Using Windows to Understand Linux

Most books on operating systems introduce the basic concepts of the systems from scratch. In this chapter we take a different approach. Since most people has used a computer before, and since the different versions of Microsoft's Windows are installed in over 90 percent of the desktops today, we will explain the main

Linux, like Microsoft Windows, is an operating system, that is a software that controls the machine, running programs, managing devices like cd-rom readers, hard disks, monitors, etc. However, Linux is a version of Unix, a system developed from the start to be a multi-user system. Also, in the Unix world, computers have been linked to networks since the 1970's. This means that Linux has

• Multiuser x personal systems, the admin Until the advent of Windows NT, the Microsoft systems were designed for personal computers. That means that, even if more than one person was using a computer, the system assumed that there was no need for protecting the data in the computer, or to prevent the user from doing any particular task.Linux, like Windows NT, Windows 2000 and Windows XP, is a multiuser system. This means it is assumed that more than one person will use the system. Having more that one user means that the system needs to control the access to the computer and to protect the data of one user from the other. To provide this separation a Linux system provides accounts, and each account has a password. This used to be a novel concept for most users but, with the advent of Internet mail, most people have an email account in some internee site. The concept is exactly the same.

  The administrator

  In multiuser systems, since many people will be using the computer, important tasks involving the basic functioning of the system need to be reserved only to a special user, the system administrator (or root). The administrator is generally the only user that can install or remove software, create new user accounts and modify the configuration of the computer (add new disks). Administration of a Linux system is not a trivial task and require some expertise, mainly if you are managing a Linux server. For machines used as personal Workstations the administration tasks can be reduce to a minimum, and can generally be performed by someone with less expertise.

• Protection Protection of data and programs in Linux follows a very simple, yet very flexible, protocol. For each file, program, disk volume or device, there is a set of three permissions, associated with three different user categories.

  User categories:

  • owner - usually the user that created the file (the owner, however, can be changed)
  • group - a file also belong to a group User groups are created by the administrator and can have any number of users. A user can also participate in any number of groups.
  • other - any user that is not the owner and do not belong to the file's group.

  Permissions

  • read - indicates that a file's content can be copied or read.
  • write - indicates that a file's contents can be modified or erased.
  • execute - indicates that a file can be run as a program. If set for a directory, indicates that the user can ``go through'' the directory.

  Therefore, for each file or directory we have three categories of users: the owner, the users that belong to the file's (or directory's) group, and the rest of the world. Also, for each category there are three permissions: reading, writing and executing. This means each file has 9 protection codes associated to it. Let's see some examples

  $<table>$

  The flexibility of Linux's protection scheme can be very useful. Let's consider some case studies

  • A laboratory has three different research groups. Work has to be confidential between groups, but researchers in the same group can share information freely. The laboratory's head researcher has full access to all information. In this situation we can have three user groups in Linux, each user group contains the users associated with each research group. The account of the head researcher is included in all groups. All files have full access (reading, writing, executing) for the owner and the group, no access to the rest of the word.
  • A researcher has a project that is confidential. He is the only one that should be allowed to modify the files of the project, or to execute the programs being developed. However, the head researcher of the lab should be able to access the files for inspection. In this case we need one user group with two accounts: the researcher's account and the lab. head's account. All files in the project will have the researchers as the owner. The owner will have full access (read, write, execute), but the group will have only read access. The rest of the world will have no access to the file.
  • A laboratory obtains a special licence to run some software. However, the software should be run only in the laboratory's computers. No user should be allowed to inspect, copy or modify the code. The file that contains the program should have the administrator as the user (or the account of the person responsible for the software). A group should be created for all user's of the laboratory. The user will have full access, the group will have only execute permission, and the rest of the world will have no permissions set.
  • ? ACCIDENTAL REMOVAL?

  The unix command to set permissions will be explained in the practical section of this chapter.

• Data exchange Normal file exchange in the Windows world involve have access to an Internet site for downloads and having specially designed Internet pages for uploading information (like, for example, sending a file to be attached to an email message in a web mail site). However, maintaining a web service is not a easy task and involves many security risks.

  Any two Linux computers in the Internet can exchange information safely, independently of the fact that they maintain a web service or not. There are a series of programs that allow users to download and upload information across the Internet safely, provided that they have an regular account and password in the remote computer. [figure with two computers and information flowing between them, caption: data exchange, with the address of the remote computer you can send files or download files].

• Sharing disks One common problem in laboratories with more than one computer is the fact that information generated when someone uses a specific machine is kept locally. Windows allow the sharing of information across computers using the ``network neighborhood'' icon. Good network practice would involve requiring users to only store information in a single computer, a server. Having all information in a server means users can access it from any other machine. In the Window's world the administrators of the server can make folders available to users. A user has then to ``map'' the remote folder in his local account. All information stored in the mapped folder will actually be stored remotely. This type of sharing involves some user knowledge (to map the remote folder) and discipline to always use the folder that is mapped to the server.

  With linux, remote directories can be mapped transparently into local folders of a computer. Actually, the whole user area can be mapped remotely. The user does not need to perform any tasks. Once logged in, all information stored by the user in his directories will actually be send to the server. It is the system administrator's task to perform this mapping and it can be done for all users of the network. The sharing architecture can be changed without any need to inform the users. So, for example, a new server can be added to the network and some users' directories moved to the new servers without the need to notify anyone. [figure with two computers each one with one disk, one of the computers will have a disk that is shaded, meaning that it is ``virtual'' , information will flow from this virtual disk to the remote computer and back to the local computer; caption:Sharing disks, what appears to be in a local disk is in another computer, the user is unaware of this sharing]

• Sharing processors In the Windows world some programs, when installed in the server, can be run remotely by users in some other computer the local network. The user will only click the program icon in the shared folder and the remote CPU will do the processing. However this feature has to be part of the program code. Some programs will run remotely, others will still run locally. Some software in windows will not run remotely period.

  In the Linux world, anyone can run some software in a remote computer, provided his has an account name and a password. Actually, logging in a remote computer is a standard procedure for Linux users. It is up to the user to decide which is the best computer to run the software (provided, of course, the software is installed in that computer and that the user has an account there). There is no restriction imposed on the location of the computer. You can run software in your computer in Sri-lanka while visiting a research lab in Romania, with no need for special Linux configurations or installation. This is called in the linux world a ``remote login''. The local computer serves only as a terminal, the local disk is not used, only the keyboard, mouse, and screen. [figure with two computers, the program will show a window inside the screen of the first computer and a similar one on the remote computer, but shaded. Caption: Users can log in other computers, program will run in remote computer, but screen is in local computer, data stays in remote machine]