Mastering the Linux Directory Hierarchy: A Complete Guide for Sysadmins

Linux Directory Hierarchy Explained

The Linux file system uses a hierarchical directory structure that follows the Unix philosophy of "everything is a file." Understanding the Linux directory hierarchy is crucial for system administrators, operations engineers, and developers because it affects system organization, maintainability, security, and performance.

This article delves into the Linux directory hierarchy, covering the standard layout, practical use cases, best practices, and solutions to common issues.

1. Linux Directory Hierarchy Standard (FHS) Overview

1.1 What Is FHS

The Filesystem Hierarchy Standard (FHS) defines the directory structure and contents for Linux and other Unix-like operating systems. The current version is FHS 3.0, maintained by the Linux Foundation.

1.2 Importance of FHS

The FHS standard ensures consistency across Linux distributions, providing several benefits:

Portability : Software and scripts run seamlessly on different Linux distributions.

Maintainability : Administrators can quickly locate files and configurations.

Standardization : Reduces learning curve and improves work efficiency.

Compatibility : Guarantees that applications can find required files.

2. Root Directory (/) Details

The root directory is the starting point of the Linux file system; all other directories are its subdirectories. Key characteristics:

Represented by a single slash (/).

Top-level directory of the file system.

Typically contains the most essential files needed to boot the system.

Should remain relatively small in size.

2.1 Root Directory Content Requirements

/bin      - Essential command binaries
/boot     - Boot files
/dev      - Device files
/etc      - System configuration files
/lib      - Shared library files
/media    - Mount points for removable media
/mnt      - Temporary mount points
/opt      - Optional software packages
/proc     - Virtual file system for process information
/root     - Home directory for the root user
/run      - Runtime data
/sbin     - System administration commands
/srv      - Service data
/sys      - Virtual file system for system information
/tmp      - Temporary files
/usr      - User programs
/var      - Variable data

3. Core Directory Detailed Analysis

3.1 /bin – Essential Command Binaries

/bin

contains basic commands available to all users, required even in single‑user mode.

Key Features:

Contains commands needed for system boot and operation.

Available to all users.

Must be usable even if other file systems are not mounted.

Common Commands:

ls      # List directory contents
cat     # Display file contents
cp      # Copy files
mv      # Move/rename files
rm      # Delete files
mkdir   # Create directories
rmdir   # Remove empty directories
pwd     # Show current directory
grep    # Text search
sed     # Stream editor
awk     # Text processing tool

Operations Practice:

# List commands in /bin
ls -la /bin | head -20
# Locate command path
which ls
type ls
# Check if command is a symbolic link
ls -l /bin/sh

3.2 /sbin – System Administration Commands

/sbin

holds commands primarily used by system administrators, often requiring root privileges.

Key Features:

Primarily for system administrators.

Contains commands for system boot, repair, and recovery.

Usually not in the PATH for regular users.

Common Commands:

fsck    # Filesystem check
mount   # Mount a filesystem
umount   # Unmount a filesystem
ifconfig # Network interface configuration
iptables # Firewall configuration
service  # Service management
systemctl # systemd service management

Operations Practice:

# List boot‑related commands
ls /sbin/*boot*
# List network‑related commands
ls /sbin/ip*
ls /sbin/if*
# List filesystem‑related commands
ls /sbin/fs*
ls /sbin/mount*

3.3 /usr – User Programs

/usr

is one of the largest directories, containing user programs, libraries, documentation, and more.

Directory Structure:

/usr/bin      - User commands
/usr/sbin     - System administration commands
/usr/lib      - Library files
/usr/lib64    - 64‑bit library files
/usr/include  - C header files
/usr/share    - Shared data
/usr/local    - Locally installed software
/usr/src      - Source code

/usr/bin – User Commands

gcc      # C compiler
python   # Python interpreter
vim      # Text editor
ssh      # Secure shell
wget     # Network download tool
curl     # Data transfer tool

/usr/sbin – System Administration Commands

cron     # Scheduled task daemon
sshd     # SSH daemon
httpd    # HTTP server
nginx    # Web server

/usr/local – Locally Installed Software

/usr/local/bin   - Local commands
/usr/local/sbin  - Local system commands
/usr/local/lib   - Local libraries
/usr/local/share - Local shared data
/usr/local/etc   - Local configuration files

Operations Practice:

# Count user commands
ls -la /usr/bin | wc -l
# List locally installed software
ls /usr/local/bin
ls /usr/local/sbin
# List system libraries
ls /usr/lib | grep "\.so"

3.4 /var – Variable Data

/var

holds frequently changing data such as logs, caches, and temporary files.

Important Subdirectories:

/var/log      - System logs
/var/cache    - Cache data
/var/tmp      - Temporary files
/var/spool    - Queue files
/var/lib      - Application data
/var/run      - Runtime data (usually symlinked to /run)
/var/lock     - Lock files

Operations Practice:

# Check log file sizes
du -sh /var/log/*
# View recent system messages
tail -f /var/log/messages
# Clean up old temporary files
find /var/tmp -type f -mtime +7 -delete
# Check cache usage
du -sh /var/cache/*

3.5 /etc – System Configuration Files

/etc

contains configuration files and is the core directory for system management.

Important Configuration Files:

/etc/passwd      # User account information
/etc/shadow      # User password information
/etc/group       # User group information
/etc/hosts       # Hostname resolution
/etc/fstab       # Filesystem table
/etc/crontab     # System scheduled tasks
/etc/sudoers     # sudo permissions
/etc/ssh/       # SSH configuration directory
/etc/network/   # Network configuration directory
/etc/systemd/   # systemd configuration directory

Operations Practice:

# Backup critical configuration files
cp /etc/fstab /etc/fstab.backup.$(date +%Y%m%d)
# List all users
cat /etc/passwd | grep -v nologin
# Check network configuration
cat /etc/hosts
cat /etc/resolv.conf
# List system services
ls /etc/systemd/system/

3.6 /home – User Home Directories

/home

contains the home directories of all regular users.

Features:

Each user has an independent subdirectory.

Users have full control over their own home directories.

Contains personal files and configuration.

Common Structure:

/home/username/.bashrc      # Bash configuration
/home/username/.bash_profile # Bash login configuration
/home/username/.ssh/       # SSH keys
/home/username/.vimrc       # Vim configuration
/home/username/Documents/  # Documents
/home/username/Downloads/   # Downloads

Operations Practice:

# Show size of each user's home directory
du -sh /home/*
# List contents of a specific home directory
ls -la /home/username/
# Set quota for a user
quota -u username

3.7 /root – Root User Home Directory

/root

is the home directory for the root user, separate from /home.

Features:

Only accessible by the root user.

Contains root's personal files and configuration.

Usually holds system administration scripts.

Operations Practice:

# List root's home directory contents
ls -la /root/
# View root's bash configuration
cat /root/.bashrc
cat /root/.bash_profile

3.8 /tmp – Temporary Files

/tmp

is used for temporary files.

Features:

All users can create temporary files.

Usually cleared on system reboot.

Typically has the sticky bit set.

Operations Practice:

# Check permissions of /tmp
ls -ld /tmp
# Clean up old temporary files
find /tmp -type f -mtime +7 -delete
# Monitor /tmp size
du -sh /tmp

4. Device and Virtual File Systems

4.1 /dev – Device Files

/dev

contains device files that represent hardware devices.

Important Device Files:

/dev/sda        # First SCSI disk
/dev/sda1       # First partition of the first SCSI disk
/dev/null       # Null device
/dev/zero       # Zero device
/dev/random     # Random number generator
/dev/urandom    # Pseudo‑random number generator
/dev/tty        # Controlling terminal
/dev/pts/       # Pseudo‑terminal directory

Operations Practice:

# List block devices
lsblk
# Show device files for disks
ls -la /dev/sd*
# Show terminal devices
ls -la /dev/tty*
# Write zeros to a test file
dd if=/dev/zero of=/tmp/testfile bs=1M count=10

4.2 /proc – Process Information Virtual File System

/proc

provides system and process information.

Important Files:

/proc/cpuinfo   # CPU information
/proc/meminfo   # Memory information
/proc/version   # Kernel version
/proc/uptime    # System uptime
/proc/loadavg   # System load average
/proc/mounts    # Mounted filesystems
/proc/net/      # Network statistics
/proc/sys/      # System parameters

Operations Practice:

# View CPU info
cat /proc/cpuinfo
# View memory info
cat /proc/meminfo
# View kernel version
cat /proc/version
# List process IDs
ls /proc/ | grep -E "^[0-9]+$"
# View command line of PID 1
cat /proc/1/cmdline
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

4.3 /sys – System Information Virtual File System

/sys

(sysfs) provides device and kernel information.

Important Directories:

/sys/block/      # Block device information
/sys/class/      # Device class information
/sys/devices/    # Device tree information
/sys/kernel/     # Kernel information
/sys/module/     # Module information

Operations Practice:

# List block devices
ls /sys/block/
# List network devices
ls /sys/class/net/
# List loaded modules
ls /sys/module/

5. Mount Points and Media

5.1 /mnt – Temporary Mount Point

/mnt

is used for temporary mounting of filesystems.

Use Cases:

Temporarily mount external storage devices.

Mount network filesystems.

Temporary mounts during system maintenance.

Operations Practice:

# Create mount point and mount a USB drive
mkdir /mnt/usb
mount /dev/sdb1 /mnt/usb
# Mount an NFS share
mkdir /mnt/nfs
mount -t nfs server:/path /mnt/nfs
# Unmount
umount /mnt/usb

5.2 /media – Removable Media Mount Points

/media

is used for automatically mounting removable media devices.

Features:

Usually managed automatically by the system.

Each device gets its own subdirectory.

Supports hot‑plug devices.

Operations Practice:

# List mounted media devices
ls /media/
# Show mount status for media
mount | grep /media

6. Applications and Optional Software

6.1 /opt – Optional Software Packages

/opt

is used to install optional application packages.

Features:

Typically for third‑party software.

Each package occupies its own subdirectory.

Does not affect core system files.

Typical Structure:

/opt/oracle/      # Oracle database
/opt/google/      # Google software
/opt/vmware/      # VMware software
/opt/teamviewer/  # TeamViewer software

Operations Practice:

# List installed optional software
ls /opt/
# Create a directory for a custom app
mkdir /opt/myapp

6.2 /srv – Service Data

/srv

contains data provided by system services.

Use Cases:

Web server document root.

FTP server data.

Other network service data.

Typical Structure:

/srv/www/      # Web service data
/srv/ftp/      # FTP service data
/srv/git/      # Git repositories

Operations Practice:

# List service data directories
ls /srv/
# Create a directory for a new service
mkdir /srv/myservice

7. Library Files and Header Files

7.1 /lib – Shared Library Files

/lib

holds shared libraries required by programs in /bin and /sbin.

Important Files:

/lib/libc.so.6      # C standard library
/lib/libm.so.6      # Math library
/lib/libpthread.so.0 # Thread library
/lib/modules/       # Kernel modules

Operations Practice:

# Show library dependencies of a binary
ldd /bin/ls
# List kernel modules for the current kernel
ls /lib/modules/$(uname -r)/
# Load a kernel module
modprobe modulename

7.2 /lib64 – 64‑bit Library Files

On 64‑bit systems, /lib64 contains 64‑bit libraries.

Operations Practice:

# List 64‑bit libraries
ls /lib64/
# Verify system architecture
uname -m
file /lib64/libc.so.6

8. Boot‑Related Directories

8.1 /boot – Boot Files

/boot

contains the Linux kernel and files needed for the boot process.

Important Files:

/boot/vmlinuz-*      # Kernel image
/boot/initrd.img-*   # Initial RAM disk
/boot/System.map-*   # Kernel symbol table
/boot/config-*       # Kernel configuration
/boot/grub/          # GRUB bootloader

Operations Practice:

# List boot files
ls -la /boot/
# View GRUB configuration
cat /boot/grub/grub.cfg
# Update GRUB configuration
update-grub

8.2 /run – Runtime Data

/run

holds runtime data for the system.

Features:

Usually a tmpfs filesystem.

Cleared on reboot.

Contains PID files, socket files, etc.

Operations Practice:

# List runtime data
ls /run/
# Show service PID files
ls /run/*.pid

9. Directory Permissions and Security

9.1 Standard Directory Permissions

Different directories have specific permission settings that are critical for system security.

Typical Permission Settings:

drwxr-xr-x root root /            # Root directory
drwxr-xr-x root root /usr         # User programs
drwxr-xr-x root root /etc         # Configuration files
drwxrwxrwt root root /tmp         # Temporary files (sticky bit)
drwx------ root root /root        # Root's home directory
drwxr-xr-x root root /home        # User home directories

Operations Practice:

# Check permissions of critical directories
ls -ld /tmp /var/tmp
ls -ld /etc /usr /var
# Fix permission issues
chmod 1777 /tmp
chmod 755 /usr
chmod 750 /root

9.2 Special Permission Bits

Some directories use special permission bits to enhance security.

Sticky Bit:

Set on directories.

Only the file owner can delete their own files.

Typical use: /tmp directory.

Set Sticky Bit:

# Set sticky bit on /tmp
chmod +t /tmp
chmod 1777 /tmp

10. Filesystem Mount Strategies

10.1 Partition Mount Recommendations

A reasonable partitioning strategy improves performance and security.

Recommended Mount Points:

/            # Root partition (10‑20 GB)
/boot        # Boot partition (500 MB‑1 GB)
/usr         # User programs (10‑50 GB)
/var         # Variable data (10‑100 GB)
/tmp         # Temporary files (2‑10 GB)
/home        # User home directories (remaining space)
/opt         # Optional software (10‑50 GB)

Operations Practice:

# View current mount status
df -h
mount | column -t
# Show partition usage
du -sh /* 2>/dev/null | sort -hr

10.2 fstab Configuration

/etc/fstab

defines filesystems to be automatically mounted at boot.

fstab Format:

device   mountpoint   fstype   options   dump   fsck

Example Configuration:

# /etc/fstab
UUID=xxx-xxx /          ext4   defaults          1 1
UUID=xxx-xxx /boot      ext4   defaults          1 2
UUID=xxx-xxx /home      ext4   defaults          1 2
UUID=xxx-xxx /var       ext4   defaults          1 2
UUID=xxx-xxx /tmp       ext4   defaults,nodev,nosuid,noexec 1 2

Operations Practice:

# Verify fstab syntax
mount -a
# Remount a filesystem
mount -o remount /home
# Show UUIDs of devices
blkid

11. Performance Optimization and Monitoring

11.1 Directory Performance Monitoring

Monitoring directory usage is essential for system performance.

Disk Usage Monitoring:

# Monitor disk usage
df -h
du -sh /* 2>/dev/null | sort -hr
# Find large files
find / -type f -size +100M 2>/dev/null
# Monitor inode usage
df -i

I/O Monitoring:

# Monitor I/O activity
iostat -x 1
iotop
# View process I/O
pidstat -d 1

11.2 Directory Optimization Strategies

Optimization strategies include separating frequently written directories, using appropriate filesystems, and setting proper mount options.

Cache Optimization:

# Clear page cache
echo 1 > /proc/sys/vm/drop_caches
# Clear dentries and inodes
echo 2 > /proc/sys/vm/drop_caches
# Clear all caches
echo 3 > /proc/sys/vm/drop_caches

12. Troubleshooting and Maintenance

12.1 Common Issue Diagnosis

Disk Space Exhaustion:

# Find largest directories
du -sh /* 2>/dev/null | sort -hr | head -10
# Find large files
find / -type f -size +1G 2>/dev/null
# Clean old log files
find /var/log -type f -name "*.log" -mtime +30 -delete

Permission Problems:

# Check file permissions
ls -la /path/to/file
# Fix permissions
chmod 755 /path/to/directory
chown user:group /path/to/file

Mount Issues:

# Check mount status
mount | grep /path
# Force unmount
umount -l /path
fuser -km /path

12.2 System Maintenance Scripts

Example daily maintenance script:

#!/bin/bash
# System maintenance script

echo "=== Disk Usage ==="
df -h

echo "=== Large Files ==="
find / -type f -size +100M 2>/dev/null | head -10

echo "=== Clean Temporary Files ==="
find /tmp -type f -mtime +7 -delete
find /var/tmp -type f -mtime +7 -delete

echo "=== Log File Sizes ==="
du -sh /var/log/* 2>/dev/null | sort -hr | head -10

echo "=== System Load ==="
uptime

13. Best‑Practice Summary

13.1 Directory Management Best Practices

Follow the FHS Standard

Organize files strictly according to FHS.

Avoid placing custom files in standard directories.

Plan Partitions Reasonably

Separate system and data partitions.

Allocate independent partitions for frequently changing directories.

Permission Management

Regularly audit permissions of critical directories.

Apply the principle of least privilege.

Monitoring and Maintenance

Regularly monitor disk usage.

Promptly clean temporary files and logs.

13.2 Security Recommendations

Directory Permissions

Ensure sensitive directories have correct permissions.

Audit file permissions regularly.

Mount Options

Use nodev, nosuid, noexec for temporary directories.

Consider read‑only mounts for certain directories.

Monitoring

Watch for abnormal disk usage growth.

Monitor permission changes.

13.3 Performance Optimization Recommendations

Filesystem Choice

Select appropriate filesystem based on workload.

Consider hybrid storage with SSDs and HDDs.

Mount Optimization

Use suitable mount options.

Consider tmpfs for frequently read/write directories.

Maintenance Strategy

Regularly defragment or clean up filesystems.

Promptly remove unnecessary files.

Conclusion

The Linux directory hierarchy is the foundation of a Linux system. A deep understanding of this structure is essential for system administrators and operations engineers. By adhering to the FHS standard, implementing sensible partitioning, maintaining proper permissions, and performing regular monitoring and maintenance, you can ensure that Linux systems remain stable, secure, and efficient.

As containerization evolves, the traditional directory hierarchy continues to adapt, but its core principles and best practices remain applicable. Mastery of these concepts provides a solid foundation for effective Linux system management.