Navigating the Linux File Structure: A Comprehensive Guide

File structure refers to the organization and hierarchy of files and directories (folders) on a computer’s storage system. In Linux the file structure follows a tree-like structure with a single root directory (“/”) from which all other directories and files branch out. See: Filesystem Hierarchy Standard

• In Linux system, everything is a file and if it is not a file, it is a process (every time you run a program or command, a new process is created with its own unique process ID (PID) to identify it).
• A file doesn’t include only text files, images and compiled programs but also include partitions, hardware device drivers and directories.
• So, Linux consider everything as as file and files are always case sensitive.

File types

In a Linux system, files can be categorized into several types based on their purpose, content, and how they are used. Here are some common types of files:

• Regular files: these are the most common type of files, containing data such as text, binary data, or program instructions. Regular files can be further divided into two subtypes:

1. Text files: files that contain human-readable text, such as configuration files, scripts, and documents.
2. Binary files: files that contain non-textual data, such as compiled programs, images, audio, video, etc.

• Directories: these are special files that contain references to other files and directories, forming a hierarchical structure for organizing files on the system.
• Symbolic links (symlinks): Symbolic links are files that point to other files or directories, acting as shortcuts or references to the target files.
• Device files: These files represent physical or virtual devices connected to the system, allowing user programs to communicate with the hardware. There are two types of device files:

1. Character device files: represent devices that transfer data character by character, such as keyboards and mice.
2. Block device files: represent devices that transfer data in blocks or chunks, such as hard drives and SSDs.

• Named pipes (FIFOs): these are special files used for inter-process communication (IPC), allowing two or more processes to communicate by reading and writing to the pipe.
• Sockets: these are files used for network communication, enabling processes on different systems to exchange data.
• Domain sockets: Similar to regular sockets, domain sockets facilitate communication between processes on the same system.
• Special files: These include files such as /dev/null (a black hole that discards data written to it), /dev/random and /dev/urandom (used for generating random data), and others that serve specific purposes.
• System files: files used by the operating system itself, containing critical configuration data and system information. These files are usually located in specific directories like /etc and /usr/share.
• Temporary files: Files created by applications to store temporary data, often found in the /tmp directory.

Visualizing the Root Directory Level

First install tree (utility that displays the directory structure in a tree-like format):

sudo apt install tree

And then the following command says “show me only the first (1) level (L) of the directory tree starting at / (root)”

tree -L 1 /

This is how it looks in my Debian distro.

Most Linux distributions will show you the same or a very similar layout to what you can see in the image above.

Symbolic link

Notice for example bin -> usr/bin. That indicates that there is a symbolic link named bin in the root directory / that points to the /usr/bin directory.

Symbolic links (also known as soft links or symlinks) are references to other files or directories in the file system. They act as shortcuts or aliases, allowing you to access a file or directory through a different path. When you use a symbolic link to access a file or directory, the system transparently redirects you to the actual target location.

This arrangement is often found in Linux distributions for historical reasons and to maintain compatibility with older systems. Many essential executables that used to reside directly in the /bin directory have been moved to /usr/bin over time, and a symbolic link is created from /bin to /usr/bin to ensure backward compatibility with older software.

I’ll be commenting this because for example later you could see commands like ls, pwd, rm, mv, etc., are in the /bin directory but when you use the command which in order to know their location you will notice the path does not show /bin, it actually shows /usr/bin:

Let’s explain each directory in the same order they appear:

/ (Root Directory)

Denoted by a single forward slash /, the root directory is the topmost directory in the Linux hierarchy structure. All files and folders on your Linux system are stored here and can be referenced from this directory. Don’t confuse the root / directory with the root home directory /root.

/bin

/bin is the directory that contains binaries, that is, some of the applications and programs you can run. You will find the ls program as well as other basic tools that you may remember from my last post:

Mastering the Linux Terminal: A Beginner’s Guide to Essential Commands

In modern Linux distributions, it is common to find certain binaries in both /bin and /usr/bin. This is due to the concept of “binaries shuffling” and the changes introduced in the Filesystem Hierarchy Standard (FHS) version 3.0.

Historically, /bin and /usr/bin used to have slightly different purposes. The /bin directory contained essential binaries needed for system maintenance and recovery, while /usr/bin held user-level binaries. However, with modern Linux distributions, this distinction has become less significant, and some distributions have merged the contents of /bin and /usr/bin.

/boot

/boot directory contains files required for starting your system. If you mess up one of the files in here, you may not be able to run your Linux.

It holds all the essential files related to the initial stages of the boot process, including the Linux kernel, initial RAM disk (`initramfs` or `initrd`), and boot-loader configuration files.

The kernel is the core component of the operating system that manages hardware and provides essential services, while the initramfs/initrd is a temporary filesystem loaded into memory during boot to facilitate the mounting of the real root filesystem. Together, they form the foundation for the Linux operating system to start and operate smoothly.

/dev

/dev provides access to devices connected to the system. Many of these are generated at boot time or even on the fly. For example, if you plug in a new webcam or a USB pendrive into your machine, a new device entry will pop up here.

/sys and /dev are both related to devices. However, they are very different. The main difference between /dev and /sys lies in their purpose and the way they represent devices and drivers. /dev contains device files that allow direct communication between user programs and hardware devices, while /sys is a virtual file system that provides runtime information about the kernel’s view of devices and drivers. /dev facilitates interaction with devices, while /sys offers insights into the kernel’s device and driver configuration.

/etc

/etc gets its name from the earliest Unixes and it was literally “etcetera” because it was the dumping ground for system files administrators were not sure where else to put.

Nowadays, it would be more appropriate to say that etc stands for “Everything to configure,” as it contains most, if not all system-wide (affects all users on the system) configuration files.

The primary purpose of the /etc directory is to hold configuration files for various software and services on the system. These configuration files control the behavior and settings of applications, daemons, system services, and the operating system itself.

/home

/home is where you will find your users’ personal directories. You could have two directories: /home/username, which contains all your files; and /home/guest, in case anybody needs to borrow your computer.

Linux is a multi-user environment so each user is assigned a specific directory that is accessible only to them and the system administrator.

Keep in mind that this directory is the only directory that you can write on without the privileged access of root user. For the other directories, although you can read most of them without root access, you can’t modify and write on them.

/lib

The /lib directory contains essential shared library files that are required for the proper functioning of executable binaries and various system utilities. Shared libraries are collections of code and functions that multiple programs can use simultaneously, allowing for efficient memory usage and code reuse.

In some Linux distributions, the shared libraries are stored in /lib, while in others, they may be found in /usr/lib or /usr/lib64. The distinction between these directories can vary depending on the Linux distribution and its file system hierarchy.

On 64-bit systems, you may also find a /lib32directory containing 32-bit shared libraries to support compatibility with 32-bit applications. Additionally, there might be a /lib64directory containing 64-bit shared libraries.

/media

The /media directory in Linux is used as a mount point for removable media devices, such as USB drives, optical discs (CDs, DVDs), and external hard drives. When a removable media device is connected to the system, the operating system automatically mounts it to the/media directory, allowing users to access the contents of the media.

When the user finishes using the removable media, they can unmount it by ejecting or safely removing the device. This action unmounts the device from the /media directory, and the corresponding sub-directory is removed.

/mnt

The /mnt directory is used as a generic mount point for temporarily mounting filesystems or devices. Unlike the /media directory, which is primarily reserved for automatically mounting removable media devices, the /mnt directory is intended for system administrators or advanced users to manually mount filesystems for various purposes.

So, /media and /mnt are basically the same; however, it is recommended to use /mnt for manual mounting and leave /media directory for the OS.

/opt

The /opt directory (stands for optional) is used to store optional or third-party software applications that are not part of the core operating system distribution. It provides a designated location for installing software that does not follow the standard file system hierarchy of the Linux distribution.

For example, in below example, you can see the software folder for the Brave browser which I installed on my computer. Because I am using the -a flag you also can see the current directory .and parent directory .. . I could also write ls -la /opt/ so I do not have to move there using cd.

It’s important to note that while /opt is a convenient location for third-party software, the recommended approach for installing software on Linux is to use the distribution’s package manager whenever possible. The package manager ensures proper integration with the system, dependency resolution, and simplified maintenance.

In summary, the /opt directory in Linux serves as a location for installing optional or third-party software that is not managed by the distribution’s package manager. It provides a separate, non-standardized space to keep these applications isolated from the core system components.

/proc

/proc, like /dev is a virtual directory, disappears once the computer is shut down because data is saved in RAM.

One of the main purposes of /proc is to provide information about running processes on the system. Each running process is represented by a directory named with its process ID (PID) under /proc. Inside these directories, you can find details about the process, such as status, memory usage, open files, command-line arguments, and more.

/root

The /root directory in Linux is the home directory for the root user (superuser or administrator). It is not to be confused with the root directory represented by /, which is the top-level directory in the file system hierarchy.

The root user has full control over the entire system and can access and modify any file or directory, regardless of file permissions. As such, the /root directory can only be accessed and modified by the root user.

/run

The /run directory is a temporary filesystem that provides a runtime location for storing and accessing frequently changing data that needs to be available early in the boot process and shared among different processes. It is often mounted as a tmpfs (a filesystem that resides in memory) to facilitate quick access to critical runtime information.

Its primary purpose is to store runtime data or state information that is required during the system’s current session. This data may include process identifiers (PIDs), sockets, lock files, and other files used by various system services and daemons.

It is typically available early in the boot process, even before other filesystems (like those in /etc, /var, or /home) are mounted. This early availability is crucial because certain processes and services require access to essential runtime data as soon as possible during system initialization.

tmpfs mount ensures fast access and avoid writing to disk, many Linux distributions mount the /run directory as a tmpfs filesystem, which resides in RAM. This allows for rapid read and write operations since the data is stored in memory rather than on a physical disk.

Historically, the /run directory was introduced as a replacement for the /var/run directory. While some systems might still use /var/run for compatibility reasons, modern Linux distributions prefer using /run.

/sbin

The /sbin directory (stands for system binaries) contains essential system binaries (executable programs) that are primarily used by the system administrator (root) for system maintenance, configuration, and recovery tasks.

The /sbin directory is distinct from the standard /bin directory, which contains essential user-level binaries accessible by all users. Placing system binaries in a separate directory helps prevent accidental misuse by regular users.

Some examples of binaries found in /sbin include ifconfig (for network interface configuration), fsck (file system check), fdisk (for disk partitioning), shutdown (for system shutdown), reboot (for system reboot), and iptables (for configuring firewall rules).

For convenience, many Linux distributions include /sbin in the system’s PATH environment variable for the root user, enabling the use of these binaries without specifying the full path. However, for security reasons, it’s better to invoke system binaries with their full paths to avoid potential vulnerabilities.

/usr

The /usr directory (stands for Unix System Resources or user) contains user-related data and programs, including user commands, libraries, documentation, and other supporting files that are not essential for basic system functionality.

The primary purpose of the /usr directory is to store data and programs that are not critical for the basic operation of the system but are still essential for user-level tasks and applications.

Directory Structure:

• /usr/bin: User commands (executable binaries) accessible to all users.
• /usr/sbin: System administration commands for privileged users (root or users with administrative privileges).
• /usr/lib: Libraries and support files required by user-level programs.
• /usr/share: Architecture-independent data, such as documentation, data files, and shared resources used by various applications.
• /usr/include: Header files required for software development.
• /usr/local: Locally installed software and custom binaries that are not part of the distribution’s package management system.
• /usr/games: Games and entertainment-related programs.

When you see, for example, /bin in many modern Linux distributions (like Debian, Ubuntu, Mint), it’s essentially pointing to /usr/bin, and the actual binary executables are located in /usr/bin.

Many modern Linux distributions have adopted a unified approach to file system layout, where for example /bin is merged into /usr/bin, and symbolic links are used to maintain backward compatibility. This change is part of the Filesystem Hierarchy Standard (FHS) version 3.0 and was implemented to simplify the file system structure and reduce duplication of binaries.

The FHS version 3.0 recommends that /bin , /sbin and /lib should all be symbolic links to /usr/bin, /usr/sbin and /usr/lib, respectively. The rationale behind this change is to treat all binaries as part of the same unified directory, making it easier to manage, maintain, and update the system.

The benefits of this unified approach include:

• Simplified Maintenance: Having a single location for binaries streamlines package management and reduces the need to maintain separate copies of the same files.
• Space Optimization: Merging binaries reduces the amount of duplicated data on the disk, potentially saving space.
• Improved Consistency: By having all binaries in one place, it is easier to manage and update the system as a whole, ensuring consistent behavior across different parts of the file system.

So, the main reason for maintaining compatibility and using symbolic links for directories like /bin, /sbin, and /lib in many Linux distributions is backward compatibility and supporting older software and scripts that might assume the traditional file system layout. By preserving the symbolic links, the system ensures that scripts and applications written with the assumption of the old layout will continue to work without modification.

/srv

The primary purpose of the /srv directory is to serve as a storage location for data associated with services offered by the system. This data could include websites, FTP repositories, data shared over the network, and other service-specific information.

/srv is particularly useful for hosting environments, web servers, or other systems that provide services to users or clients. It allows administrators to easily locate and manage service-specific data, making it convenient for customization and site-specific configurations.

On most Linux distributions, the /srv directory is empty by default.

/sys

The /sys directory is a virtual filesystem, similar to /proc and /dev, meaning that its contents are not stored on disk but are dynamically generated by the kernel and exposed as files and directories.

The main purpose of the /sys directory is to serve as an interface to the kernel, allowing user-space applications and administrators to access and modify various kernel parameters, device configurations, and hardware information.

Inside the /sys directory, you can find information about the system’s hardware devices, such as CPU, memory, disk drives, USB devices, and more. It provides detailed information about the state and characteristics of each device.

While /proc provides process and system information, and /dev provides access to devices, /sys primarily focuses on exposing device and kernel-related data.

/tmp

The /tmp directory is a location used for storing temporary files that are required by various processes and applications during the course of their execution. It is meant for temporary data that does not need to persist across system reboots and is typically cleared upon boot or at regular intervals to reclaim disk space.

The primary purpose of the /tmp directory is to provide a centralized and shared location for processes to create and access temporary files. Temporary files are used for a variety of purposes, such as caching, inter-process communication, and storing data that will be discarded after its immediate use.

For instance, when you’re writing a word document in a word processor, it saves a temporary file to capture everything you type. In case your system crashes before you save the file, the word processor can search the /tmp directory to find a recent saved copy and recover your text. These temporary files are essential for handling short-term data tasks, such as caching and inter-process communication. It’s important to note that the contents of the /tmp directory are meant to be temporary and do not persist after a system reboot, as the directory is usually cleared during boot to free up disk space.

/var

The /var directory (stands for variable) is used to store variable data, which includes files that change frequently during the system’s operation. It contains various types of data that can be written to and modified by system processes and users.

The primary purpose of the/var directory is to hold data that varies in size and content as the system runs. This includes log files, spool directories, cache files, application databases, temporary files that persist across reboots, and other data that changes frequently.

Within /var, you’ll find various subdirectories that hold different types of variable data, such as /var/log for log files, /var/spool for print queues and mail spools, /var/cache for cache files, and /var/tmp for temporary files that persist across reboots.

• Log files stored in /var/log record system activities, application events, error messages, and other important information. These logs are critical for monitoring system health, diagnosing issues, and auditing.
• The /var/spool directory is used for storing data that is pending processing, such as print jobs in print queues or incoming emails in mail spools.
• The /var/cache directory is used for storing cached data by applications, which helps improve performance by reducing the need to fetch data repeatedly.
• The /var/tmp directory is used for temporary files that need to persist across reboots. It provides a location for long-term temporary storage that doesn’t get automatically cleaned like /tmp.

Administrators should monitor the /var directory’s space usage, as some logs and caches can grow over time and consume significant disk space.

Conclusion

The best way to learn the Linux file structure is to explore it. So go forth with tree, ls, and cd into uncharted territory. You cannot damage anything just by looking at it.

By familiarizing ourselves with the Linux file structure, we gain insights into the inner workings of the operating system and the organization of its resources. Whether you are a beginner, an advanced user, or a system administrator, this knowledge equips you to navigate the system efficiently, manage software installations, and troubleshoot issues effectively.

As you delve deeper into the world of Linux, understanding the file structure becomes increasingly valuable. The ability to locate critical files, manage software installations, and comprehend the flow of data through the system enhances your overall Linux experience.