SI110: Operating Systems

The operating system is a go-between, between the physical machine and the users/programs.

If you take a big picture view of a computer, you get three things:

the physical computer
the operating system
the user and programs running on the user's behalf

You should understand what I mean by "the physical machine", and you should certainly understand "the user". What's meant by "programs running on the user's behalf" is simply that when you want to check e-mail, you launch the e-mail program. So what's the Operating System? On your laptops it's Windows, if you own an iphone, it's iOS or if you have another smartphone it might be Android, on the computer I'm using as I type this, it's Linux. The operating system is a very special program. It manages all the programs running on the computer and acts as an intermediary between those programs (or the user) and the physical machine. Neither the user nor a regular program manipulates a resource like the hard drive directly. Instead, they ask the operating system to manipulate the resource on their behalf. In this lesson we'll learn a bit about operating systems.

What is an Operating System

An Operating System (OS) is a program (or collection of programs) that manage the physical computer and the programs that run on it. There are many different OS's out there, and you may be passingly familiar with several

	MS Windows - your laptops "run Windows 7", meaning that the OS is MS Windows version 7
	Unix - Unix is actually a family of OS's. The CS department web server runs a Unix variant called Linux. Apple's Mac OS X is a variant of Unix. Linux is going to play a role in this course. It's what's called Open Source, which means that people are free to modify it to suit their needs. Thus, a lot of security-related tools are built this way.
	iOS - Apple's iPhone, iPod Touch and iPad all run an operating system called iOS, which is designed for smaller "mobile devices".
	Android - many smart phones run Google's Android OS, which is another OS built specifically for mobile devices.

Because the OS manages the computer and all the programs that run on the computer, it is of critical importance to security. It can restrict what programs and users do to make sure they can't cause too much trouble on the system. Conversely though, when OS's have security flaws, it's a really big problem. Here is a recent example: link

Services the OS Provides

The OS provides services to Users and programs — it does things on their behalf that they cannot or are not allowed to do for themselves. Some important kinds of OS-provided services are:

file operations — the OS manages all the different storage-related peripherals, like hardrives, flashdrives, DVD's, etc. Only the OS can truly create, modify, read and destroy files.
network connections — only the OS can actually send or receive data to/from a computer's ethernet port (wired) or WiFi radio (wireless). A program that wishes to send data over a network has to ask the OS to do it on the program's behalf.
user accounts, permissions and logins — the OS ensures that users login properly, and that they can only access the things they're supposed to.
processes — more about this below. The important thing here is that the OS manages the program's as they execute, scheduling when each program gets to use the CPU to progress in its execution.

The OS generally provides three ways for programs and users to access its services:

the GUI — GUI means "graphical user interface", basically this is the stuff you click on or use your fingers on a touch screen to interact with. For example, in Windows you can right-click on a file name in the file browser, choose the "rename" option in the resulting menu, type in a new name, and then press enter. This asks the OS to change the file's name on the harddrive for you. The GUI is an OS interface pretty much only for users, not for programs.
shell commands — The shell allows commands for the OS to be entered as plain text strings. For example, in the Windows shell (called Command Prompt), to rename a file currently named foo.txt by changing it to bar.txt, you would type:
```
move foo.txt bar.txt
```
The shell is an OS interface for both programs and users.
the API — API stands for Application Programming Interface. It is a very direct way for an executing program to ask the OS to do something on its behalf. The API is an interface exclusively for programs.

The Windows shell can be accessed by clicking on the start button

and choosing Command Prompt

Although you are probably only familiar with using the GUI to access operating system services, the shell will be important for this course. That importance stems in no small measure from the fact that the shell is an interface to the OS for both users and programs alike. The OS's we'll use for this course are Windows and (a little bit of) Linux. Both have shells.

File Systems

You cannot understand information systems without understanding a bit about file systems. Files and folders are organized hierarchically on your computer. In Windows, you have a separate hierarchy for each Drive Letter, which is a letter followed by a colon. Normally, different drive letters correspond to different devices, perhaps C: is your harddrive, E: is your DVD drive, F: may be what you gets assigned to your camera when you plug it in (a camera has a drive with a filesystem for storing its photos). A file (or folder) is not defined uniquely by its name! Instead, it is defined uniquely by the path from the top or the hierarchy down to the file (or folder) in question, where the names in the path are separated by backslashes (\'s). You can navigate these file hierarchies in Windows by clicking on the start button

and choosing Computer from the right-hand side of the list that pops up. What you see at first is a screen with icons for each of the drive letters available on your system. Double click on C: and what you see is a list of all the files and folders that comprise the next level down in the hierarchy rooted at C:. Double click on Users and what you see is a list of all the files and folders that comprise the next level down from C:\Users. Double click on your user name, and then on Desktop after that. You're now fairly far down in the hierarchy. If there was a file named foo.txt here, its path would be

C:\Users\m15xxxx\Desktop\foo.txt

and while there may be many files named foo.txt on your system, there's only one with that exact path. BTW: In the file viewer, if you click on the icon at the far left of the address bar at the top, it prints out the path for you.

Key Points

files and folders are arranged hierarchically
every file and folder has a place in the hierarchy
So when you save a file in Word or download a file using your browser, those files get put somewhere in your filesystem, and you need to start becoming cognizant of where!
every file and folder is uniquely named by its path
in a file viewer window, you see the contents of one folder, the current folder, and the address bar describes the path to the current folder

The basic file system operations are to create or delete files and folders, to move (i.e. rename) files and folders, and to copy files and folders.

File Systems Operations with the Shell

Shell commands are entered as a command name followed by command arguments, which are extra pieces of information the command needs to do its job. For example, in the command

move foo.txt bar.txt

the command name is move and there are two arguments, the old name foo.txt and the new name bar.txt.

The the GUI's file viewer has a current folder that it's in at any given point in time. The shell works the same way, and its current folder is displayed to the left of the command prompt. You hop from one drive letter hierarchy to the next by typing the drive letter and colon then pressing enter. You list the contents of the current folder with dir. To move down in the hierarchy from your current drive letter, you type cd followed by the name of the folder you want to move down into. (cd stands for "change directory", "directory" being the Unix name for "folder".) The argument to cd doesn't need to be a name, it could be a path (starting from the current folder) several folders deep, it could be ".", which make cd do nothing, it could be ".." which makes cd go up a level in the hierarchy rather than down. In fact, "..\.." or "..\..\..", etc are allowed for going up multiple levels in a single step. Also we have

mkdir argument1 — which makes a new folder named argument1 in the current folder
del argument1 — which deletes the file named in the argument.
rmdir argument1 — which deletes the folder named in the argument.
copy argument1 argument2 — makes a copy of the file named in the first argument, and gives the copy the name provided by the second argument
move argument1 argument2 — renames the file named in the first argument using the name provided by the second argument
type argument1 — prints the contents of the file argument1 to the screen. Don't try this on a non-text file!

The arguments to these commands can be relative paths, i.e. paths that are relative to the current folder, or absolute paths, i.e. paths that begin with a drive letter and thus are interpreted the same way regardless of the current folder.

Processes

You can get a list of all the process currently running on your system: a) press control+alt+delete, b) choose Start Task Manager, c) click on the Processes tab, d) select Show processes form all users

recall that a program is really just a file, a file that contains the instructions the CPU is supposed to execute. A running instance of a program is called a process and, for the moment, you may think of a process as consisting of the program + which instruction in the program you're currently at. The same program could be executing more than once simultaneously. In this case you'd have many processes that were executing instances of the same program.

User accounts, logins, permissions

When the Task Manager shows processes,it lists the User name

Every process has a username attached to it (that user is called the process's owner) — typically the name of the user that caused the program to be run. Every file and folder also has a username attached to it (that user is called the file's owner).

In the shell, the command dir /Q lists all folders and files along with their owners' usernames.

Normally, the OS denies a process any request it might make to manipulate a file or folder unless the username attached to the process matches the username attached to that file or folder. Why just "Normally"? Because each file has a set of permissions — essentially rules defining which users can perform what kinds of actions — that are adjustable by the file's owner, and the owner can use those rules to change this behavior.

To view a file's permissions in Windows:

Right click on the file in question and select Properties.
Click on the Security tab.
View the permissions on that file. Modify carefully!

The security of information on the system (and thus of the system itself) relies on this user/permissions scheme for controlling the access of processes to files. Thus, it is crucial that a process whose owner is listed as m159999 was really launched at the behest of the person whose username is m159999. That means that the login procedure is very important.

The Operating System manages user accounts, logins and process/file permissions. This job is crucially important for security. If user m159999 is allowed to launch a process whose owner is listed as m158888 ... well, we've got trouble. That would give user m159999 access to m158888's files.

The rights that a user has to access files is constrained. Generally, however, there will be one account with unlimited rights (so, for example, they can read every file on the system, regardless of the usual user permission schemes). A user with these unlimited rights is called ... wait for it ... Superuser! There may be an actual superuser account (on Unix systems this is the account with username root), or regular users may be able to run a program with superuser privileges (we often say elevated privileges to communicate that the program/user can do more than they normally could) using a special password. In Windows 7, a User Account Control dialog box opens up when a program asks to run with elevated privileges. In Unix, a command is prefaced with sudo (super-user do) to run with elevated privileges. The ultimate prize in attacking a single computer is to be able to run programs with superuser privileges, because then you own that machine. In particular, if you can launch a shell with superuser privileges, you win.