Linux directory structure. Important Linux files
Linux file organization considerations
On Linux, the file system is organized differently than on Windows.
The first thing that catches your eye, there are no drives C, D, E and so on.
The second thing that is often talked about, but not quite easy to understand, is that everything in Linux is a file. That is, the files themselves are obviously files; directories are also a special kind of file; physical devices (disks, keyboard, mouse, etc. - these are all files too).
Third, Linux has root. This refers to the root of the file system, which is indicated as ‘/’. Also in Linux there is a main user whose name is also root – don’t confuse them, these are quite different things. By the way, there is also a directory with the name /root. Speaking about the root of the file system, it means ‘/’, not ‘/root’.
Where are C, D, E drives in Linux?
If you ask where the C drive is in Linux, you can find it in two places at once. First, since in Linux all physical devices are files, the C drive will be represented by a file, for example, with the name /dev/sda. The first part of this name - /dev/ - is the directory where the files representing the devices are located (all the directories will be described later). And sda is already the name of the drive itself. If there are several single-type disks, then the following letters are assigned: /dev/sdb, /dev/sdc, etc. The disk name indicates the type of media. For example, the letters ‘sd’ mean Solid Drive, i.e. solid-state storage. If the name is /dev/hda, then the letters ‘hd’ mean Hard Drive.
Let's say the drive name is /dev/hdc, what can you say about it? It can be argued that this is a hard disk and it is the third in the system.
Disks may have other names, for example, I have a system drive called /dev/nvme0n1 - I googled it, it turns out this is a new kind of solid state drives NVM Express (NVMe).
So, have we already found drive C? Not really. The name /dev/sda is just a device designation that involves using the name to control the device itself. For example, if we want to create a new partition on a disk or resize existing ones, then we will open the corresponding program, and as a parameter we will give it the name of the disk we want to work with. We cannot open files by accessing the drive by the name of the form /dev/*
Mount disks in Linux
In Linux, there is such a thing as a ‘mount’ disk. To access the files on this disk, you must first mount it. The question may arise, why such difficulties? I myself thought so, because at the time of my first acquaintance with Linux, it seemed to me something unnecessary and confusing. But mounting is the most powerful thing that allows you to amazingly flexibly configure the file system!
The essence of mounting is that a new directory is created in the file system (an ordinary folder), for example, this is the /mnt/disk_d folder. And then the mount command indicates that now, for example, the /dev/sda drive is mounted in the /mnt/disk_d directory. After that, you can access the files of the drive /dev/sda by opening the folder /mnt/disk_d in any file manager.
Why mount
Using this approach – when any disk can be any folder in the system, you can make very flexible settings. The most common example encountered in practice: user files are stored in the folder /home/username/, for example, I have this /home/mial/ folder. When installing the operating system, I can make sure that my second or third drive (and not the system one) is mounted at the point /home/mial/. That is, the entire operating system will be located on one disk, and all my user files on another. What does it give? In the case of reinstalling the system, I will again configure the disk with my files to be mounted in the /home/mial/ folder and as a result, in my new, just installed system, all my documents, photos and more will already be in place!
Since often the bottleneck in powerful computers is the speed of reading-writing from/to the disk, then on high-load servers it is practiced to transfer database files (for example, /var/lib/mysql/ to another disk), it is possible to transfer server files (/srv/http/) to the third drive, log files (/var/log/httpd/) to another drive, etc. This allows you to ensure that data from the databases are read regardless of the logs, that is, while read-write operations are performed for one process, another process does not need to wait its turn – everything is done simultaneously.
Mounting also allows you to select various modes, for example, a drive can be mounted in read-only mode – as a result, files can be viewed from it, but this drive cannot be damaged.
In general, despite the fact that mounting is something unusual for Windows users, this is an awesome feature! And there is nothing complicated in this, if you understand the essence.
What is the root of the file system?
It is clear that the root of the file system is the main directory in which all the others are located. But what is it in the physical sense? As I already said, disks can be mounted in various places of the file system, removable media and permanent drives are often mounted in /mnt/ or in /media/, as they are specially designed for this (this is clear even from the name). So, the root file system is the point where the system disk is mounted. It can be said that the root of the Linux file system is like roughly the C drive in Windows. Other disks, instead of assigning them the letters D, E, F, etc., are mounted lower in the hierarchy at some points in the file system specified for them.
Linux Directory Description
Next, consider the meaning of all the most important folders (here they are called directories) in the Linux root file system, and also get acquainted with the most important files in them.
To see what directories are in the root of the file system, you can run the command:
ls -l /
Typical Content:
итого 16777269 lrwxrwxrwx 1 root root 7 мая 23 17:18 bin -> usr/bin drwxr-xr-x 4 root root 512 янв 1 1970 boot drwxr-xr-x 22 root root 3680 авг 23 03:24 dev drwxr-xr-x 101 root root 4096 авг 22 16:45 etc drwxr-xr-x 3 root root 4096 авг 1 2018 home lrwxrwxrwx 1 root root 7 мая 23 17:18 lib -> usr/lib lrwxrwxrwx 1 root root 7 мая 23 17:18 lib64 -> usr/lib drwx------ 2 root root 16384 авг 1 2018 lost+found drwxr-xr-x 5 root root 4096 апр 10 12:44 mnt drwxr-xr-x 15 root root 4096 авг 13 02:47 opt dr-xr-xr-x 366 root root 0 авг 23 03:24 proc drwxr-x--- 26 root root 4096 июл 14 05:09 root drwxr-xr-x 26 root root 620 авг 23 03:24 run lrwxrwxrwx 1 root root 7 мая 23 17:18 sbin -> usr/bin drwxr-xr-x 5 root root 4096 авг 1 2018 srv -rw------- 1 root root 17179869184 фев 25 16:48 swapfile dr-xr-xr-x 13 root root 0 авг 23 03:24 sys drwxrwxrwt 17 root root 360 авг 23 04:48 tmp drwxr-xr-x 10 root root 4096 авг 22 13:31 usr drwxr-xr-x 12 root root 4096 авг 22 16:45 var
Let's look at the meaning and contents of each folder in Linux.
/bin : All executable binary programs (files) needed during system boot, recovery and repair; files needed to run in single-user mode and other important, basic commands, such as cat, du, df, tar, rpm, wc, history, etc.
/boot : Contains important files for the boot process, including the Linux kernel. In modern systems, during installation, usually a small partition is created on the main disk, which is then mounted in the /boot directory.
/dev : Contains device files for all physical devices on this machine, for example, cdrom, cpu, etc. As we already know, disk files are also located here, in case you need to mount a new disk or removable media.
/dev/disk – contains 4 subdirectories: by-id, by-partuuid, by-path and by-uuid. These lists the unique identifiers of disks and partitions of storage devices by which the disks can also be accessed, for example, in the /etc/fstab file. See the article “Persistent names for block devices” for details.
/dev/nvme* – NVM Express (NVMe) devices, for example, /dev/nvme0n1. These are types of SSD drives
/dev/null - a kind of black hole. If the running program displays some information, but you do not need it, then you can redirect it to /dev/null, and it will disappear without displaying on the screen.
/dev/random - is a source of random numbers (for example, to fill them with a disk for reliable data deletion)
/dev/sdX – block devices, which include internal disks, USB flash drives and memory cards, as well as memory cards. Names use the letters a, b, c, and so on instead of X, for example /dev/sda and /dev/sdb.
/dev/stderr, /dev/stdin and /dev/stdout - standard error output, standard input and standard output, respectively. If the program does not support standard input, then /dev/stdin can be used to bypass, this must be specified instead of the file name. If the program only supports saving results to a file, but does not support standard output, then you can specify /dev/stdout as the file name and the results will be output to standard output (on the screen) instead of saving to a file.
/dev/zero - returns infinite zeros (sometimes needed)
/etc : Contains application configuration files as well as Systemd service management files.
That is, the settings of the system, programs and services are stored in this folder. The number of folders and files here may vary depending on the number of installed programs on this system.
Let us consider only some of them that we have to deal with more often than others.
/etc/anacrontab – cron file
/etc/bashrc – the system-wide bash per-interactive-shell startup file
/etc/cron.hourly/ – cron file
/etc/cron.daily/ – cron file
/etc/cron.weekly/ – cron file
/etc/cron.monthly/ – cron file
/etc/cron.d/ – cron directory
/etc/crypttab – analogue of /etc/fstab for encrypted disks, that is, it contains the configuration for encrypted block devices
/etc/fstab - static file system information. This file contains information for automatically mounting disks when the computer boots.
Let's look at my file
cat /etc/fstab
Typical Content:
# <file system> <dir> <type> <options> <dump> <pass> # /dev/nvme0n1p2 UUID=01e4d4f5-698f-4dc2-987b-270499457f48 / ext4 rw,relatime 0 1 # /dev/nvme0n1p1 UUID=7327-B4E4 /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 2 /dev/sda /mnt/disk_d ext4 rw,relatime 0 0 /swapfile none swap defaults 0 0
From this file it follows that the /dev/nvme0n1p1 partition (in this case, the disks are designated by their UUID) is mounted on /boot, the /dev/nvme0n1p2 partition is mounted on / (the root of the file system), the /dev/sda drive (it is not divided into partitions) is mounted in /mnt/disk. And there is also the /swapfile file, which acts as a swap (swap file).
/etc/group - user groups
/etc/host.conf - configuration file for resolver
/etc/resolv.conf - another configuration file for resolver, contains a list of DNS servers that the system should access
Example contents of the /etc/resolv.conf file:
cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4 nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844
/etc/hosts - a file with information about the IP addresses of the specified hosts.
/etc/mtab - dynamic file system information
/etc/passwd - this file used to store information about user passwords, but now it's just a list of users and information about their shell
/etc/shadow - hashes of user passwords are stored in this file
/etc/profile - a system-wide initialization file for entering the sh shell (here you can specify environment variables or functions that should be available for each user in the terminal after the computer boots up)
/etc/profile.d/* - directory containing system-wide startup scripts
/etc/protocols - list of IP protocols
/etc/services - port names for network services
/etc/my.cnf - MySQL/MariaDB configuration file (contains a link to /etc/my.cnf.d)
/etc/my.cnf.d/ - the directory where the MySQL/MariaDB configurations are actually located
/etc/my.cnf.d/client.cnf - MySQL/MariaDB client configuration
/etc/my.cnf.d/server.cnf - MySQL/MariaDB server configuration
/etc/apache2/ - directory with web server settings (when the service is called apache2 - that is, on systems such as Debian and derivatives)
/etc/apache2/conf/httpd.conf - the main Apache configuration file
/etc/apache2/conf/sites-enabled/ - enabled Apache virtual hosts
/etc/httpd/ - the directory with the web server settings (when the service is called httpd - that is, on systems such as Arch Linux and derivatives)
/etc/httpd/conf/httpd.conf - the main Apache configuration file
/etc/httpd/conf/sites-enabled/ - enabled Apache virtual hosts
/etc/php/php.ini - main PHP configuration file
/etc/systemd/ - directory with Systemd files.
/etc/NetworkManager/system-connections/ - network connections that are configured through NetworkManager.
/etc/ssh/ - configuration files and SSH keys
/etc/ssh/ssh_config - SSH client configuration file
/etc/ssh/sshd_config - SSH server configuration file
/etc/ssh/ssh_host_* (/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_dsa_key.pub and others) - SSH keys
/home : home directory of users. Each time a new user is created, a directory is created in the home directory according to the user name (for example, for the mial user it will be /home/mial/), which contains other directories, such as the Desktop, Downloads, Documents, etc.
In some distributions, the path ~/bin (that is, the bin folder in the user's home directory) is added to the $PATH system variable. This means that if you put a file in this folder, it will be available in the console by the file name (you do not need to specify the full path).
The only exception is the root user, his files are stored in the /root directory (more on that below).
~/.bashrc – user-specific startup script
~/.bash_login – user-specific startup script
~/.bash_profile – user-specific startup script
~/.profile – user-specific startup script
~/.bash_history – history of commands entered by the user
~/.ssh/ – keys and other files of the SSH client
Similar files are also contained in the /root/ directory.
/lib : The lib directory contains the kernel modules and shared library images needed to boot the system and run commands on the root file system.
/lost+found : This directory is created during the installation of Linux, useful for recovering files that may be damaged due to an unexpected shutdown. If the program for finding errors in the file system has detected a problem (for example, it has found damaged files), then these files will be moved to this directory.
/media : Mount points for removable media such as CD-ROMs (introduced in FHS-2.3).
/mnt : Mount directory for temporary mounting of file systems (external drives, USB drives, etc.).
/opt : Abbreviation for the word “optional”. Contains third-party software such as Java, cuda, dropbox, metasploit, viber, vuze, etc.
/proc : A virtual and pseudo-file system that contains information about running processes and kernel settings in the form of files. A virtual file system that provides information about processes and the kernel as files. On Linux, it matches mounting procfs. Usually automatically generated and populated by the system on the fly.
Examples of files in the /proc directory:
/proc/partitions - Information about the partitions available on the system.
/proc/stat - Records or various statistics stored since the last reboot.
/proc/swaps - Information about the swap section.
/proc/uptime - Information about uptime (time) (in seconds).
/root : This is the root user home directory and should never be confused with “/”.
The superuser’s home directory (root) is located in /root, and not in /home/root, since the superuser account is intended solely for administering the operating system. This helps to increase the reliability of the system: /root is usually located on the same partition as the system, which allows maintenance and tuning of the operating system by mounting only the root partition.
/run : Information about the system since it was loaded, including data necessary for daemons to work (pid files, UNIX sockets, etc.).
/sbin : Contains binary executables needed by the system administrator for maintenance: iptables, fdisk, ifconfig, swapon, reboot, etc.
/srv : The name of the directory is an abbreviation of "services". This directory contains files related to services. For example, services such as deluge, ftp, http store files here.
/srv/http/ - some distributions (for example, Arch Linux) store web server files here.
/sys : Contains information about devices, drivers, as well as some kernel properties.
Modern Linux distributions include the /sys directory as a virtual file system that stores and allows modification of devices connected to the system.
/sys/block/ - contains disk information
/sys/block/sda/device/model - contains information about the sda disk model
/tmp : System temporary directory accessible by users and root. Saves temporary files for the user and the system, which are deleted at the next boot.
/usr : Contains executable files, documentation, source code, libraries for second-level programs.
/usr/bin - additional programs for all users that are not necessary in single-user mode.
/usr/include - standard header files.
/usr/lib - libraries for programs located in /usr/bin and /usr/sbin.
/usr/local - tertiary hierarchy for data specific to this host. Usually contains subdirectories such as bin, lib, share.
/usr/sbin - additional system programs (such as daemons of various network services).
/usr/share - architecture-independent shared data.
/usr/src - source codes (for example, the kernel source codes are located here).
/var : Directory for variable data. The contents of the files in this directory are expected to grow. This directory contains log files, lock, spool, mail, and temporary files.
/var/cache - application cache. Such data is generated locally as a result of resource-intensive computing or I/O. An application must be able to regenerate this data. These files can be deleted without data loss.
/var/lib - status information. Permanent data changed by programs in the process of work (for example, databases, metadata of a package manager, etc.).
/var/lock - lock files that indicate a resource is busy.
/var/log/ - contains the logs of various programs and services
/var/log/apache2/ - Apache web server logs (in Debian and derivatives)
/var/log/httpd/ - Apache web server logs (in Arch Linux)
/var/log/wtmp (on some systems /var/log/utmp) – file containing log entries. You can view the records with the command “last”
/var/mail - user mailboxes.
/var/run - the directory for storing information about the system from the time it was loaded, currently out of date. It is allowed to make it a link to /run. The directory is reserved for backward compatibility with programs that still use the /var/run directory.
/var/spool - tasks waiting to be processed (for example, print queues, unread or unsent letters).
/var/spool/cron/ – one of the locations of periodically run cron tasks
/var/spool/cron/crontabs/ – one of the locations for periodically run cron tasks
/var/spool/mail - location of user mailboxes (deprecated).
/var/tmp - temporary files that should be saved between reboots.
/var/www/html/ - directory with files of Apache web server websites in Debian and derivative distributions.
Conclusion
If I missed any important directories or files, then write them in the comments!
You will also find more information about directories in the article “What files can be deleted if there is not enough disk space on Linux”.
Related articles:
- How to install Java 9 (JDK 9, JRE 9) on Linux (100%)
- How to install NetBeans 9 for JDK 9 development (100%)
- testssl.sh: No cipher mapping file found and No TLS data file found (SOLVED) (100%)
- How to Install Total Commander Counterpart in Kali Linux (100%)
- How to install Intercepter-NG in Linux (100%)
- Active Directory comprehensive guide, from installation and configuration to security auditing. Part 6: Active Directory configuration tools and snap-ins (RANDOM - 50%)