Minix 3 is a POSIX-compatible operating system. It is a micro-kernel running a collection of multiple user-mode server processes providing services to user-land programs and users.
The goal of its architecture is to achieve high reliability by running (almost) everything as user-mode processes, observing the principle of least authority by limiting what each process has access to and what they can do.
The micro-kernel is the core of Minix. It handles low-level functionality such as interrupts, scheduling, a primitive form of processes and inter-process communication (IPC).
This is the only component of Minix that runs in kernel mode, thus only the micro-kernel has full access to the bare metal (hardware peripherals, memory-management unit, physical address space…).
The micro-kernel provides a form of inter-process communication called message passing, in which messages are exchanged to communicate to the rest of the system. The messages themselves are fixed-size 64 bytes buffers.
To transfer larger amounts of data, memory grants allow processes to grant other processes indirect read and/or write access to well-defined memory regions of its virtual address space. The grants are managed by the process that emitted them and the kernel performs the act of reading/writing upon request. The memory grant credentials (4 byte identifiers) are exchanged by message passing.
Kernel system calls are provided to allow access to message passing, memory grants and the hardware to the rest of the system. They are provided by the micro-kernel and are specific to Minix. In particular, they are not to be confused with POSIX system calls, which are implemented at a higher abstraction level.
System calls (and thus message passing and memory grants) are subject to strict permissions checking. A process is limited by which system calls it is allowed to make, to whom it may send messages and which memory grants it has access to. Any unauthorized action is met with a error code saying no permission.
On top of the micro-kernel is running a collection of server processes that offer services to the rest of the system. Those processes run in user mode and thus lack the authority to directly access hardware or memory that doesn't belong to them. They use system calls to interact with other processes and hardware through the micro-kernel.
In Minix everything but the micro-kernel is a user process, however server processes are conceptually divided in two layers.
The drivers are processes who handle a specific hardware component. Each of those processes has access through the micro-kernel to its hardware resources (input/output ports, interrupts).
Examples of processes belonging in this layer are mass storage (floppy disk, hard disk, CD/DVD/Blu-Ray/tape drive…), network card, printer and serial port drivers.
The servers are processes offering services to the rest of the system. To do so, they use driver processes, the micro-kernel or other servers to perform the requests they receive. Servers do not have access to hardware resources like drivers do.
Examples of servers are the virtual memory, virtual file system, actual file systems, network stack and data store servers.
The user-land is the collection of processes, libraries, files and components that the users of the operating system use to get work done. User-land processes are processes just like drivers and servers, but unlike those they do not have specific privileges. To access facilities such as the file system or the network, they perform requests to servers. The application programming interface (API) provided at the lowest layer is POSIX, a set of common system calls (not the Minix micro-kernel ones) and libraries functions all Unix and Unix-like operating systems share.
Since Minix 3.2.0, most of the user-land is imported from NetBSD, with Minix-specific utilities mostly for administrating the servers and drivers. In a sense, Minix is now a reimplementation of the NetBSD user-land on top of a micro-kernel and now looks familiar to BSD users and developers.
Minix is provided with a base system mostly identical to the NetBSD one. Extra software and utilities is usually installed via pkgin, which is a binary package manager for pkgsrc, the huge collection of programs and libraries ports available on NetBSD and other operating systems.