DETERMINACIÓN DE LA ETAPA CONTROLANTE DE LA VELOCIDAD

In Unix, everything is a file system object. This includes print queues, running processes, and devices; even the kernel’s memory space is represented as a file in the file system.

Unix implements permission-based security. So, because everything in Unix is a file, file system permissions can be effectively used to control access to devices, processes, and so forth. This simplifies security dramatically and requires fewer methods of checking for security.

The File System

All hard disks and their various partitions are mounted in a single unified directory in Unix. There are no drive letters or different disk objects as you would find in Windows or many other operating systems. Otherwise, the directory structure is very similar to most other operating systems in that it is a hierarchy of directories that can contain other directories or files.

partition

A low-level division of a hard disk. A partition contains a file system. mount

To make a file system on a block device available. The term comes from the act of mounting a reel of tape on a tape reader.

The root of the file system is referred to as /, so using the change directory command below will take you to the root of the file system:

cd /

From there, other partitions and disks can be mounted and will appear as directories. For example, the /boot directory is usually a small partition at the beginning of the disk that

contains the kernel. This convention stems from the fact that many computer boot loaders can only load the kernel from the beginning of a large hard disk, because they were written when all disks were relatively small and they can’t access disk sectors beyond a limited range. The following graphic shows the typical first-level Linux directory structure.

CD-ROM drives are typically mounted in the /dev/cdrom directory, so that if you change directory to /dev/cdrom/install, you would be mapped to the same location as d:\install if that CD-ROM were mounted in a Windows machine.

Many Unix administrators create the /home directory in a separate partition to ensure that end users can’t fill up the system partition where the operating system needs space to run. The /var directory, where log files are kept, is another popular directory to mount in its own partition. None of this is necessary, however—the entire file system can be created in a single partition, in which case these directories would represent just directories, not mounted disks or

partitions.

The Unix mount command is used to attach a block device like a hard disk partition or a CD- ROM drive to the file system.

File System Structures

There are three primary file system structures that are used in Unix to manage files: Inodes are the heart of Unix file systems. Inodes contain all the metadata (data about data) that describes the file, except its name—including the file’s location on disk, its size, the user account that owns it, the group account that can access it, as well as the permissions for the user and group account. Inodes are stored in an array of inodes on the disk.

inode (index node)

A file descriptor in Unix systems that describes ownership, permissions, and other metadata about a file.

Directories are simply files that relate a list of file names to an inode index number. They contain no information other than the text of the name and the inode that contains details of the file. There can be any number of names that reference an inode, and when there are more than one, they are called hard links. When you delete a file in Unix, you’re really just removing a hard link. When the last hard link is removed, the kernel deletes the inode and reclaims the disk space.

hard links

Multiple file names for a single inode. Hard links allow a single file to exist in multiple places in the directory hierarchy.

File contents are the data stored on disk, such as the text in a text file, or the information being read in or written out to a serial port, TCP/IP socket, named pipe, etc.

So when I say that in Unix everything is a file, what I really mean is that every process, network socket, I/O port, or mass storage device contains a name in the unified file system directory tree and an inode that describes its security permissions. They do not necessarily have actual file content stored on disk.

I/O port

An interface to peripherals, like serial devices, printers, etc. Inodes

Consider the following mythical directory listing from a Unix machine in the standard format of the ls command:

The various file types shown are:

• Standard files are data structures stored on disk. file

A sequence of data that is permanently stored on a mass-storage device, such as a hard disk, and referenced by a name.

• Directories are files that map file names to inode numbers. directory

A file that contains the names of other files or directories.

• Character devices are I/O devices that transfer one character at a time, like a serial or parallel port.

character devices

A class of peripherals that transmit or receive information one byte at a time (i.e., processing occurs for each byte received). Typically, character devices are lower-speed devices like keyboards, mice, or serial ports.

• Block devices are I/O devices that transfer large blocks of data at a time, such as a hard disk drive or network adapter.

block devices

Peripherals that transfer mass quantities of information in large units (i.e., processing occurs for each large block of information received, rather than for every byte). Block devices are typically high-speed devices like hard disk drives or local area network adapters.

• Sockets are connections made between computers on a network using TCP/IP. socket

A specific TCP or UDP port on a specific IP address, for example: 192.168.0.1:80. Sockets are used to transmit information between two participating computers in a network

environment. Sockets are block devices.

• Pipes are first in, first out (FIFO) communication streams between processes on the same computer or on computers in a local area network.

pipe

An inter-process communication mechanism that emulates a serial character device.

This listing displays much of the information contained in an inode, along with the file name that is contained in the directory. Inodes also contain pointers to the actual file data and a few other things, but for our purposes, this listing shows almost everything in an inode that you need to know to understand Unix security.

You can determine the type of a file using the ls command by examining the first character of the mode field (the first character of the file.) I’ve named the files according to their type, so you can see that d represents a directory, for example.

Because all I/O devices and communication mechanisms are described by file names and inodes, all of the standard Unix file processing tools can be used to operate on them. For example, you can cat (list) the contents of a process file and see a textual representation of its memory on screen (although it will be impossible for you to interpret it).

Devices (and most of the other strange file types) are typically mounted in the /dev directory. This is a convention, not a requirement, and it’s important to remember that a hacker may attempt to mount a device within their own /home directory.