write(), getpid(), time(), pipe(), socket(), exec()
      • Processor Mode switch: user to kernel mode (OS core functions)
      • Execute privileged operation
      • Return to user mode

Namespaces

Used to isolate process IDs, network, mount points, users, etc between groups of processes for containerization / sandboxing

Control groups (cgroups)

Manage CPU, memory, I/O resource usage for groups of processes

File System Management

  • Organize files, metadata hierarchically in directories for easy access
  • File data storage allocation

Encryption

  • During storage and transit

Authorization

Discretionary Access Control (DAC)

  • Manages user permissions (rwx)
  • Defined in Access Control Lists

Security

Authentication

  • Verifies identity
  • Username-password login, biometrics, SSH keys

Authorization

SELinux

  • Implements Mandatory Access Control (MAC) at kernel level
  • Establish roles and permissions for users and processes, overriding DAC based on resource ownership
  • Enforces security policies that restrict access to system resources (e.g., Port access for applications)

Firewall

  • Block incoming traffic based on rich rules
    • Example: block traffic on specific port from certain services/IPs

Boot Process

1. Power ON

CPU fetches reset vector (addr) from Firmware ROM which points to first instruction of firmware

2. Firmware

2.a. BIOS

  1. POST (Power On Self-Test):
    1. Checks CPU, RAM, MoBo, I/O devices
    2. If successful:
      Locates bootable media
    3. Else:
      Stops and shows error (Beeps/LED codes)
  2. Reads storage boot sector (LBA 0) - contains Master Boot Record
MBR (512 B) -
0x0000–0x01BD, 446 bytes Bootstrap code: scans parition table
0x01BE–0x01FD, 64 bytes Partition table (4 entries) - 1 partition marked active (bootable) - contains bootloader
0x01FE–0x01FF, 2 bytes Boot signature (0x55AA)

2.b. UEFI

  1. SEC (Security Initialization)
  2. PEI (Pre-EFI Initialization)
  3. DXE (Driver Execution Environment)
  4. BDS (Boot Device Selection)
  5. Reads storage primary GPT header (LBA 1) -> partition table -> identifies ESP by its special GUID

GPT

EFI System Partition (ESP) - FAT32

  • Contains .efi executable files like bootloader e.g. systemd-boot, GRUB2
  • Later mounted on /boot/efi
  • Secure boot ensures only signed .efi are executed

3. Bootloader

3.a. GRUB

/boot/efi/EFI/redhat/grub.cfg:

  • Boot menu
  • Command line parameters (can customize kernel behavior)
  • Loads into RAM:
    • vmlinuz (supports virtual memory)
    • initramfs img

3.b. systemd-boot

/boot/efi/EFI/systemd/systemd-bootx64.efi

  • Boot menu
  • Loads vmlinuz and initramfs into RAM and hands over execution

4. Kernel

  • vmlinuz contains a small stub (decompression code) that extracts itself

  • Initializes:

    • CPU:
      • Configures CPU registers
      • Sets up exception and interrupt handling mechanisms
    • Memory:
      • Physical
      • Virtual
    • Device detection:
      • Storage controllers
      • Network Interfaces
      • Peripherals

  • Load modules (e.g., drivers) compiled into kernel:

    • Initialized during boot

  • Mounts temporary RAM-based filesystem (tmpfs) as /

  • Extracts initramfs img into /

  • Executes /init script:

    • Loads modules (e.g., Intel/AMD microcode)
    • Mounts storage / as Read-only -> fsck (file system check) -> remounts / as RW and then chroot
    • Executes PID 1 (/sbin/init, sym-linked to /usr/lib/systemd/systemd)

5. Init System

  • /etc/fstab invoked:

    • Filesystem Table - mounts defined filesystems on boot
      • Example: Device Mount_point Filesystem Options Dump Pass

  • Manages services based on targets (systemd) or runlevels (older init system):

    • Reads unit files in /usr/lib/systemd/system and /etc/systemd/system
    • Executes them in order
Runlevel target symlinked to Systemd Target
0 poweroff.target
1 rescue.target (Getty)
2-4 multi-user.target
5 graphical.target
6 reboot.target

Show currently loaded targets/runlevel

systemctl list-units --type=target or

runlevel

Temporarily switch target

systemctl isolate name.target or

init #

Permanent target

systemctl get-default

systemctl set-default name.target

6. User Login & Session Management

Init starts processes like getty or display managers that handle user login

After login, the user’s shell (CLI/GUI) or session manager initializes user-specific configurations

Windows

CLI (Terminal Emulators)

  • Windows Terminal

Shell

  • PowerShell

Corporate License

  • Employees/competitors can report unlicensed software to organizations like BSA through their channels for investigation and potential enforcement actions

  • Software vendors often engage intermediary audit firms, such as KPMG, whose compliance and regulatory officers conduct audits to ensure corps comply with software license agreements

Linux

Distributions

  • Individual maintainers, or orgs
  • Different package managers
    • Main packages hosted on distro repos
    • Easy update and install through shell instead of searching for binaries

Kernel

  • Analogous to UNIX kernel written from scratch
  • Originally developed by Linus Torvalds, written in C
  • Rust used for new modules
  • Originally hosted on Git
    • Now on GitLab
    • Has a GitHub repo without active commits

File Systems

File System Crash Protection Data Integrity Checks Snapshots Built-in RAID Support Use Case
ext4 Journaling None No No Small-med file RW, Desktops
Btrfs Copy-on-Write (COW) Checksumming Yes Yes Desktops
XFS Journaling Metadata Checksums No No Large file servers
ZFS Copy-on-Write (COW) End-to-End Checksums Yes Yes High-capacity servers, data centers

ext4

  • Linux File System
    • Directories stored as files -> point to inodes -> point to data blocks

RAID

  • Redundant Array of Independent Disks
  • Data redundancy, performance
    • Hardware
      • RAID controller
    • Software
      • Linux software RAID
      • LVM RAID

Directory Structure

/ Root directory
/boot Bootloader and kernel files
/dev Device files
/bin User command binaries
/sbin System binaries
/usr User binaries, data; typically read only
/opt Optional software applications
/lib Essential shared libraries and kernel modules
/home User home directories
/root Root user home directory
/etc Configuration/setting files
/var Variable data files e.g. logs, tmp (persistent)
/tmp Session (short-lived) temporary files
/mnt Temporary mount point for external file systems
/proc Virtual FS interface for kernel data structures, contains dir for each PID
/sys Virtual FS for kernel data structures

CLI (Terminal Emulators)

Terminal app

  • Gnome Terminal, st

Shell

(Userspace) interface to interact with applications

  • Interactive: User can enter commands
  • Non-interactive: /sbin/nologin
  • Login
    • Loads user environment
  • Non-login
    • Loads only global config without user environment

GNU Utils

  • FOSS utilities analogous to UNIX OS in function written from scratch

Systemd Service Types

Type Description
simple Starts the service binary as a child process running in the foreground immediately; systemd tracks the child process but considers the service started once fork succeeds.
notify Like simple, runs in foreground but waits for a "ready" signal from the service before marking it started.
exec Starts a child process that replaces itself with the service binary (execve); systemd waits for successful exec, ensuring accurate startup detection and tracking the actual service process.
forking Service forks and parent exits; the orphaned child is reparented by the kernel to PID 1 (systemd), which tracks it as the main process. Used for traditional daemonizing services.
oneshot Runs one or more short tasks sequentially, waits for completion, then stops; ideal for scripts or one-time jobs.

Commands

command [-f] [--flag] arguments #case sensitive

Help Command Description
which List path of binary
find dir -name [file] Search for files in a directory hierarchy; can use * (wildcard)
find dir -wholename [*/dir] Search for dir in a directory hierarchy
locate [file/dir] List files & directories with substring and subdirectories from database
updatedb Updates locate's database (/etc/updatedb.conf);
whatis cmd Short description of a command
man cmd Long manual description of a command
cmd --help List flags and options for a command
df -h [filename] Show space used in filesystems (for specified filenames)
du -h -d 1 [dir] Show space used by directory, with max depth for subdirectory list
lsblk List block devices
lsblk -f Display block devices and their filesystems
findmnt Display currently mounted filesystems
mount /dev/devicename /mountpoint Mount block device to mount point
umount /mountpoint Unmount block device from mount point
w List users, host/IP, login time, tty, CPU usage, shell
who List users, tty, and login time
last Show login history with IP and login duration
whoami Show current shell logged-in username
who am i Show username, tty, and login time
users Show logged-in usernames
finger List users, host, tty, user ID details
stat filename Show access/read time, modification/write time, change time (metadata, permissions, ownership)
date Print or set date and time
hostnamectl [--set-hostname] Systemd binary to query/change hostname; displays OS and kernel details (also in /etc/os-release)
uname -a Print system information
File Management Command Description
cd [absolute / relative path] Change directory
ls List directory contents
-l -> ll Long listing format
-a Show all entries (including those starting with .)
-h Human-readable sizes
-u Show access time instead of modification time
lsof List open files
cp source dest Copy files
-r dir Copy directories recursively
mv source dest Move or rename files/directories
mkdir [dir] Make directory
mkdir -p [parent/child] Make parent directories as needed
rm file [f2] [f3*] file00{4,5,6} Remove file(s); supports wildcards and brace expansion
-r dir Recursively remove directory and its contents
-f Force remove; never prompt - ignore nonexistent files
rmdir dir Remove empty directory
touch file Create empty file
echo "text" Print text on stdout
cat [file1] [file2] Concatenate files and print on stdout
[1 / 2 / &]> file Redirect stdout/stderr/both, overwrite file
>> file Append to file
grep -v word Exclude lines containing word
-w word Search for whole word
awk '{print $1, $2}' filename Print specified columns
cut -c1 filename Print first character of each line
sed -n '5p' filename Print only the 5th line
stout | less Print output in pages
head [file] / tail [file] Print first/last part of file
tar -cvf archive.tar [files / dirs] Create tar archive
-Avf a1.tar a2.tar Append a2 contents to a1
-rvf a1.tar [files / dirs] Append to tar
-czvf a1.tar.gz dir Create gzip-compressed tar archive
-tf a1.tar.gz List contents of archive
-xvf a1.tar.gz Extract archive
gzip [file] Compress file
Vim Command Description
vim -o file1 file2 Open multiple files vertically
-O file1 file2 Open multiple files horizontally
:r file_name Append file into current buffer
:set textwidth=80 Wrap lines after 80 characters
:split [file] / :vsplit [file] Split window horizontally/vertically in vim
:qa Quit all windows
:only Close all but current window
:wq ZZ Save and quit if changes made
Ctrl + w + arrow keys Switch window
File Permission Management Command Description
chown username[:groupname] file/dir Change owner (and group owner)
chgrp groupname file/dir Change group owner
chmod [u,g,o][+/-/=][r][w][x] Symbolically change user,group,other read (2) write (4) execute (1) permissions
+/-t dir Sticky bit to dir for denying file deletion/renaming if write provided. T only appears if x missing for o (for distinguishing purpose).
nnn file/dir Numerically change perms
chattr Change file attributes. File cannot be modified by even root unless attribute is removed.
+a append only
lsattr List attributes
umask defaults: dir 777 - 022, file 666 - 002
User/Group Management Command Description / Notes
adduser username Add a user, interactive on debian - create homedir, add passwd
useradd username Add a user
-g gid/gname Custom primary group, else same name as username; gets ownership for user created files
-G g1,g2 Supplementary groups; gives files' group perms to user
-m Create home directory if it doesn't exist
-d custom_homedir Use custom home directory
passwd username Set or change password for user
usermod [-g][-G][-d] Modify user account
-aG group1,group2 username Append user to supplementary groups
userdel username Delete user
gpasswd -M user1,user2,user3 groupname Add multiple users to group
groups username List groups user is part of
id username Show UID, GID, and group memberships
groupadd gname Add group
-g 1003 Custom group ID (must be unique)
groupmod Modify group
-n newname oldname Change group name
-g newid gname Change group ID
groupdel gname Delete group
Process Management Command Description
ps Snapshot of current process - UNIX and BSD options
-ux User oriented format, include processes without a tty
a All with tty, including other users
-a All with tty except session leaders
kill pid Send signal SIGTERM(15) by default to terminate a process
-s Specify signal name/number
-9 SIGKILL(9) - immediately terminate
-18 SIGCONT(18) - resume paused process, fg/bg chosen by process type
-l List signals
pkill process_name Kill by process name
Ctrl+C Send SIGINT(2) - Interrupt and terminate process, can be ignored
Ctrl+Z Send SIGSTP(20) - Suspend and send to background (paused, can have custom handling, not ignored)
Ctrl+\ Send SIGQUIT(3) - Interrupt + core dump for debugging, can be ignored
crontab [-u] [-l / -e] List/edit user crontab files
* * * * * command min hour day_of_month month day_of_week
@monthly command Run monthly
jobs List paused process id and names
fg (%job_id) Resume fg process, most recent without argument
bg (%job_id) Resume bg process
sar [-u] 1 3 System Activity Report - CPU utilization (-u) by default, interval_time (s) number_of_times
top command Description
top -p Monitor specific pid
o COMMAND=chrome Filter with custom param, superior to L
L Locate process_name
k Kill
r Renice - change priority
h Help
Partition Management Command Description
parted List and change GPT/MBR partition tables
fdisk [-l] [/dev/device] List and change legacy MBR partition tables
partprobe Make the kernel re-read the partition table without rebooting
mkfs.ext4 /dev/sda1 / mke2fs -t ext4 /dev/sda1 Create an ext4 filesystem on a partition
System Monitoring Command Description
vmstat Virtual memory statistics
iostat CPU and I/O stats for block devices
System Resource Management Command Description
ulimit [-S/H] -a View current shell session soft and hard limits
ulimit [-S/H] <resource_flag> <value> Set soft/hard resource limit for current shell session
/etc/security/limits.conf Set resource limits permanently for specific users or groups
yum autoremove Remove orphaned packages
rpm --rebuilddb Rebuild RPM DB in case it becomes inconsistent

Networking

Connection Management Command Description
nmcli BSD style command line tool for NetworkManager
d[evice] Show network devices
d show device_name Show network device details
d connect/disconnect device_name Connect or disconnect a device
d wifi connect "SSID" password "your_password" Connect to WiFi network with SSID and password
netstat / ss -tu Show network connections and sockets: TCP, UDP sockets
-l Listening/open ports
-n Numerical output, show IP instead of hostname
Protocol Port
ssh{scp -> sftp} 22
SSH Command Description
ssh user@host Log into remote shell
scp [-r] user@host1:/path user@host2:/path Copy files/directories between hosts - remote or local (doesn't require explicit hostname)
ssh-keygen -t rsa -b 4096 -C "abc@example.com" Generate SSH key pair on client
ssh-copy-id user@server_ip Copy public key to server for passwordless authentication
ssh-keygen -R server_ip Remove server entry from client's known hosts file (fixes host key mismatch errors)
IP Command Description
dhclient -r && dhclient p8p1 DHCP client: release current IP and request new one for interface
ip a[ddr] show [dev p8p1] Show interface IPs
add/del 192.168.x.x/24 dev p8p1 Add/delete specific IP to/from interface
nmcli d reapply p8p1 Reapply network configuration for interface without restart
ip a flush dev p8p1 Remove all IPs from interface, including v6

Password Policy

Shadow Utils Config / Command Description
/etc/login.defs System-wide account & password policy defaults (e.g., aging, min/max days, warning period)
/etc/shadow Encrypted user passwords and per-user password/account aging policies
chage -m 7 -M 90 -W 7 username Set min, max, and warning days for password expiry for a specific user
PAM Config Description
/etc/pam.d/ Configs for each service to control which PAM modules are used
/etc/security/pwquality.conf Password quality module settings used by services like passwd

Reset root password (via GRUB)

  • Reboot
  • GRUB menu -> select boot entry -> press e
  • Find the line starting with linux16 or linux, and append boot parameters to the end:

rw init=/sysroot/bin/sh # Mount root file system as rw, start a shell (sh) as the first process (init, PID 1)

chroot /sysroot

passwd root
touch /.autorelabel    # re-label SELinux contents

exit

reboot