Home > Articles > Operating Systems, Server > Linux/UNIX/Open Source

  • Print
  • + Share This
This chapter is from the book

Understanding the Linux File System Hierarchy

Linux has inherited from UNIX a well-planned hierarchy for organizing things. It isn’t perfect, but it is generally logical and mostly consistent, although distributions do tend to make some modifications that force some thinking and adaptation when moving between, say, Fedora, Slackware, and Ubuntu. Table 4.1 shows some of the top-level directories that are part of a standard Linux distro.

Table 9.1. Basic Linux Directories




The root directory


Essential commands


Boot loader files, Linux kernel


Device files


System configuration files


User home directories


Shared libraries, kernel modules


Directory for recovered files (if found after a file system check)


Mount point for removable media, such as DVDs and floppy disks


Usual mount point for local, remote file systems


Add-on software packages


Kernel information, process control


Super user (root) home


System commands (mostly root only)


Holds information relating to services that run on your system


Real-time information on devices used by the kernel


Temporary files


Software not essential for system operation, such as applications


Variable data (such as logs); spooled files

Knowing these directories can help you find files when you need them. This knowledge can even help you partition hard drives when you install new systems by letting you choose to put certain directories on their own distinct partition, which can be useful for things like isolating directories from one another, such as a server security case like putting a directory like /boot that doesn’t change often on its own partition and making it read-only and unchangeable without specific operations being done by a super user during a maintenance cycle. Desktop users probably won’t need to think about that, but the directory tree is still quite useful to know when you want to find the configuration file for a specific program and set some program options systemwide to affect all users.

Some of the important directories in Table 4.1, such as those containing user and root commands or system configuration files, are discussed in the following sections. You may use and edit files under these directories when you use Ubuntu.

Essential Commands in /bin and /sbin

The /bin directory contains essential commands used by the system for running and booting the system. In general, only the root operator uses the commands in the /sbin directory. The software in both locations is essential to the system; they make the system what it is, and if they are changed or removed, it could cause instability or a complete system failure. Often, the commands in these two directories are statically linked, which means that the commands do not depend on software libraries residing under the /lib or /usr/lib directories. Nearly all the other applications on your system are dynamically linked, meaning that they require the use of external software libraries (also known as shared libraries) to run. This is a feature for both sets of software.

The commands in /bin and /sbin are kept stable to maintain foundational system integrity and do not need to be updated often, if at all. For the security of the system, these commands are kept in a separate location and isolated where changes are more difficult and where it will be more obvious to the system administrator if unauthorized changes are attempted or made.

Application software changes more frequently, and applications often use the same functions that other pieces of application software use. This was the genesis of shared libraries. When a security update is needed for something that is used by more than one program, it has to be updated in only one location, a specific software library. This enables easy and quick security updates that will affect several pieces of non-system-essential software at the same time by updating one shared library, contained in one file on the computer.

Configuration Files in /etc

System configuration files and directories reside under the /etc directory. Some major software packages, such as Apache, OpenSSH, and xinetd, have their own subdirectories in /etc filled with configuration files. Others like crontab or fstab use one file. Examples of system-related configuration files in /etc include the following:

  • fstab—The file system table is a text file listing each hard drive, CD-ROM, floppy, or other storage device attached to your PC. The table indexes each device’s partition information with a place in your Linux file system (directory layout) and lists other options for each device when used with Linux (see Chapter 20, “Kernel and Module Management”). Nearly all entries in fstab can be manipulated by root using the mount command.
  • modprobe.d/—This folder holds all the instructions to load kernel modules that are required as part of the system startup.
  • passwd—The list of users for the system, including special-purpose nonhuman users like syslog and CouchDB, along with user account information.
  • sudoers—A list of users or user groups with super user access.

User Directories: /home

The most important data on a non-server Linux system often resides in the user’s directories, found under the /home directory. User directories are named by default according to account usernames, so on a computer where I have an account named matthew, my home directory would generally be found in /home/matthew. This can be changed, and if you’re curious you can read more about it in Chapter 10, “Command-Line Master Class.”

Segregating the system and user data can be helpful in preventing data loss and making the process of backing up easier. For example, having user data reside on a separate file system or mounted from a remote computer on the network might help shield users from data loss in the event of a system hardware failure. For a laptop or desktop computer at home, you might place /home on a separate partition from the rest of the file system, so that if the operating system is upgraded, damaged, or reinstalled, /home would be more likely to survive the event intact.

Using the Contents of the /proc Directory to Interact with the Kernel

The content of the /proc directory is created from memory and exists only while Linux is running. This directory contains special files that either extract information from or send information to the kernel. Many Linux utilities extract information from dynamically created directories and files under this directory, also known as a virtual file system. For example, the free command obtains its information from a file named meminfo:

matthew@seymour:~$ free 

          total       used       free      shared   buffers     cached
Mem:      4055680     2725684    1329996   0        188996      1551464
-/+ buffers/cache:    985224     3070456
Swap:     8787512     0          8787512

This information constantly changes as the system is used. You can get the same information by using the cat command to see the contents of the meminfo file:

matthew@seymour:~$ cat /proc/meminfo 
MemTotal:                    4055680 KB
MemFree:                     1329692 KB
Buffers:                      189208 KB
Cached:                      1551488 KB
SwapCached:                        0 KB
Active:                      1222172 KB
Inactive:                    1192244 KB
Active(anon):                 684092 KB
Inactive(anon):                   16 KB
Active(file):                 538080 KB
Inactive(file):              1192228 KB
Unevictable:                      48 KB
Mlocked:                          48 KB
SwapTotal:                   8787512 KB
SwapFree:                    8787512 KB
Dirty:                           136 KB
Writeback:                         0 KB
AnonPages:                    673760 KB
Mapped:                       202308 KB
Shmem:                         10396 KB
Slab:                         129248 KB
SReclaimable:                 107356 KB
SUnreclaim:                    21892 KB
KernelStack:                    2592 KB
PageTables:                    30108 KB

NFS_Unstable:                      0 KB
Bounce:                            0 KB
WritebackTmp:                      0 KB
CommitLimit:                10815352 KB
Committed_AS:                1553172 KB
VmallocTotal:            34359738367 KB
VmallocUsed:                  342300 KB
VmallocChunk:            34359387644 KB
HardwareCorrupted:                 0 KB
HugePages_Total:                      0
HugePages_Free:                       0
HugePages_Rsvd:                       0
HugePages_Surp:                       0
Hugepagesize:                   2048 KB
DirectMap4k:                   38912 KB
DirectMap2M:                 4153344 KB

The /proc directory can also be used to dynamically alter the behavior of a running Linux kernel by “echoing” numerical values to specific files under the /proc/sys directory. For example, to “turn on” kernel protection against one type of denial-of-service (DoS) attack known as SYN flooding, use the echo command to send the number 1 to the following /proc path:

matthew@seymour:~$ sudo echo 1 >/proc/sys/net/ipv4/tcp_syncookies

Other ways to use the /proc directory include the following:

  • Getting CPU information, such as the family, type, and speed from /proc/cpuinfo.
  • Viewing important networking information under /proc/net, such as active interfaces information under /proc/net/dev, routing information in /proc/net/route, and network statistics in /proc/net/netstat.
  • Retrieving file system information.
  • Reporting media mount point information via USB; for example, the Linux kernel reports what device to use to access files (such as /dev/sda) if a USB camera or hard drive is detected on the system. You can use the dmesg command to see this information.
  • Getting the kernel version in /proc/version, performance information such as uptime in /proc/uptime, or other statistics such as CPU load, swap file usage, and processes in /proc/stat.

Working with Shared Data in the /usr Directory

The /usr directory contains software applications, libraries, and other types of shared data for use by anyone on the system. Many Linux system administrators give /usr its own partition. A number of subdirectories under /usr contain manual pages (/usr/share/man), software package shared files (/usr/share/name_of_package , such as /usr/share/emacs), additional application or software package documentation (/usr/share/doc), and an entire subdirectory tree of locally built and installed software, /usr/local.

Temporary File Storage in the /tmp Directory

As its name implies, the /tmp directory is used for temporary file storage; as you use Linux, various programs create files in this directory.

Accessing Variable Data Files in the /var Directory

The /var directory contains subdirectories used by various system services for spooling and logging. Many of these variable data files, such as print spooler queues, are temporary, whereas others, such as system and kernel logs, are renamed and rotated in use. Incoming email is usually directed to files under /var/spool/mail.

Linux also uses /var for other important system services. These include the topmost File Transfer Protocol (FTP) directory under /var/ftp (see Chapter 24, “Remote File Serving with FTP”), and the Apache web server’s initial home page directory for the system, /var/www/html. (See Chapter 22, “Apache Web Server Management,” for more information about using Apache.)

  • + Share This
  • 🔖 Save To Your Account