Master Linux Filesystem Hierarchy: Complete Guide for Sysadmins

Filesystem Hierarchy Standard (FHS) Overview

The Filesystem Hierarchy Standard (FHS) version 3.0 defines the directory layout for Linux and Unix‑like systems. It ensures portability, maintainability, standardization and compatibility across distributions.

Root Directory (/)

The root directory / is the top of the hierarchy. It must contain the essential directories required for booting and should remain relatively small.

/bin      - basic command binaries
/boot     - boot files
/dev      - device files
/etc      - system configuration files
/lib      - shared libraries
/media    - removable‑media mount points
/mnt      - temporary mount points
/opt      - optional software packages
/proc     - virtual process information filesystem
/root     - root user home directory
/run      - runtime data (tmpfs)
/sbin     - system administration commands
/srv      - service data
/sys      - virtual system information filesystem
/tmp      - temporary files (sticky bit)
/usr      - user programs and data
/var      - variable data such as logs and caches

Core Directories

/bin – Basic command binaries

Contains essential commands required for system startup and available to all users, even in single‑user mode.

ls      # list directory contents
cat     # display file contents
cp      # copy files
mv      # move/rename files
rm      # delete files
mkdir   # create directories
rmdir   # remove empty directories
pwd     # show current directory
grep    # text search
sed     # stream editor
awk     # text processing

/sbin – System administration commands

Commands primarily used by administrators (e.g., fsck, mount, ifconfig, iptables, systemctl).

/usr – User programs and data

Largest directory, containing most user applications, libraries, documentation and source code.

/usr/bin      - user commands
/usr/sbin     - system administration commands
/usr/lib      - libraries
/usr/lib64    - 64‑bit libraries
/usr/include  - C header files
/usr/share    - architecture‑independent data
/usr/local    - locally compiled or manually installed software
/usr/src      - source code

/var – Variable data

Holds data that changes frequently (logs, caches, spools, temporary files).

/var/log      - system logs
/var/cache    - cache data
/var/tmp      - temporary files
/var/spool    - queued tasks (cron, mail, print)
/var/lib      - application state data
/var/run      - runtime data (often a symlink to /run)
/var/lock     - lock files

/etc – System configuration

Central location for configuration files.

/etc/passwd      # user account information
/etc/shadow      # encrypted passwords
/etc/group       # group definitions
/etc/hosts       # static hostname resolution
/etc/fstab       # filesystem table
/etc/crontab    # system cron jobs
/etc/sudoers    # sudo privileges
/etc/ssh/       # SSH configuration directory
/etc/network/   # network configuration
/etc/systemd/    # systemd unit files

/home – User home directories

Each regular user has a sub‑directory under /home with full control over its contents.

/home/username/.bashrc      # bash configuration
/home/username/.bash_profile # login configuration
/home/username/.ssh/        # SSH keys
/home/username/.vimrc       # vim configuration
/home/username/Documents/   # documents
/home/username/Downloads/   # downloads

/root – Root user home

Home directory for the root account, isolated from normal users.

/tmp – Temporary files

World‑writable directory, usually cleared on reboot and protected by the sticky bit.

Device and Virtual Filesystems

/dev – Device files

Special files representing hardware devices.

/dev/sda        # first SCSI disk
/dev/sda1       # first partition of /dev/sda
/dev/null       # discard output
/dev/zero       # endless zeros
/dev/random     # true random numbers
/dev/urandom    # pseudo‑random numbers
/dev/tty        # controlling terminal
/dev/pts/       # pseudo‑terminal directory

/proc – Process information (virtual FS)

Provides runtime system and process information.

/proc/cpuinfo   # CPU details
/proc/meminfo   # memory details
/proc/version   # kernel version
/proc/uptime    # system uptime
/proc/loadavg   # load average
/proc/mounts    # mounted filesystems
/proc/net/      # network statistics
/proc/sys/      # kernel parameters

/sys – System information (sysfs)

Exposes kernel objects, devices and drivers.

/sys/block/      # block device info
/sys/class/      # device class info
/sys/devices/    # device tree
/sys/kernel/     # kernel internals
/sys/module/     # loaded modules

Mount Points and Media

/mnt – Temporary mount point

Used for ad‑hoc mounting of filesystems (e.g., USB drives, NFS shares).

# Mount a USB drive
mkdir /mnt/usb
mount /dev/sdb1 /mnt/usb
# Mount an NFS share
mkdir /mnt/nfs
mount -t nfs server:/path /mnt/nfs
# Unmount
umount /mnt/usb

/media – Automatic mount point for removable media

Managed by desktop environments; each device receives its own sub‑directory.

Optional Software and Service Data

/opt – Optional software packages

Third‑party applications not part of the base system.

/opt/oracle/      # Oracle DB
/opt/google/      # Google tools
/opt/vmware/     # VMware software
/opt/teamviewer/ # TeamViewer

/srv – Service data

Data for services provided by the system.

/srv/www/   # web server data
/srv/ftp/   # FTP data
/srv/git/   # Git repositories

Libraries and Include Files

/lib – Shared libraries for core binaries

/lib/libc.so.6      # C standard library
/lib/libm.so.6      # Math library
/lib/libpthread.so.0 # POSIX threads
/lib/modules/       # Kernel modules

/lib64 – 64‑bit libraries (on 64‑bit systems)

/lib64/            # 64‑bit shared libraries

Boot‑Related Directories

/boot – Kernel and boot loader files

/boot/vmlinuz-*      # kernel image
/boot/initrd.img-*   # initial RAM disk
/boot/System.map-*    # kernel symbol table
/boot/config-*       # kernel configuration
/boot/grub/          # GRUB bootloader

/run – Runtime data (tmpfs)

Temporary filesystem cleared on reboot; stores PID files, sockets, etc.

Directory Permissions and Security

Standard permissions

drwxr-xr-x root root /           # root directory
drwxr-xr-x root root /usr        # user programs
drwxr-xr-x root root /etc        # configuration files
drwxrwxrwt root root /tmp        # temporary files (sticky bit)
drwx------ root root /root       # root's home
drwxr-xr-x root root /home       # user homes

Special permission bits

The sticky bit on directories such as /tmp prevents users from deleting files they do not own.

chmod +t /tmp
chmod 1777 /tmp

Filesystem Mount Strategies

Partition recommendations

/            # root (10‑20 GB)
/boot        # boot (500 MB‑1 GB)
/usr         # user programs (10‑50 GB)
/var         # variable data (10‑100 GB)
/tmp         # temporary files (2‑10 GB)
/home        # user homes (remaining space)
/opt         # optional software (10‑50 GB)

/etc/fstab configuration

Defines filesystems to be mounted automatically at boot. Format: device mountpoint fstype options dump fsck.

# Example /etc/fstab
UUID=xxx-xxx /       ext4    defaults        1 1
UUID=xxx-xxx /boot   ext4    defaults        1 2
UUID=xxx-xxx /home   ext4    defaults        1 2
UUID=xxx-xxx /var    ext4    defaults        1 2
UUID=xxx-xxx /tmp    ext4    defaults,nodev,nosuid,noexec 1 2

Performance Monitoring and Optimization

Directory performance monitoring

# Disk usage
df -h
du -sh /* 2>/dev/null | sort -hr | head -10
# Find large files (>100 M)
find / -type f -size +100M 2>/dev/null
# Inode usage
df -i

Optimization strategies

Separate frequently written directories onto dedicated partitions, choose appropriate filesystem types, and apply mount options such as nodev, nosuid, noexec or tmpfs for high‑performance temporary storage.

# Drop caches (requires root)
echo 1 > /proc/sys/vm/drop_caches   # page cache
echo 2 > /proc/sys/vm/drop_caches   # dentries and inodes
echo 3 > /proc/sys/vm/drop_caches   # all caches

Troubleshooting and Maintenance

Common issues

Disk space exhaustion

# Identify largest directories
du -sh /* 2>/dev/null | sort -hr | head -10
# Find files larger than 1 GB
find / -type f -size +1G 2>/dev/null
# Clean old logs
find /var/log -type f -name "*.log" -mtime +30 -delete

Permission problems

# Inspect permissions
ls -la /path/to/file
# Fix permissions
chmod 755 /path/to/directory
chown user:group /path/to/file

Mount failures

# Check mount status
mount | grep /path
# Force unmount
umount -l /path
fuser -km /path

Maintenance script example

#!/bin/bash
# System health check

echo "=== Disk usage ==="
df -h

echo "=== Large files (>=100M) ==="
find / -type f -size +100M 2>/dev/null | head -10

echo "=== Clean old temporary files ==="
find /tmp -type f -mtime +7 -delete
find /var/tmp -type f -mtime +7 -delete

echo "=== Log sizes ==="
du -sh /var/log/* 2>/dev/null | sort -hr | head -10

echo "=== System load ==="
uptime

Best‑Practice Summary

Directory management

Follow the FHS : keep files in their designated standard locations; avoid placing custom files in system directories.

Plan partitions wisely : separate system, data, logs, and temporary areas to improve security and performance.

Enforce least‑privilege permissions : regularly audit critical directories and apply the minimum required permissions.

Monitor and maintain : schedule regular checks of disk usage, inode consumption, and log growth; clean up stale files promptly.

Security recommendations

Directory permissions : ensure sensitive directories (e.g., /etc, /root) have restrictive modes and audit changes.

Mount options : use nodev, nosuid, noexec for writable locations such as /tmp; consider read‑only mounts for static data.

Monitoring : set alerts for abnormal disk growth or permission changes.

Performance tips

Filesystem choice : select a filesystem suited to the workload (e.g., ext4 for general use, XFS for large files, tmpfs for high‑frequency temporary data).

Mount optimization : apply options like noatime, data=writeback, or use tmpfs for heavily written directories.

Regular maintenance : defragment (if applicable), clean caches, and prune unused files.