AGH · Open Operating Systems · Class 2

Linux: Tree, /dev & Filesystem
Foundations

Łukasz Gołek · WIMiC AGH · 2025/26
01 / 34 Title

Open Operating Systems

Linux — the base of the system
Łukasz Gołek · WIMiC AGH

Presenter Notes
02 / 34 Course Plan

Arch Linux and Gentoo — Course Plan

  • Hardware, files and user permissions
  • The Arch Way & Installation (Part I)
  • Installation (Part II) & System Configuration
  • Bootloaders & Network Management
  • Package Management
  • Xorg, Wayland & Desktop Environments
  • Gentoo – The Deep Dive: Introduction to Gentoo & Portage
  • USE Flags & Optimization
  • The Linux Kernel (The Manual Way)
  • Your suggestions 😊
Presenter Notes
03 / 34 Key Message
You don't have to know
everything at once!

The most important thing is that you understand how your system works — the rest will come with time. Linux is a very simple and logical system once you understand the basics.

Presenter Notes
The most important thing is that the beginnings might seem difficult to you, but remember — you don't have to know everything at once!
04 / 34 VM Setup — Bootloader

AGHOS GRUB Bootloader

In the bootloader, select the language you want to use for the boot process.

AGHOS GRUB boot menu
AGHOS GRUB boot menu — choose language variant
Presenter Notes
The next 5 slides are for persons who work in VM. In the bootloader.
05 / 34 VM Setup — Runlevel

Editing Kernel Parameters

Select the desired entry and press E to edit. At the end of the kernel line, add 3 to boot into runlevel 3 (multi-user, no GUI).

GRUB menu
Kernel parameters edit
Then press: Ctrl+X or F10 to boot with the modified parameters.
Presenter Notes
In the bootloader, choose the language you want and press "E". Then, at the end of the line with the kernel parameters, add 3. This tells the kernel which runlevel it should boot into.
06 / 34 VM Setup — Login

VM Login Screen

AGHOS login terminal
Type aghos as login (no password required initially) → you are now in the terminal.
Presenter Notes
You should see the login screen, type aghos here and you should be in terminal.
07 / 34 Commands — sudo / su / passwd

Setting a Password & Switching Users

Login as: aghos  (without password)
sudo su               # become root
passwd aghos          # set a temporary password
⚠ The password is temporary and will be lost after the VM restarts.

su — switch user

Switches to another user account. Requires the target user's password. Starts a new shell as that user.

sudo — superuser do

Executes a single command with elevated privileges. Requires the current user's password. Controlled via /etc/sudoers.

sudo su

Runs su as root using sudo. Gives you a root shell without requiring the root password.

passwd

Change your own password. sudo passwd john — change password for another user as superuser.

Presenter Notes
On this slide, we see a step-by-step example for setting up a simple password for a user in Linux, starting from a user who can log in without a password. First, we use sudo su to switch to the root account. Next, we use passwd aghos to set a password for the user aghos. For learning purposes, just use any simple password — but remember, this is for learning only!!
08 / 34 VM Setup — SSH

Connecting via SSH (Optional but Recommended)

SSH allows you to use proper copy/paste shortcuts in your host terminal instead of typing directly in VirtualBox.

systemctl start sshd          # start SSH daemon inside VM
ssh -p 2222 aghos@localhost   # connect from host terminal

Or connect via PuTTY (Windows):

PuTTY SSH configuration
PuTTY: Host = 127.0.0.1, Port = 2222
Presenter Notes
Connecting via SSH is optional, but it's much more convenient than typing directly in the VirtualBox window, because you can use Ctrl+C to copy and Ctrl+Shift+V to paste text into the terminal. Connect using: ssh -p 2222 aghos@localhost — VirtualBox forwards port 2222 to port 22 inside the VM.
Linux Filesystem Tree
09 / 34 The Root
/

In Linux, this single character is the most important directory in the entire system — the root directory. Everything starts here. Every file, every folder, every device lives somewhere under /.

Presenter Notes
First thing you have to know about Linux is its structure. This slide shows just a single character — the forward slash / In Linux, this is the most important directory in the entire system — the root directory. Everything starts here. Every file, every folder, every device — it all lives somewhere under /. Think of it as the root of a tree.
10 / 34 Linux Directory Tree

The Full Linux Directory Tree

/ ├── /bin essential user binaries (ls, cp, bash…) ├── /boot boot files — bootloader, kernel ├── /dev device files — hardware as files ├── /etc system configuration files │ ├── /etc/passwd user account definitions │ ├── /etc/fstab filesystem mount table │ └── /etc/hosts static hostname-to-IP mappings ├── /home user home directories ├── /lib system libraries ├── /mnt mount points for external resources ├── /opt "alternative" / third-party software ├── /proc virtual FS — running processes & kernel info ├── /root home directory for the root user ├── /sys virtual FS — hardware management interface ├── /tmp temporary files ├── /usr most user programs and libraries │ ├── /usr/bin non-essential user commands │ ├── /usr/lib libraries for /usr/bin programs │ ├── /usr/local locally compiled software │ └── /usr/share arch-independent data, man pages └── /var variable data — changes frequently ├── /var/log system logs ├── /var/lib database files └── /var/cache package caches
Presenter Notes
All other directories — /home, /etc, /var, /usr — are branches growing from this single root. Whenever you see a path starting with /, it means it's an absolute path — measured from this top-level directory, not from where you currently are. /bin contains essential commands like ls, cp, and bash — the basic tools you use every day. /etc is where all system configuration files live. /dev holds device files — in Linux, hardware devices are represented as files.
11 / 34 Home & Root User

Key Distinction: / vs /root vs /home

/home — regular users

Every user gets their own subdirectory: /home/aghos, /home/albert, /home/kasia… When you log in as a regular user, this is your starting point.

/root — administrator home

The home directory of the root user. Intentionally separate from /home — even if /home is unavailable, root can still log in.

⚠ Same word — two different things:
/ (root directory) = top of the entire filesystem tree
root user = the administrator account whose home is /root
Keep this in mind — it trips up a lot of beginners.
/home ├── /home/aghos ├── /home/albert ├── /home/kasia └── /home/ziggie /root ← root user's private home (NOT the same as /)
Presenter Notes
After logging in as a user, you are always in the /home/user_name directory (aghos, johnny, steve...). Unless you log in as root, in which case you are in the /root directory. The root directory / is the top of the entire filesystem tree. The root user is the administrator account whose home happens to be /root. Same word — two completely different things.
12–13–15 / 34 Directory Reference

What Lives Where

/dev

Every device — hard drive, USB stick, keyboard — has a corresponding file here. Linux treats hardware as files.

/etc

The "control panel" of the system. All configuration files for services, users, and programs live here.

/bin

Essential commands every user can run: ls, cp, mv, bash.

/home ⚡ large files

Each regular user gets their own folder. Movies, pictures, music, games — gigabytes per file, written once, read many times.

/var ⚡ tiny fast writes

Short for "variable". Log files grow here, databases store data here, mail queues sit here — thousands of tiny writes all the time.

/boot

Everything needed to start the system: the kernel itself and bootloader configuration. Without this, the system won't start.

/usr

Where most installed programs and their libraries live. The "software" directory of the system.

/proc & /sys

Virtual filesystems. Don't exist on disk — provide real-time info about processes and hardware.

/tmp

Temporary files. Cleared on reboot. Use tmpfs (RAM-backed) for best performance.

Remember for filesystems: /home = many large files, rare writes. /var = thousands of small files, very frequent changes. Different workloads → different optimal filesystems.
14 / 34 Filesystems — Preview

Filesystems You Probably Already Know

FAT (12, 16, 32) & exFAT

File Allocation Table. Universal compatibility (USB drives, SD cards). FAT32: max 4 GB per file. exFAT: removes the 4 GB limit. No journaling, no Unix permissions.

NTFS

Windows default since NT. Has journaling. Supports large files and permissions. Not ideal for Linux root partitions — but readable/writable on Linux.

In coming classes we'll cover Linux-native filesystems: ext4, XFS, Btrfs, and ZFS.

The /dev Directory
16 / 34 /dev
/dev

Short for devices. In Linux, everything is treated as a file — including hardware. Your hard drive, USB stick, keyboard, and terminal all appear as files in the system.

Presenter Notes
Now let's take a closer look at /dev — one of the most unusual directories in Linux. dev is short for devices. In Linux, everything is treated as a file — including hardware. Your hard drive, your USB stick, your keyboard, your terminal — they all appear as files.
17 / 34 Everything is a File

In Linux, every hardware device is a file in /dev

/dev/sda

First serial drive (SATA or USB)

/dev/sda1 / sda2 …

Partitions of the first serial drive

/dev/sdb1,2…5

Partitions on the second serial drive

/dev/video0

First video capture device (webcam). Second camera → video1

/dev/input/mouse0

First mouse. Every movement, every click flows through this file as a stream of data.

Pattern

Device type + number starting from zero. Numbers = "first found", "second found"…

These are not regular files on disk. They exist only in memory, created by the kernel at boot time. Talk to them, and the kernel talks to the hardware for you — through the driver.
Presenter Notes
Your first hard disk is /dev/sda. The first partition on that disk is /dev/sda1, the second is /dev/sda2. This is a very powerful concept — if everything is a file, you can use the same tools to work with hardware as you do with regular files. You can read from a disk with cat, copy it with cp, or write directly from file to file with any command.
18 / 34 Device File Interface

Device files can be controlled like regular files

Operations available on all device files:

  • read — read data from the device
  • write — send data to the device
  • open — open the device file
  • close — release the device file

Why this matters

The same cat, cp, or dd commands that work on text files also work on device files. Want to clone an entire disk? dd if=/dev/sda of=disk.img

19 / 34 Device Types Reference

Types of Device Files in /dev

Block Devices ★

/dev/sda, /dev/nvme0n1
Hard drives, SSDs, USB drives. Random access, data in chunks (blocks).

Character Devices ★

/dev/tty, /dev/snd
Terminals, sound cards. Sequential stream — one character at a time. No seeking.

Network Devices

/dev/eth0, /dev/enp0s3
Ethernet and wireless interfaces.

Pseudo-Terminal

/dev/pts/0
Virtual terminals — used by SSH sessions, terminal emulators.

Shared Memory

/dev/shm
RAM-backed shared memory for IPC.

Input Devices

/dev/input/
Keyboards, mice, joysticks, touchpads.

Cryptographic / Special

/dev/random, /dev/urandom
Random number generators. /dev/null — the black hole.

Key distinction: Block devices = random access in fixed-size chunks (seekable). Character devices = sequential byte stream (not seekable).
20 / 34 Unix Philosophy

Everything is a File — Linux's Unified I/O Model

Same syscalls for everything:

read  (fd, buf, n)
write (fd, buf, n)
open  (path, flags)
close (fd)
ioctl (fd, cmd)

Whether it's a file, a device, a socket, or a process — the same interface handles it all. No special cases.

Examples:

/dev/sda — Block device

HDD/SSD — random access storage

/dev/tty0 — Char device

Terminal — sequential stream

/proc/cpuinfo — Virtual FS

Kernel data — generated on the fly

File Descriptor Table (per process):

fd 0 stdin → /dev/tty fd 1 stdout → /dev/tty fd 2 stderr → /dev/tty fd 3 file → /home/data.txt
Presenter Notes
What do a hard drive, a keyboard, a network camera, and a random number generator have in common? In Linux — they are all files. Unix, since the 1970s, built its whole I/O model on one single abstraction: the file. It doesn't matter if we talk about data on disk, a serial port, or a network socket - you open it, read it, write to it, and close it, exactly like a file./div>
21 / 34 Block vs Character

Two Main Kinds of Devices

Block devices vs Character devices diagram
Block devices (HDD/SSD) vs Character devices (camera, microphone, mouse)
Presenter Notes
22 / 34 Block Devices

Block Devices — Data Access Model

/dev/sda, /dev/nvme0n1, /dev/mmcblk0 — random access, buffered I/O

How it works

Process calls read(fd, buf, 4096) → VFS checks Page Cache → cache HIT: return from RAM instantly → cache MISS: goes to Block I/O Layer → disk driver.

Key property

Data is stored as numbered sectors. You can jump (lseek) to any block. No ordering requirement. That's the fundamental difference from character devices.

Presenter Notes
Block devices: Hard drives, USB sticks, CD drives. You can jump to any block location — just like seeking in a file. VFS checks the Page Cache first. If the data is already in RAM (cache HIT) — returns immediately. On a cache MISS — VFS descends to the Block I/O Layer.
23 / 34 Character Devices

Character Devices — Data Access Model

/dev/tty, /dev/urandom, /dev/input/event0 — sequential stream, no buffering, no seeking

No Page Cache

Data is not buffered in RAM. Every read() goes directly to the driver. That is why reading from /dev/urandom is slower than reading from a file.

No lseek()

You cannot rewind the stream. Which makes sense — how would you un-receive bytes that already came from the keyboard?

The elegance of Unix: The same abstraction (files), but two completely different behaviours underneath. Block devices = random access. Character devices = sequential stream.
Presenter Notes
Character devices: Terminal (/dev/tty), mouse, keyboard, serial port. The data flows like a stream — byte by byte, in order, with no way to rewind. The USB drive is a block device which is connected to the character device. Every one are files. Some are block devices, others are character devices. Same abstraction, two completely different behaviours at the background. And that is the elegance of Unix.
Users, Groups & Permissions
24 / 34 Linux Groups & Permissions

Linux Groups & Permissions — Full Reference

ℹ️ This slide is informational — study it from the slides sent after class. Focus on understanding that groups, users, and permissions exist in Linux.
groupadd audio
create group 'audio'
usermod -aG audio alice
add alice to audio group (always use -a!)
chmod 660 /dev/dsp
rw-rw---- (owner+group only)
groupdel audio
delete group
gpasswd -d alice audio
remove user from group
id alice
show all groups of user
chown root:audio /dev/dsp
set owner:group
chmod 4755 /usr/bin/sudo
setuid bit — run as file's owner
chmod 2770 /srv/shared
setgid — new files inherit group
Octal: 4=read 2=write 1=exec owner=hundreds group=tens others=units setuid=4000 setgid=2000 sticky=1000 Example: 755 = rwxr-xr-x | 644 = rw-r--r--
25 / 34 Security Model

Privilege Inheritance — Why Linux is Safe

Every process inherits the UID/GID of the user who launched it — no exceptions. A program cannot give itself more privileges than its parent had.

What malware CAN do (as alice):

  • Read/delete/encrypt everything in /home/alice
  • Exfiltrate alice's documents, SSH keys, browser data
  • Send emails or HTTP requests as alice
  • Crypto-mine using alice's CPU quota

What malware CANNOT do:

  • Write to /etc, /usr, /bin
  • Affect other users' files
  • Survive a user deletion

The cure:

rm -rf /home/alice
# wipes user + malware
# system untouched

useradd -m alice
# fresh account, clean slate

Total remediation time: under 60 seconds.

Windows comparison:

LinuxWindows
Malware contained in user directory Drivers run in ring 0 — malware can escalate
rm -rf /home/alice removes everything Registry survives user deletion — malware persists
No cross-process injection COM/DLL injection across process boundaries
Clean in <60 seconds Multi-hour forensic exercise
Linux vs Windows Architecture
26 / 34 Architecture Comparison

Linux vs Windows: Architectural Differences

✓ Linux⚠ Windows
Monolithic kernel with loadable modules HAL (Hardware Abstraction Layer) — legacy since NT 3.1
Direct hardware access via VFS Win32 API compatibility layer on top of kernel
Drivers compiled or loaded as modules Drivers run in ring 0 — one crash = BSOD
Clean separation: kernel space / user space Registry: monolithic configuration database
POSIX standard — predictable interfaces Decades of backward compat. shims
SELinux, AppArmor, namespaces, cgroups Attack surface grows with every compat. layer
No backward compat. baggage from 1985 Patching HAL often breaks legacy drivers
Presenter Notes
Windows NT 3.1 over 30 years ago introduced HAL — the Hardware Abstraction Layer. A quite reasonable idea for its time — to isolate drivers from hardware. The problem is that layers were never rewritten. They have been growing for almost 30 years. Linux: a driver crash does not necessarily kill the system — it depends on the subsystem. Windows: drivers run in ring 0 — one faulty driver equals a BSOD.
27 / 34 Visual Metaphor

Windows Security Architecture — A Visual Metaphor

Pool held together with duct tape — Windows security metaphor
New hoses attached to old hoses, tape over the leaks, more leaks appearing every year.
That is literally what Windows looks like on the inside. Every security patch has to navigate around the entire legacy stack.
Presenter Notes
Today Windows security, due to abstraction layers, looks like that.
28 / 34 Business Model Analysis

Microsoft's Business Model — Structural Complexity as a Moat

⚠ Hypothesis — not an accusation of intentional backdoors, but a structural observation about incentive alignment.

1. Structural Lock-in

The Win32/HAL/Registry architecture creates enormous switching costs. Cleaning up legacy would break millions of enterprise apps. Microsoft knows this and has no economic incentive to fix it.

2. Fear as a Service

Regular high-profile vulnerabilities (EternalBlue, PrintNightmare, MSHTML…) drive enterprise customers toward Microsoft's own security products: Defender, Sentinel, Entra ID. The problem and the solution are sold by the same vendor.

3. Patch Paralysis

Deep HAL coupling means patching one subsystem risks breaking drivers, OEM hardware, or line-of-business apps. Microsoft can show "effort" while delivering limited actual reduction in attack surface.

Presenter Notes
A theory, and this is not a conspiracy theory - this is mathematics. A subtler point: the structure of the system creates economic reasons that make fixing it unprofitable. EternalBlue, PrintNightmare, Follina, MSHTML — every high-profile vulnerability is an advertisement for Defender, Sentinel or Entra ID. Microsoft sells the problem and the solution. That is not cynicism; that is economics.
29 / 34 /dev — Summary

/dev — Device File Reference

The directory /dev in Linux contains files responsible for communication between the computer and devices.

# Storage /dev/sda ← first hard drive /dev/sdb ← second hard drive /dev/sdc ← third hard drive /dev/sda1 ← first partition of first drive # Network (exposed via /sys/class/net) /sys/class/net/eth0 /sys/class/net/eth1 /sys/class/net/wlan0 # Video / cameras /dev/video0 ← first camera /dev/video1 ← second camera
In the Linux system, hardware is visible as a file in the system. This is completely different from Windows.
Terminal — Practical Commands
30 / 34 Let's Fight with Shell

Let's fight with shell 🙂

Popular terminal emulators:

xterm   aterm   uxterm   konsole
yakuake   kitty   alacritty   gnome-terminal
Pick any terminal you like. The shell inside is what matters — most likely bash or zsh.
31 / 34 Security Rule
⚠ Never work from the root account
on network stations!

Use sudo for individual privileged commands. Running everything as root removes all the security boundaries we just discussed.

32 / 34 Essential Commands

Where Are You? — Essential Navigation Commands

pwd
print working directory — where am I?
ls -alh
list files (all, long, human-readable). Hidden files start with a dot: .hidden
cd ~ / cd .. / cd .
change directory: home / parent / current
mv src dst
move or rename a file/directory
touch filename
create empty file or update timestamp
cat file
concatenate — print file contents
grep pattern file
global regular expression print — search text
wc -l file
word counter — count lines, words, chars
du -sh path
disk usage — size of file or folder
df -h
disk free — space on all filesystems
Also useful: /etc/hosts — static hostname-to-IP mappings.
Try: sudo nano /etc/hosts to explore your first Linux config file.
Presenter Notes
And you've just been introduced to the terminal text editor - nano. There are some others, like vim and mcedit.
33 / 34 Mount Points & /dev

Mounting — Connecting Partitions to the Directory Tree

/ ├── /dev │ ├── sda │ │ ├── sda1 │ │ ├── sda2 ─────────────┐ << drive for Arch │ │ ├── sda3 │ │ │ └── sda4 │ │ └── sdb │ │ ├── sdb1 │ │ └── sdb2 │ └── /mnt │ ├── gentoo ◄───────────────┘ << mount point └── windows

What is mounting?

Connecting a partition (like /dev/sda2) to a directory in the tree (like /mnt/gentoo). After mounting, you access the partition's contents through that directory.

Commands

mount /dev/sda2 /mnt/gentoo
umount /mnt/gentoo
Persistent mounts configured in /etc/fstab

34 / 34 Homework

Before Next Class — Activate AGH VPN

Action required: Go to panel.agh.edu.pl and activate the VPN connection. You will need it from next class onwards.
AGH Panel VPN configuration page
AGH Panel → VPN AGH → Download OpenVPN configuration for 2025/26
⚠ The VPN configuration file contains a secret key. Do not share it with other people.

If you have any questions — you know where to find me. See you in a week! 🙂

Presenter Notes