Linux File System Hierarchy Explained

Introduction
A well-organized file system is one of Linux's strengths — it gives programs and administrators predictable places to find configuration, binaries, and data. This guide explains the standard Linux filesystem hierarchy, shows practical commands to explore it, and gives tips to avoid common mistakes.

Why the hierarchy matters

Linux uses a single-rooted directory tree (starting at /). Instead of drive letters, everything is mounted into that tree. This predictability means scripts, packages, and admins can rely on consistent locations for system files, user data, and runtime state.

Example: list the root directory and inspect permissions

$ ls -la /
total 80
drwxr-xr-x  18 root root  4096 Nov  1 12:00 .
drwxr-xr-x  18 root root  4096 Nov  1 12:00 ..
drwxr-xr-x   2 root root  4096 Sep 27 09:15 bin
drwxr-xr-x   3 root root  4096 Sep 27 09:15 boot
drwxr-xr-x  19 root root  3720 Nov  1 12:07 dev
drwxr-xr-x 138 root root 12288 Nov  1 14:20 etc
...

Explanation:

• / is the root of the tree.
• Entries like bin, etc, dev are top-level directories with standard purposes (explained below).
• Permissions (drwxr-xr-x) and owner (root) show who can read/execute/list.

Top-level directories explained

Here are the most important top-level directories and what they contain. Knowing these saves time and prevents mistakes.

• /bin — Essential user binaries (commands used in single-user mode and by scripts).
• /sbin — System administration binaries (often require root).
• /usr — Read-only user utilities and applications. Subdirs include /usr/bin, /usr/lib.
• /var — Variable data (logs, spool files, caches).
• /etc — System-wide configuration files.
• /home — Home directories for regular users.
• /root — Home for the root user.
• /tmp — Temporary files usable by any user, often cleared on reboot.
• /dev — Device nodes (files representing hardware and virtual devices).
• /proc and /sys — Virtual file systems exposing kernel and process information.
• /opt — Optional or third-party software (often commercial packages).
• /run — Runtime data since boot (PID files, sockets).

Example: quickly jump to a config and view part of it

# View the system hostname configuration (common location)
$ cat /etc/hostname
my-machine

# Show last 20 lines of a system log
$ sudo tail -n 20 /var/log/syslog

Explanation:

• /etc is for configuration; editing files here usually requires root privileges.
• /var/log contains logs — useful for troubleshooting.

Practical navigation and inspection

When managing a Linux system you’ll often need to find disk usage, locate files, and inspect mounts. Here are common commands and examples.

Find a file by name:

$ find /etc -name "*ssh*" -maxdepth 2 -type f
/etc/ssh/ssh_config
/etc/ssh/sshd_config

Check disk usage and find large directories:

# Show filesystem disk usage summary
$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        50G   15G   33G  32% /

# Show sizes of top-level directories (human readable, one level)
$ sudo du -sh /* 2>/dev/null | sort -h
4.0K /bin
12M  /boot
1.2G /usr
...

Inspect mount points and virtual filesystems:

# See what is mounted
$ mount | grep -E "^/|proc|sysfs"

Tips:

• Use sudo when listing protected directories like /root or reading some logs.
• Redirect stderr (2>/dev/null) to hide permission errors when scanning broad paths.

Permissions and ownership (how it affects the hierarchy)

Files and directories are governed by permissions and ownership; this controls access across the hierarchy. Understand these basics to avoid breaking things.

View permissions:

$ ls -l /usr/bin/ssh
-rwxr-xr-x 1 root root 111K Mar  5  2024 /usr/bin/ssh

• The first field (-rwxr-xr-x) shows read/write/execute bits for owner/group/others.
• Owner and group are root:root here.

Change ownership and permissions (be cautious):

# Make a script executable
$ chmod +x ~/scripts/backup.sh

# Change owner to user alice
$ sudo chown alice:alice /home/alice/projects -R

Guidelines:

• Avoid changing ownership of system directories (e.g., /usr or /bin).
• Use chmod and chown on user-owned files or when deploying applications that require specific ownership.

Special filesystems: /proc, /sys, /dev, /run

These are not "normal" directories stored on disk. They are virtual filesystems provided by the kernel and expose runtime state.

/ proc — process and kernel info (one subdir per running PID). Example:

# View CPU info via proc
$ cat /proc/cpuinfo | grep 'model name' | head -n1
model name  : Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz

# See info for process 1 (PID 1)
$ ls -l /proc/1

/ sys — kernel device tree and attributes (used by udev and system configuration)

# List a device attribute
$ ls /sys/class/net
lo  eth0  wlp3s0

/ dev — device nodes

$ ls -l /dev/sda*
brw-rw---- 1 root disk 8, 0 Apr 10 09:30 /dev/sda

/ run — runtime data (since early boot; PID files, sockets)

$ ls /run | head
utmp
systemd
lock

Important: Do not treat files in /proc or /sys as regular files to edit; many are interfaces where writing has side effects. Use tools (sysctl, udev rules) for persistent changes.

Commands table

A compact reference of commonly used commands for exploring the filesystem.

Example usage block:

# Find large files over 100MB
$ sudo find / -type f -size +100M -exec ls -lh {} \; 2>/dev/null | awk '{print $5, $9}' | sort -h

Common Pitfalls

• Editing system files without backups: Never modify /etc files or init scripts without a copy — you may lock yourself out or break services.
• Changing ownership/permissions of system directories: chown -R root:root /usr or chmod -R 777 / can render the system unusable or insecure.
• Treating /proc or /sys files like regular text files: Writing arbitrary values into proc/sys attributes can destabilize the kernel — use sysctl or documentation.

Next Steps

• Practice: Use a virtual machine or container to explore /, /etc, /var safely.
• Learn systemd and journalctl for modern logs instead of relying only on /var/log.
• Read the Filesystem Hierarchy Standard (FHS) for authoritative details on directory purpose and best practices.

This guide gives you the context and commands to navigate and understand the Linux filesystem hierarchy. Keep exploring directories with the safe commands above and always think twice before changing system-owned files.

👉 Explore more IT books and guides at dargslan.com.