For most people, a computer is a tool for solving problems. When running a word processor, a computer becomes a machine for arranging words and ideas. With a spreadsheet, the computer is a financial planning machine, one that is vastly more powerful than a pocket calculator. Connected to an electronic network, a computer becomes part of a powerful communications system.
At the heart of every computer is a master set of programs called the operating system. This is the software that controls the computer's input/output systems such as keyboards and disk drives, and that loads and runs other programs. The operating system is also a set of mechanisms and policies that help define controlled sharing of system resources.
Along with the operating system is a large set of standard utility programs for performing common functions such as copying files and listing the contents of directories. Although these programs are not technically part of the operating system, they can have a dramatic impact on a computer system's security.
All of UNIX can be divided into three parts:
The kernel, or the heart of the UNIX system, is the operating system. The kernel is a special program that is loaded into the computer when it is first turned on. The kernel controls all of the computer's input and output systems; it allows multiple programs to run at the same time, and it allocates the system's time and memory among them. The kernel includes the filesystem, which controls how files and directories are stored on the computer's hard disk. The filesystem is the main mechanism by which computer security is enforced. Some modern versions of UNIX allow user programs to load additional modules, such as device drivers, into the kernel after the system starts running.
Standard utility programs are run by users and by the system. Some programs are small and serve a single function - for example, /bin/lslists files and /bin/cp copies them. Other programs are large and perform many functions - for example, /bin/sh and /bin/csh, UNIX shells that process user commands, are themselves programming languages.
System database files, most of which are relatively small, are used by a variety of programs on the system. One file, /etc/passwd, contains the master list of every user on the system. Another file, /etc/group, describes groups of users with similar access rights.
From the point of view of UNIX security, these three parts interact with a fourth entity:
Security policy, which determines how the computer is run with respect to the users and system administration. Policy plays as important a role in determining your computer's security as the operating system software. A computer that is operated without regard to security cannot be trusted, even if it is equipped with the most sophisticated and security-conscious software. For this reason, establishing and codifying policy plays a very important role in the overall process of operating a secure system. This is discussed further in Chapter 2.