Linux directory structure. Important Linux files

Linux file organization considerations

On Linux, the file system is organized differently than on Windows.

The first thing that catches your eye, there are no drives C, D, E and so on.

The second thing that is often talked about, but not quite easy to understand, is that everything in Linux is a file. That is, the files themselves are obviously files; directories are also a special kind of file; physical devices (disks, keyboard, mouse, etc. - these are all files too).

Third, Linux has root. This refers to the root of the file system, which is indicated as ‘/’. Also in Linux there is a main user whose name is also root – don’t confuse them, these are quite different things. By the way, there is also a directory with the name /root. Speaking about the root of the file system, it means ‘/’, not ‘/root’.

Where are C, D, E drives in Linux?

If you ask where the C drive is in Linux, you can find it in two places at once. First, since in Linux all physical devices are files, the C drive will be represented by a file, for example, with the name /dev/sda. The first part of this name - /dev/ - is the directory where the files representing the devices are located (all the directories will be described later). And sda is already the name of the drive itself. If there are several single-type disks, then the following letters are assigned: /dev/sdb, /dev/sdc, etc. The disk name indicates the type of media. For example, the letters ‘sd’ mean Solid Drive, i.e. solid-state storage. If the name is /dev/hda, then the letters ‘hd’ mean Hard Drive.

Let's say the drive name is /dev/hdc, what can you say about it? It can be argued that this is a hard disk and it is the third in the system.

Disks may have other names, for example, I have a system drive called /dev/nvme0n1 - I googled it, it turns out this is a new kind of solid state drives NVM Express (NVMe).

So, have we already found drive C? Not really. The name /dev/sda is just a device designation that involves using the name to control the device itself. For example, if we want to create a new partition on a disk or resize existing ones, then we will open the corresponding program, and as a parameter we will give it the name of the disk we want to work with. We cannot open files by accessing the drive by the name of the form /dev/*

Mount disks in Linux

In Linux, there is such a thing as a ‘mount’ disk. To access the files on this disk, you must first mount it. The question may arise, why such difficulties? I myself thought so, because at the time of my first acquaintance with Linux, it seemed to me something unnecessary and confusing. But mounting is the most powerful thing that allows you to amazingly flexibly configure the file system!

The essence of mounting is that a new directory is created in the file system (an ordinary folder), for example, this is the /mnt/disk_d folder. And then the mount command indicates that now, for example, the /dev/sda drive is mounted in the /mnt/disk_d directory. After that, you can access the files of the drive /dev/sda by opening the folder /mnt/disk_d in any file manager.

Why mount

Using this approach – when any disk can be any folder in the system, you can make very flexible settings. The most common example encountered in practice: user files are stored in the folder /home/username/, for example, I have this /home/mial/ folder. When installing the operating system, I can make sure that my second or third drive (and not the system one) is mounted at the point /home/mial/. That is, the entire operating system will be located on one disk, and all my user files on another. What does it give? In the case of reinstalling the system, I will again configure the disk with my files to be mounted in the /home/mial/ folder and as a result, in my new, just installed system, all my documents, photos and more will already be in place!

Since often the bottleneck in powerful computers is the speed of reading-writing from/to the disk, then on high-load servers it is practiced to transfer database files (for example, /var/lib/mysql/ to another disk), it is possible to transfer server files (/srv/http/) to the third drive, log files (/var/log/httpd/) to another drive, etc. This allows you to ensure that data from the databases are read regardless of the logs, that is, while read-write operations are performed for one process, another process does not need to wait its turn – everything is done simultaneously.

Mounting also allows you to select various modes, for example, a drive can be mounted in read-only mode – as a result, files can be viewed from it, but this drive cannot be damaged.

In general, despite the fact that mounting is something unusual for Windows users, this is an awesome feature! And there is nothing complicated in this, if you understand the essence.

What is the root of the file system?

It is clear that the root of the file system is the main directory in which all the others are located. But what is it in the physical sense? As I already said, disks can be mounted in various places of the file system, removable media and permanent drives are often mounted in /mnt/ or in /media/, as they are specially designed for this (this is clear even from the name). So, the root file system is the point where the system disk is mounted. It can be said that the root of the Linux file system is like roughly the C drive in Windows. Other disks, instead of assigning them the letters D, E, F, etc., are mounted lower in the hierarchy at some points in the file system specified for them.

Linux Directory Description

Next, consider the meaning of all the most important folders (here they are called directories) in the Linux root file system, and also get acquainted with the most important files in them.

To see what directories are in the root of the file system, you can run the command:

ls -l /

Typical Content:

итого 16777269
lrwxrwxrwx   1 root root           7 мая 23 17:18 bin -> usr/bin
drwxr-xr-x   4 root root         512 янв  1  1970 boot
drwxr-xr-x  22 root root        3680 авг 23 03:24 dev
drwxr-xr-x 101 root root        4096 авг 22 16:45 etc
drwxr-xr-x   3 root root        4096 авг  1  2018 home
lrwxrwxrwx   1 root root           7 мая 23 17:18 lib -> usr/lib
lrwxrwxrwx   1 root root           7 мая 23 17:18 lib64 -> usr/lib
drwx------   2 root root       16384 авг  1  2018 lost+found
drwxr-xr-x   5 root root        4096 апр 10 12:44 mnt
drwxr-xr-x  15 root root        4096 авг 13 02:47 opt
dr-xr-xr-x 366 root root           0 авг 23 03:24 proc
drwxr-x---  26 root root        4096 июл 14 05:09 root
drwxr-xr-x  26 root root         620 авг 23 03:24 run
lrwxrwxrwx   1 root root           7 мая 23 17:18 sbin -> usr/bin
drwxr-xr-x   5 root root        4096 авг  1  2018 srv
-rw-------   1 root root 17179869184 фев 25 16:48 swapfile
dr-xr-xr-x  13 root root           0 авг 23 03:24 sys
drwxrwxrwt  17 root root         360 авг 23 04:48 tmp
drwxr-xr-x  10 root root        4096 авг 22 13:31 usr
drwxr-xr-x  12 root root        4096 авг 22 16:45 var

Let's look at the meaning and contents of each folder in Linux.

/bin : All executable binary programs (files) needed during system boot, recovery and repair; files needed to run in single-user mode and other important, basic commands, such as cat, du, df, tar, rpm, wc, history, etc.

/boot : Contains important files for the boot process, including the Linux kernel. In modern systems, during installation, usually a small partition is created on the main disk, which is then mounted in the /boot directory.

/dev : Contains device files for all physical devices on this machine, for example, cdrom, cpu, etc. As we already know, disk files are also located here, in case you need to mount a new disk or removable media. Of the unusual files can be noted:

/dev/null - a kind of black hole. If the running program displays some information, but you do not need it, then you can redirect it to /dev/null, and it will disappear without displaying on the screen.

/dev/zero - returns infinite zeros (sometimes needed)

/dev/random - is a source of random numbers (for example, to fill them with a disk for reliable data deletion)

/dev/stderr, /dev/stdin and /dev/stdout - standard error output, standard input and standard output, respectively. If the program does not support standard input, then /dev/stdin can be used to bypass, this must be specified instead of the file name. If the program only supports saving results to a file, but does not support standard output, then you can specify /dev/stdout as the file name and the results will be output to standard output (on the screen) instead of saving to a file.

/etc : Contains application configuration files as well as Systemd service management files.

That is, the settings of the system, programs and services are stored in this folder. The number of folders and files here may vary depending on the number of installed programs on this system.

Let us consider only some of them that we have to deal with more often than others.

/etc/fstab - static file system information. This file contains information for automatically mounting disks when the computer boots.

Let's look at my file

cat /etc/fstab

Typical Content:

# <file system> <dir> <type> <options> <dump> <pass>
# /dev/nvme0n1p2
UUID=01e4d4f5-698f-4dc2-987b-270499457f48   /           ext4        rw,relatime 0 1
# /dev/nvme0n1p1
UUID=7327-B4E4          /boot       vfat        rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro   0 2
/dev/sda   /mnt/disk_d  ext4    rw,relatime 0   0
/swapfile none swap defaults 0 0

From this file it follows that the /dev/nvme0n1p1 partition (in this case, the disks are designated by their UUID) is mounted on /boot, the /dev/nvme0n1p2 partition is mounted on / (the root of the file system), the /dev/sda drive (it is not divided into partitions) is mounted in /mnt/disk. And there is also the /swapfile file, which acts as a swap (swap file).

/etc/group - user groups

/etc/host.conf - configuration file for resolver

/etc/resolv.conf - another configuration file for resolver, contains a list of DNS servers that the system should access

Example contents of the /etc/resolv.conf file:

cat /etc/resolv.conf
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844

/etc/hosts - a file with information about the IP addresses of the specified hosts.

/etc/mtab - dynamic file system information

/etc/passwd - this file used to store information about user passwords, but now it's just a list of users and information about their shell

/etc/shadow - hashes of user passwords are stored in this file

/etc/profile - a system-wide initialization file for entering the sh shell (here you can specify environment variables or functions that should be available for each user in the terminal after the computer boots up)

/etc/protocols - list of IP protocols

/etc/services - port names for network services

/etc/my.cnf - MySQL/MariaDB configuration file (contains a link to /etc/my.cnf.d)

/etc/my.cnf.d/ - the directory where the MySQL/MariaDB configurations are actually located

/etc/my.cnf.d/client.cnf - MySQL/MariaDB client configuration

/etc/my.cnf.d/server.cnf - MySQL/MariaDB server configuration

/etc/apache2/ - directory with web server settings (when the service is called apache2 - that is, on systems such as Debian and derivatives)

/etc/apache2/conf/httpd.conf - the main Apache configuration file

/etc/apache2/conf/sites-enabled/ - enabled Apache virtual hosts

/etc/httpd/ - the directory with the web server settings (when the service is called httpd - that is, on systems such as Arch Linux and derivatives)

/etc/httpd/conf/httpd.conf - the main Apache configuration file

/etc/httpd/conf/sites-enabled/ - enabled Apache virtual hosts

/etc/php/php.ini - main PHP configuration file

/etc/systemd/ - directory with Systemd files.

/etc/NetworkManager/system-connections/ - network connections that are configured through NetworkManager.

/etc/ssh/ - configuration files and SSH keys

/etc/ssh/ssh_config - SSH client configuration file

/etc/ssh/sshd_config - SSH server configuration file

/etc/ssh/ssh_host_* (/etc/ssh/ssh_host_dsa_key, /etc/ssh/ and others) - SSH keys

/home : home directory of users. Each time a new user is created, a directory is created in the home directory according to the user name (for example, for the mial user it will be /home/mial/), which contains other directories, such as the Desktop, Downloads, Documents, etc.

In some distributions, the path ~/bin (that is, the bin folder in the user's home directory) is added to the $PATH system variable. This means that if you put a file in this folder, it will be available in the console by the file name (you do not need to specify the full path).

The only exception is the root user, his files are stored in the /root directory (more on that below).

/lib : The lib directory contains the kernel modules and shared library images needed to boot the system and run commands on the root file system.

/lost+found : This directory is created during the installation of Linux, useful for recovering files that may be damaged due to an unexpected shutdown. If the program for finding errors in the file system has detected a problem (for example, it has found damaged files), then these files will be moved to this directory.

/media : Mount points for removable media such as CD-ROMs (introduced in FHS-2.3).

/mnt : Mount directory for temporary mounting of file systems (external drives, USB drives, etc.).

/opt : Abbreviation for the word “optional”. Contains third-party software such as Java, cuda, dropbox, metasploit, viber, vuze, etc.

/proc : A virtual and pseudo-file system that contains information about running processes and kernel settings in the form of files. A virtual file system that provides information about processes and the kernel as files. On Linux, it matches mounting procfs. Usually automatically generated and populated by the system on the fly.

Examples of files in the /proc directory:

/proc/partitions - Information about the partitions available on the system.

/proc/stat - Records or various statistics stored since the last reboot.

/proc/swaps - Information about the swap section.

/proc/uptime - Information about uptime (time) (in seconds).

/root : This is the root user home directory and should never be confused with “/”.

The superuser’s home directory (root) is located in /root, and not in /home/root, since the superuser account is intended solely for administering the operating system. This helps to increase the reliability of the system: /root is usually located on the same partition as the system, which allows maintenance and tuning of the operating system by mounting only the root partition.

/run : Information about the system since it was loaded, including data necessary for daemons to work (pid files, UNIX sockets, etc.).

/sbin : Contains binary executables needed by the system administrator for maintenance: iptables, fdisk, ifconfig, swapon, reboot, etc.

/srv : The name of the directory is an abbreviation of "services". This directory contains files related to services. For example, services such as deluge, ftp, http store files here.

/srv/http/ - some distributions (for example, Arch Linux) store web server files here.

/sys : Contains information about devices, drivers, as well as some kernel properties.

Modern Linux distributions include the /sys directory as a virtual file system that stores and allows modification of devices connected to the system.

/sys/block/ - contains disk information

/sys/block/sda/device/model - contains information about the sda disk model

/tmp : System temporary directory accessible by users and root. Saves temporary files for the user and the system, which are deleted at the next boot.

/usr : Contains executable files, documentation, source code, libraries for second-level programs.

/usr/bin - additional programs for all users that are not necessary in single-user mode.

/usr/include - standard header files.

/usr/lib - libraries for programs located in /usr/bin and /usr/sbin.

/usr/local - tertiary hierarchy for data specific to this host. Usually contains subdirectories such as bin, lib, share.

/usr/sbin - additional system programs (such as daemons of various network services).

/usr/share - architecture-independent shared data.

/usr/src - source codes (for example, the kernel source codes are located here).

/var : Directory for variable data. The contents of the files in this directory are expected to grow. This directory contains log files, lock, spool, mail, and temporary files.

/var/cache - application cache. Such data is generated locally as a result of resource-intensive computing or I/O. An application must be able to regenerate this data. These files can be deleted without data loss.

/var/lib - status information. Permanent data changed by programs in the process of work (for example, databases, metadata of a package manager, etc.).

/var/lock - lock files that indicate a resource is busy.

/var/log/ - contains the logs of various programs and services

/var/log/httpd/ - Apache web server logs (in Arch Linux)

/var/log/apache2/ - Apache web server logs (in Debian and derivatives)

/var/mail - user mailboxes.

/var/run - the directory for storing information about the system from the time it was loaded, currently out of date. It is allowed to make it a link to /run. The directory is reserved for backward compatibility with programs that still use the /var/run directory.

/var/spool - tasks waiting to be processed (for example, print queues, unread or unsent letters).

/var/spool/mail - location of user mailboxes (deprecated).

/var/tmp - temporary files that should be saved between reboots.

/var/www/html/ - directory with files of Apache web server websites in Debian and derivative distributions.


If I missed any important directories or files, then write them in the comments!

You will also find more information about directories in the article “What files can be deleted if there is not enough disk space on Linux”.

Last Updated on

Recommended for you:

Leave a Reply

Your email address will not be published.