Mastering the Linux Filesystem Hierarchy: A Complete Guide for Sysadmins

Introduction

The Linux file system follows a hierarchical directory layout that embodies the Unix philosophy of "everything is a file." Understanding this structure is essential for system administrators, operations engineers, and developers because it directly affects system organization, maintainability, security, and performance.

1. Linux Directory Hierarchy Standard (FHS) Overview

1.1 What Is FHS

The Filesystem Hierarchy Standard (FHS) defines the directory structure and expected contents for Linux and other Unix‑like operating systems. The current version is FHS 3.0, maintained by the Linux Foundation.

1.2 Why FHS Matters

FHS provides a consistent layout across distributions, offering several benefits:

Portability : software and scripts run unchanged on different Linux distributions.

Maintainability : administrators can quickly locate files and configuration data.

Standardization : reduces learning curve and improves efficiency.

Compatibility : ensures applications can find required resources.

2. Root Directory (/)

The root directory is the starting point of the filesystem; all other directories are its sub‑directories. Key characteristics include:

Represented by a single slash (/).

Top‑level directory of the filesystem.

Contains the most basic files required to boot the system.

Should remain relatively small.

2.1 Required Root Contents

/bin     - Essential command binaries
/boot    - Boot loader files
/dev     - Device nodes
/etc     - System configuration files
/lib     - Shared libraries
/media   - Mount points for removable media
/mnt     - Temporary mount points
/opt     - Optional software packages
/proc    - Virtual process information filesystem
/root    - Home directory of the root user
/run     - Runtime data
/sbin    - System administration commands
/srv     - Service data
/sys     - Virtual system information filesystem
/tmp     - Temporary files
/usr     - User programs and data
/var     - Variable data such as logs and caches

3. Core Directories Detailed

3.1 /bin – Essential Command Binaries

Contains commands that must be available in single‑user mode and to all users.

Key characteristics:

Basic commands needed for system start‑up and operation.

Available to all users.

Must be usable even if other filesystems are not mounted.

Common commands:

ls      # list directory contents
cat     # display file contents
cp      # copy files
mv      # move/rename files
rm      # delete files
mkdir   # create directories
rmdir   # remove empty directories
pwd     # show current directory
grep    # text search
sed     # stream editor
awk     # text processing

Ops practice:

# List first 20 entries in /bin
ls -la /bin | head -20
# Show the full path of a command
which ls
# Show command type
type ls
# Check if /bin/sh is a symbolic link
ls -l /bin/sh

3.2 /sbin – System Administration Commands

Holds commands primarily used by the system administrator, often requiring root privileges.

Key characteristics:

Intended for system administration.

Contains boot, repair, and recovery utilities.

Usually not in regular users' PATH.

Common commands:

fsck    # filesystem check
mount   # mount a filesystem
umount  # unmount a filesystem
ifconfig# network interface configuration
iptables# firewall configuration
service # service management
systemctl# systemd service management

Ops practice:

# List boot‑related commands in /sbin
ls -la /sbin/*boot*
# List network‑related commands
ls -la /sbin/ip*
ls -la /sbin/if*
# List filesystem‑related commands
ls -la /sbin/fs*
ls -la /sbin/mount*

3.3 /usr – User Programs and Data

The largest directory, containing user applications, libraries, documentation, and more.

Typical sub‑directories:

/usr/bin      - User commands
/usr/sbin     - System administration commands
/usr/lib      - Libraries
/usr/lib64    - 64‑bit libraries
/usr/include  - C header files
/usr/share    - Architecture‑independent data
/usr/local    - Locally installed software
/usr/src      - Source code

/usr/bin examples:

gcc      # C compiler
python   # Python interpreter
vim      # Text editor
ssh      # Secure shell client
wget     # Network downloader
curl     # Data transfer tool

Ops practice:

# Count number of user commands
ls -la /usr/bin | wc -l
# List locally installed software
ls -la /usr/local/bin
# Show shared libraries in /usr/lib
ls /usr/lib | grep "\.so"

3.4 /var – Variable Data

Holds data that changes frequently, such as logs, caches, and temporary files.

Important sub‑directories:

/var/log      - System logs
/var/cache    - Cache data
/var/tmp      - Temporary files
/var/spool    - Queue files (e.g., cron, mail, cups)
/var/lib      - Application state data
/var/run      - Runtime data (often a symlink to /run)
/var/lock     - Lock files

Ops practice:

# Monitor log file sizes
du -sh /var/log/*
# Follow system messages log
tail -f /var/log/messages
# Clean old temporary files
find /var/tmp -type f -mtime +7 -delete
# Check cache usage
du -sh /var/cache/*

3.5 /etc – System Configuration

Contains the core configuration files for the system.

Key configuration files:

/etc/passwd      # User account information
/etc/shadow      # Encrypted passwords
/etc/group       # Group information
/etc/hosts       # Hostname resolution
/etc/fstab       # Filesystem table
/etc/crontab     # System cron jobs
/etc/sudoers     # sudo privileges
/etc/ssh/        # SSH configuration directory
/etc/network/   # Network configuration
/etc/systemd/    # systemd configuration

Ops practice:

# Backup critical configuration
cp /etc/fstab /etc/fstab.backup.$(date +%Y%m%d)
# List all system users
cat /etc/passwd | grep -v nologin
# Show network configuration
cat /etc/hosts
cat /etc/resolv.conf
# List systemd unit files
ls /etc/systemd/system/

3.6 /home – User Home Directories

Each regular user gets a separate sub‑directory with full control over its contents.

Typical files:

/home/username/.bashrc      # Bash configuration
/home/username/.bash_profile# Login shell configuration
/home/username/.ssh/       # SSH keys
/home/username/.vimrc      # Vim configuration
/home/username/Documents/  # Documents
/home/username/Downloads/  # Downloads

Ops practice:

# Show size of each user's home directory
du -sh /home/*
# List contents of a specific home directory
ls -la /home/username/
# Set quota for a user (example)
quota -u username

3.7 /root – Root User Home

Home directory for the root account, isolated from /home and typically contains root's personal files and scripts.

Ops practice:

# List root's home directory
ls -la /root/
# View root's bash configuration
cat /root/.bashrc
cat /root/.bash_profile

3.8 /tmp – Temporary Files

Used for temporary files created by any user. It is usually cleared on reboot and has the sticky‑bit set.

Ops practice:

# Check permissions of /tmp
ls -ld /tmp
# Clean old temporary files
find /tmp -type f -mtime +7 -delete
# Monitor /tmp size
du -sh /tmp

4. Device and Virtual Filesystems

4.1 /dev – Device Nodes

Represents hardware devices as special files.

Important device files:

/dev/sda        # First SCSI disk
/dev/sda1       # First partition of the first disk
/dev/null       # Discard output
/dev/zero       # Infinite zero stream
/dev/random     # Random numbers
/dev/urandom    # Pseudo‑random numbers
/dev/tty        # Controlling terminal
/dev/pts/       # Pseudo‑terminal directory

Ops practice:

# List block devices
lsblk
# Show device files for disks
ls -la /dev/sd*
# Show terminal devices
ls -la /dev/tty*
# Write zeros to a test file
dd if=/dev/zero of=/tmp/testfile bs=1M count=10

4.2 /proc – Process Information Virtual FS

Provides a view into kernel and process information.

Key files:

/proc/cpuinfo   # CPU details
/proc/meminfo   # Memory details
/proc/version   # Kernel version
/proc/uptime    # System uptime
/proc/loadavg   # Load average
/proc/mounts    # Mounted filesystems
/proc/net/      # Network statistics
/proc/sys/      # Kernel parameters

Ops practice:

# Show CPU info
cat /proc/cpuinfo
# Show memory info
cat /proc/meminfo
# List process IDs
ls /proc | grep -E "^[0-9]+$"
# Show command line of PID 1
cat /proc/1/cmdline
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

4.3 /sys – System Information Virtual FS

Exposes kernel objects, devices, and drivers.

Important directories:

/sys/block/      # Block device information
/sys/class/      # Device class information
/sys/devices/    # Device tree
/sys/kernel/     # Kernel data
/sys/module/     # Loaded modules

Ops practice:

# List block devices
ls /sys/block/
# List network devices
ls /sys/class/net/
# List loaded kernel modules
ls /sys/module/

5. Boot‑Related Directories

5.1 /boot – Boot Files

Contains the kernel image, initramfs, and bootloader configuration.

Key files:

/boot/vmlinuz-*      # Kernel image
/boot/initrd.img-*   # Initial RAM disk
/boot/System.map-*   # Kernel symbol table
/boot/config-*       # Kernel configuration
/boot/grub/          # GRUB bootloader files

Ops practice:

# List boot files
ls -la /boot/
# View GRUB configuration
cat /boot/grub/grub.cfg
# Update GRUB after changes
update-grub

5.2 /run – Runtime Data

Temporary runtime data stored on a tmpfs; cleared on reboot.

Features:

Usually a tmpfs filesystem.

Contains PID files, sockets, and other runtime artifacts.

Ops practice:

# List runtime files
ls /run/
# Show service PID files
ls /run/*.pid

6. Permissions and Security

6.1 Standard Directory Permissions

Typical permission settings that protect the system.

drwxr-xr-x root root /            # Root directory
drwxr-xr-x root root /usr         # User programs
drwxr-xr-x root root /etc         # Configuration files
drwxrwxrwt root root /tmp         # Temporary files (sticky bit)
drwx------ root root /root        # Root's home directory
drwxr-xr-x root root /home        # User home directories

Ops practice:

# Verify permissions
ls -ld /tmp /var/tmp
ls -ld /etc /usr /var
# Fix common permission issues
chmod 1777 /tmp
chmod 755 /usr
chmod 750 /root

6.2 Special Permission Bits

The sticky bit prevents users from deleting files they do not own in shared directories such as /tmp.

# Set sticky bit on /tmp
chmod +t /tmp
chmod 1777 /tmp

7. Filesystem Mount Strategy

7.1 Recommended Mount Points

Separating data and system files improves security and performance.

/           # Root partition (10‑20 GB)
/boot       # Boot partition (500 MB‑1 GB)
/usr        # User programs (10‑50 GB)
/var        # Variable data (10‑100 GB)
/tmp        # Temporary files (2‑10 GB)
/home       # User homes (remaining space)
/opt        # Optional software (10‑50 GB)

Ops practice:

# Show current mounts
df -h
mount | column -t
# Examine partition usage
du -sh /* 2>/dev/null | sort -hr | head -10

7.2 /etc/fstab Configuration

Defines filesystems to be mounted automatically at boot.

Format:

device   mountpoint   fstype   options   dump   fsck

Example:

# /etc/fstab
UUID=xxx-xxx /       ext4   defaults          1 1
UUID=xxx-xxx /boot   ext4   defaults          1 2
UUID=xxx-xxx /home   ext4   defaults          1 2
UUID=xxx-xxx /var    ext4   defaults          1 2
UUID=xxx-xxx /tmp    ext4   defaults,nodev,nosuid,noexec 1 2

Ops practice:

# Test fstab syntax
mount -a
# Remount a filesystem
mount -o remount /home
# List UUIDs of block devices
blkid

8. Performance Monitoring and Optimization

8.1 Disk Usage Monitoring

# Show disk usage
df -h
# Show directory sizes
du -sh /* 2>/dev/null
# Find large files (>100 M)
find / -type f -size +100M 2>/dev/null
# Monitor inode usage
df -i

8.2 I/O Monitoring

# Real‑time I/O stats
iostat -x 1
iotop
# Per‑process I/O
pidstat -d 1

8.3 Directory Optimization Strategies

Separate frequently written directories onto dedicated partitions.

Choose appropriate filesystem types (e.g., ext4, xfs, btrfs) based on workload.

Apply mount options such as nodev, nosuid, noexec for security‑sensitive locations.

Cache clearing example:

# Drop page cache
echo 1 > /proc/sys/vm/drop_caches
# Drop dentries and inodes
echo 2 > /proc/sys/vm/drop_caches
# Drop all caches
echo 3 > /proc/sys/vm/drop_caches

9. Troubleshooting and Maintenance

9.1 Common Issues

Disk space exhaustion:

# Find directories using most space
du -sh /* 2>/dev/null | sort -hr | head -10
# Find large files (>1 GB)
find / -type f -size +1G 2>/dev/null
# Clean old log files (>30 days)
find /var/log -type f -name "*.log" -mtime +30 -delete

Permission problems:

# Check file permissions
ls -la /path/to/file
# Fix permissions
chmod 755 /path/to/directory
chown user:group /path/to/file

Mount issues:

# Verify mount status
mount | grep /path
# Force unmount
umount -l /path
# Kill processes using the mount point
fuser -km /path

9.2 Maintenance Script Example

#!/bin/bash
# System maintenance script

echo "=== Disk Usage ==="
df -h

echo "=== Large Files (>100M) ==="
find / -type f -size +100M 2>/dev/null | head -10

echo "=== Clean Temporary Files ==="
find /tmp -type f -mtime +7 -delete
find /var/tmp -type f -mtime +7 -delete

echo "=== Log Size ==="
du -sh /var/log/* 2>/dev/null | sort -hr | head -10

echo "=== System Load ==="
uptime

Conclusion

The Linux directory hierarchy is the foundation of any Linux system. By adhering to the Filesystem Hierarchy Standard, planning partitions wisely, managing permissions carefully, and performing regular monitoring and maintenance, administrators can ensure a stable, secure, and high‑performance environment.

Even as containerization reshapes deployment models, the core principles of the hierarchy remain relevant, providing a solid base for effective system management.