Skip to content
  • linux
  • file system
  • filesystem hierarchy

Filesystem Hierarchy

Filesystem Hierarchy Standard (FHS)

Section titled “Filesystem Hierarchy Standard (FHS)”

Linux filesystem

Linux systems store files according to the Filesystem Hierarchy Standard (FHS), maintained by the Linux Foundation. The standard ensures that users, administrators, and developers can move between distributions without re-learning how the system is organized.

Key differences from Windows:

  • Uses / (forward slash) as path separator, not \
  • No drive letters - everything is part of a single unified tree
  • Multiple drives and partitions are mounted as directories within that tree
  • All filesystem names are case-sensitive: /boot, /Boot, and /BOOT are three different directories
  • Removable media (USB, CD) appears at /run/media/username/label (modern) or /media (older distros)

Directory Reference

Section titled “Directory Reference”
DirectoryPurpose
/Root of the entire filesystem tree
/binEssential user binaries needed in single-user mode (cat, ls, mv, cp, rm, ps, kill, mount, sh)
/sbinEssential system administration binaries (fsck, ip, fdisk, iptables)
/bootKernel (vmlinuz), initramfs, GRUB config, System.map
/devDevice nodes - interfaces to hardware and virtual devices
/etcSystem-wide configuration files only; no binaries
/homeUser home directories (/home/alice, /home/bob)
/libShared libraries for binaries in /bin and /sbin
/lib6464-bit libraries (on systems that run both 32- and 64-bit)
/mediaAuto-mount points for removable media (older distributions)
/mntTemporary manual mount point (UNIX convention since the beginning)
/optOptional self-contained application packages (keeps files isolated from system dirs)
/procVirtual filesystem - live kernel data, process info, tunables
/runRuntime variable data (replaces /var/run); implemented as tmpfs
/rootHome directory for the root user (not the same as /)
/srvData served by the system (web, FTP); seldom used
/sysVirtual filesystem - hardware/device tree, kernel parameters (newer and stricter than /proc)
/tmpTemporary files; often cleared on reboot; sometimes a ramdisk
/usrNon-essential programs, libraries, headers, man pages; theoretically read-only
/varVariable-size data: logs, spool, caches, databases

Deep Dives on Key Directories

Section titled “Deep Dives on Key Directories”

/ - The Root Partition

Section titled “/ - The Root Partition”

While the whole system is one tree, the root partition is special. It must contain everything needed to:

  1. Boot the system (kernel, initramfs, bootloader)
  2. Restore the system from external media (backup utilities, drivers)
  3. Recover a damaged system (diagnostic and repair tools)

Separate partitions (e.g., /home, /var, /opt) are mounted later in the boot process. The FHS prohibits applications from creating new top-level directories under /.

/bin and /sbin

Section titled “/bin and /sbin”
  • /bin: commands needed by all users (cat, cp, ls, mv, ps, rm, date, echo, kill, ln, login, mount, umount, sed, sh, su, sync, uname)
  • /sbin: commands for system administration (fsck, fdisk, mkfs, ip, iptables, reboot, shutdown)
  • Commands not needed at boot go in /usr/bin and /usr/sbin

/etc - Configuration

Section titled “/etc - Configuration”
  • Contains only text-based configuration files; no binaries
  • Only root can modify files here; regular users cannot
  • User-specific config always goes in the user’s ~/.config or home directory

Notable contents:

File/DirPurpose
/etc/passwdUser account database
/etc/shadowHashed passwords
/etc/groupGroup definitions
/etc/fstabFilesystem mount table
/etc/hostsStatic hostname-to-IP mappings
/etc/resolv.confDNS server configuration
/etc/skel/Template files copied to new user home dirs
/etc/systemd/Systemd service and timer unit configurations
/etc/crontabSystem-wide cron jobs

/proc - The Process Filesystem

Section titled “/proc - The Process Filesystem”

/proc is a pseudo-filesystem - it has no presence on disk. It provides a file-interface to live kernel data structures. The information is generated on-demand when you read it.

Terminal window
# Key files
cat /proc/cpuinfo             # CPU model, cores, flags
cat /proc/meminfo             # memory breakdown
cat /proc/mounts              # currently mounted filesystems
cat /proc/version             # kernel version
cat /proc/partitions          # block devices and partitions
cat /proc/interrupts          # IRQ assignments


# Per-process info (replace PID with actual number)
ls /proc/1234/                # directory for process 1234
cat /proc/1234/status         # name, state, memory, UIDs
cat /proc/1234/cmdline        # full command line
ls /proc/1234/fd/             # open file descriptors
cat /proc/1234/maps           # memory map


# The current process
ls /proc/self/                # always points to the running process


# Kernel tunables (writable)
cat /proc/sys/vm/swappiness
echo 10 > /proc/sys/vm/swappiness    # change temporarily

/sys - The Device/Hardware Filesystem

Section titled “/sys - The Device/Hardware Filesystem”

/sys (sysfs) is newer than /proc and adheres to stricter standards. It exposes the Unified Device Model - the kernel’s view of all hardware and drivers.

Terminal window
# Examples
ls /sys/class/net/             # network interfaces
cat /sys/class/net/eth0/speed  # interface speed
ls /sys/block/                 # block devices
cat /sys/block/sda/queue/scheduler   # I/O scheduler
cat /sys/block/sda/size        # disk size in 512-byte sectors

/dev - Device Nodes

Section titled “/dev - Device Nodes”

/dev contains device nodes - special files that serve as interfaces to hardware and virtual devices. They are created dynamically by udev when devices are detected.

  • Block devices: random-access storage (/dev/sda, /dev/nvme0n1)
  • Character devices: sequential streams (/dev/tty, /dev/null, /dev/urandom, /dev/zero)
  • Pseudo-devices: /dev/null (discards writes), /dev/zero (stream of null bytes), /dev/random, /dev/urandom
Terminal window
ls -l /dev/sd*               # list SATA disk device nodes
ls -l /dev/null /dev/zero    # pseudo-devices

/var - Variable Data

Section titled “/var - Variable Data”

/var holds data that grows or changes during normal operation. It is often mounted as its own partition so that runaway growth (e.g., huge log files) doesn’t bring down the root filesystem.

/var structure

SubdirectoryContents
/var/logSystem and application log files
/var/libPersistent application state (databases, package manager data)
/var/spoolQueued data: print jobs, mail, cron jobs
/var/tmpTemp files that survive reboots (unlike /tmp)
/var/cacheCached application data (can be rebuilt)
/var/wwwWeb server document root (conventional)
/var/ftpFTP server root (conventional)

/boot - Boot Files

Section titled “/boot - Boot Files”

For each installed kernel version:

FilePurpose
vmlinuz-X.Y.ZCompressed Linux kernel image
initramfs-X.Y.Z.imgInitial RAM filesystem (or initrd)
config-X.Y.ZKernel build configuration (debugging only)
System.map-X.Y.ZKernel symbol table (debugging only)

GRUB bootloader files live at /boot/grub/grub.cfg or /boot/grub2/grub2.cfg.

/usr - User Programs

Section titled “/usr - User Programs”

/usr contains programs and data not needed at boot. It can be a separate partition and can even be shared across machines via NFS. It is theoretically read-only.

SubdirectoryContents
/usr/binPrimary directory for user commands
/usr/sbinNon-essential system admin commands
/usr/libLibraries for /usr/bin and /usr/sbin
/usr/lib6464-bit libraries
/usr/includeC/C++ header files for development
/usr/shareArchitecture-independent shared data (man pages, icons, locales)
/usr/share/manMan page documentation
/usr/srcKernel source code
/usr/localLocally installed software (outside package manager); mirrors /usr layout

/home and /root

Section titled “/home and /root”
  • /home/username - Personal files, dotfiles, settings for each regular user
  • /root - Home directory for the root account (superuser)

On multi-user systems, /home is often a separate filesystem (NFS-mounted or on its own partition), so users’ data persists across OS reinstalls.

/run - Runtime Data

Section titled “/run - Runtime Data”

/run is implemented as tmpfs (RAM disk). It stores:

  • PID files (which process is running as which daemon)
  • Sockets and lock files
  • Volatile state that must exist early in boot

/var/run and /var/lock are now symlinks to /run and /run/lock.

/tmp vs /var/tmp

Section titled “/tmp vs /var/tmp”
/tmp/var/tmp
Cleared on rebootYes (usually)No
Typical useIn-session temp filesTemp files that must survive a reboot
ImplementationOften tmpfsUsually on disk

Key FHS Rules to Remember

Section titled “Key FHS Rules to Remember”
  1. Applications should not create directories directly under /
  2. /etc is for system configuration; user config goes in ~
  3. /usr should be read-only in production
  4. Variable data belongs in /var, not /usr
  5. Locally-compiled/installed software goes in /usr/local to avoid conflicts with package manager