For every Linux learner, understanding the directory structure of the Linux file system is a crucial step to learn Linux well. An in-depth understanding of the standards of the Linux file directory structure and the detailed functions of each directory is very important for us to use the Linux system well.
The file system’s are used to organize and arrange file access, so it is visible, in Linux, we can view its structure through tools such as ls, in Linux, we see a tree structure; for example, the operating system is installed in a file system, he behaves as a tree structure starting from /
. The top of the Linux file system is /
, we call /
the Linux root, which is the file system of the Linux operating system. The entry point of the Linux file system is /
, and all directories, files, and devices are under /
. /
is the organizer of the Linux file system and the leader of the uppermost level.
Since there are so many Linux distributions, in order to keep the directory structure uniform, the Linux Foundation maintains a standard called the Filesystem Hierarchy Standard (FHS) standard which defines the main directories and directory contents of the Linux operating system. Of course, not all Linux distributions strictly adhere to this standard. In addition, the FHS is very similar to the UNIX file directory structure.
In fact, the FHS has been continuously revamped based on past experience. The FHS defines directories as four types of interactions based on how frequently the file system is used and whether users are allowed to change them at will.
- Shareable: Directories that can be shared to other systems for mounting, so including executable files and user emails, are directories that can be shared to other hosts on the network for mounting.
- Non-sharable: The device files or socket files related to the program operating on your own machine are not suitable for sharing to other hosts because they are only related to your own machine.
- Unchangeable: Some data does not change frequently, and does not change with the distribution. For example, libraries, file descriptions, host service configuration files managed by the system administrator, etc.
- Changeable: Data that changes frequently, such as login files, newsgroups that general users can receive on their own, etc.
The FHS only specifies what directories should be in the /
, /usr
, and /var
directories, but not the others. The following three diagrams summarize the various subdirectories under these three directories and what is placed in them.
Meaning and content of the root directory (/)
The root directory is the most important directory of the whole system, because not only all the directories are derived from it, but also the root directory is related to boot, restore, system repair, and other actions. Since the system requires specific boot software, core files, programs required for boot, libraries, and other file data when booting, the root directory must also contain programs that can repair the file system in case of system errors. Because the root directory is so important, the FHS expects that the root directory should not be placed in a very large partition, because the larger the partition, the more data you will put in it, and then the partition where the root directory is located may have more chances for errors to occur.
Therefore, the FHS standard recommends that the partition where the root directory (/) is located should be as small as possible, and the software installed by the application should not be placed in the same partition as the root directory, so that the root directory is as small as possible. The smaller the root directory, the better. Not only is the performance better, but the file system where the root directory is located is also less likely to have problems. To put it plainly, the root directory is the same as the C drive of Windows.
Based on the above reasons, FHS believes that the root directory (/) should contain the following subdirectories.
Directory | Files that should be placed |
---|---|
/bin | The system has many directories where executables are stored, but /bin is special. This is because /bin contains commands that can still be operated in single-user maintenance mode. The commands under /bin can be used by root and general accounts, mainly: cat, chmod (modify permissions), chown, date, mv, mkdir, cp, bash, and other common commands. |
/boot | The main files used by the boot machine are the Linux kernel files, as well as the boot menu and the settings needed to boot the machine. The common file name for the Linux kernel is: vmlinuz, and if you are using the grub boot manager, the directory /boot/grub/ will also exist. |
/dev | On Linux systems, all devices and peripherals exist as files in this directory. By accessing a file in this directory, you are accessing a device. Some of the most important files are /dev/null, /dev/zero, /dev/tty , /dev/lp, / dev/hd, /dev/sd*, etc. |
/etc | Almost all of the system’s main settings files are placed in this directory, such as user accounts and passwords, and the start-up files of various services. Generally speaking, the properties of the files in this directory are accessible to general users, but only root has the right to modify them. FHS recommends not placing executable files (binary) in this directory. Some of the more important files are: /etc/inittab, /etc/init.d/, /etc/modprobe.conf, /etc/X11/, /etc/fstab, /etc/sysconfig/ and so on. In addition, the important directories under it are: /etc/init.d/ : all services’ preset startup scripts are placed here, for example, to start or shut down iptables: /etc/init.d/iptables start, /etc/init.d/iptables stop/etc/xinetd. d/ : This is the directory for the settings of the services managed by the so-called super daemon. /etc/X11/ : All the X Window related settings are here, especially xorg.conf or XF86Config, the two X Server settings. |
/home | This is the system’s preset user home directory. When you add a new general user account, the preset user home directory will be normalized to this directory. More importantly, the home directory has two designations: ~: for the current user’s home directory, and ~guest: for the user’s home directory with the username guest. |
/lib | There are a lot of libraries in the system, but /lib is for the libraries that will be used at boot time and the libraries that will be called by commands under /bin or /sbin. What is a library? You can think of them as plug-ins, which are required for certain instructions to execute successfully. Especially important is the /lib/modules/ directory, because it holds the kernel-related modules (drivers). |
/media | As the name implies, this /media is where removable devices are placed. Floppy disks, CDs, DVDs, etc. are temporarily mounted here. Common file names are: /media/floppy, /media/cdrom, etc. |
/mnt | If you want to mount some additional devices temporarily, it is generally recommended that you put them in this directory. In the old days, this directory was used for the same purpose as /media. It’s just that with /media, this directory is now used for temporary mounts. |
/opt | This is a directory for third-party collaboration software. What is a third-party distribution? For example, the KDE desktop management system is a standalone project, but it can be installed on Linux systems, so it is recommended that KDE’s software be placed in this directory. In addition, if you want to install additional software (not provided by the original distribution), then you can also install your software here. However, on previous Linux systems, we used to put it in the /usr/local directory. |
/root | The home directory of the system administrator (root). It is placed here because if you enter singleton maintenance mode and mount only the root directory, this directory will be able to have root’s home directory, so we would want root’s home directory to be placed in the same partition as the root directory. |
/sbin | Linux has a lot of commands to set up the system environment. Only root can use these commands to set up the system, other users can only use them to query the system at most. The ones placed under /sbin are needed for the boot process, and include commands needed for booting, repairing, and restoring the system. As for some server software programs, they are usually placed in /usr/sbin/. As for the system binary generated by the locally installed software, it is placed in /usr/local/sbin/. Common commands include: fdisk, fsck, ifconfig, init, mkfs, etc. |
/srv | srv can be considered as an abbreviation of service, which is a directory of data that needs to be accessed by some network services after they are started. Some common services are WWW, FTP, etc. For example, the web data needed by the WWW server can be placed in /srv/www/. |
/tmp | This is the place where files are temporarily stored by the general user or by the program being executed. This directory can be accessed by anyone, so you need to clean it regularly. Of course, important data should not be placed in this directory. Because FHS even recommends to delete all the data under /tmp when booting. |
In fact, the criteria defined by the FHS for the root directory are limited to the above table, but there are still some directories that we need to know about, as follows.
Directory | Files that should be placed |
---|---|
/lost+found | This is a directory that is only created when using the standard ext2/ext3 file system format, in order to place some missing pieces in this directory in case of a file system error. This directory is usually found at the top level of the partition slot, for example if you add a hard drive to /disk, then a directory like /disk/lost+found will be automatically created under this system |
/proc | This directory itself is a virtual filesystem. It contains data in memory, such as system kernel, process information (process), peripheral device status, network status, and so on. Because the information in this directory is in memory, it does not take up any hard disk space. Some important files (directories) are: /proc/cpuinfo, /proc/dma, /proc/interrupts, /proc/ioports, /proc/net/*, etc. |
/sys | This directory is actually very similar to /proc, and is also a virtual file system that mainly records information related to the core. This includes information about currently loaded core modules and hardware devices detected by the core, etc. This directory also does not take up any hard disk space. |
In addition to the contents of these directories, another thing to note is that because the root directory is related to the boot process, only the root directory will be mounted during the boot process, while the other partitions will continue to perform the act of mounting only after the boot process is complete. Because of this, directories under the root directory that are related to the boot process cannot be placed in a different partition from the root directory. What directories should not be separated from the root directory? There are the following
- /etc: configuration files
- /bin: important executable files
- /dev: required device files
- /lib: libraries and core modules required for executable files
- /sbin: important system executable files
These five directories must not be separated from the root directory in a different partition.
The meaning and content of /usr
According to the basic definition of the FHS, the data in /usr is shareable and static. If you know how to mount partitions over the network, /usr can indeed be shared with other hosts on the local network.
/usr is not an abbreviation for user, in fact usr is an abbreviation for Unix Software Resource, the directory where Unix operating system software resources are located, not user data. This is important to note. FHS recommends that all software developers place their data in separate directories under this directory, rather than creating their own separate directories for the software.
This is because all the default software (software provided by the distribution publisher) is placed under /usr. This directory is similar to the combination of C:\Windows\ + C:\Program files\ on Windows systems, and it takes up the most hard disk space when the system is first installed. Generally speaking, the following subdirectories of /usr are recommended.
directory | files that should be placed |
---|---|
/usr/X11R6/ | It is named X11R6 because the last X version is version 11 and the 6th release of this version. |
/usr/bin/ | The vast majority of user-accessible commands are placed here. Please note the difference between /bin (whether it is related to the boot process) |
/usr/include/ | The header and include files of c/c++ and other programming languages are placed where many of the include files are used when we install certain data by tarball (*.tar.gz). |
/usr/lib/ | It contains libraries, object files, and scripts that are not commonly used by users. Some software provides some special commands for server settings, and these commands are not often operated by the system administrator, so they are placed in this directory. Note that if you are using a Linux system with X86_64, there may be a /usr/lib64/ directory |
/usr/local/ | It is recommended that you install your downloaded software (not the default distribution provider) on your local machine. For example, if your distribution provides older software and you want to install newer software but don’t want to remove the old version, you can install the newer software in the /usr/local/ directory, which will be different from the old software. You can see for yourself in /usr/local, which is also a subdirectory with bin, etc, include, lib… |
/usr/sbin/ | A system command that is not required for normal system operation. The most common ones are the service instructions (daemon) of some web server software |
/usr/share/ | The data in this directory is readable almost regardless of hardware architecture, because it is almost all text files. Also common in this directory are these subdirectories: /usr/share/man: online help files /usr/share/doc: miscellaneous software files /usr/share/zoneinfo: time zone files related to time zones |
/usr/src/ | Generally the source code is recommended to be placed here, src has the meaning of source. As for the core source code, it is recommended to put it in the /usr/src/linux/ directory. |
The meaning and content of /var
If /usr is the directory that takes up more hard disk space during installation, then /var is the directory that will gradually take up more hard disk space after the system is running. This is because the /var directory is mainly for files that change on a regular basis, including cache, log files, and files generated by certain software operations, including lock files, run files, or files from MySQL databases, for example. Common subdirectories are as follows.
directory | files that should be placed |
---|---|
/var/cache/ | Some temporary archives generated during the operation of the application itself |
/var/lib/ | The directory where the data files that need to be used during the execution of the program itself are placed. Under this directory, each software should have its own directory. For example, the MySQL database goes to /var/lib/mysql/ and the rpm database goes to /var/lib/rpm |
/var/lock/ | Some devices or file resources can only be used by one application at a time, so if two applications are using the device at the same time, some errors may occur, so the device has to be locked to ensure that it is only used by a single piece of software. For example, if a burner is burning a CD, think about it, are there two people using a burner at the same time? If two people are burning at the same time, whose data is being written to the disc? So when the first person is burning, the burner will be locked, and the second person will have to unlock the device (i.e. the previous person is done with it) before they can continue using it. |
/var/log/ | Very important. This is the directory where the login files are placed. The more important files in it are /var/log/messages, /var/log/wtmp (which records login information), etc. |
/var/mail/ | The directory that holds your personal email address, but this directory is also placed in the /var/spool/mail/ directory, and usually the two directories are linked to each other. |
/var/run/ | Some programs or services will place their PIDs in this directory when they are started |
/var/spool/ | This directory usually holds queued data, so-called “queues”, which are data queued for use by other programs. This data is usually deleted after it has been used. For example, a new letter is placed in /var/spool/mail/ when it is received, but it is deleted in principle when the user receives it. If a letter is not sent out for a while, it is put in /var/spool/mqueue/, and then deleted when it is sent out. If it is a work schedule (crontab), it will be placed in the /var/spool/cron/ directory. |
Since FHS only defines the file or directory data that should be placed in the top level (/) and the next level (/usr, /var), it is up to the developer to configure it in the other subdirectory levels.
Other special directories
/proc directory
The Linux kernel provides a mechanism for accessing internal kernel data structures and changing kernel settings at runtime via the /proc file system, a pseudo-file system that exists only in memory and does not occupy external memory space. It provides an interface for accessing the system’s kernel data in the same way as a file system.
Users and applications can get information about the system through proc and can change certain parameters of the kernel. Since information about the system, such as processes, is dynamically changed, the proc file system is dynamically reading the required information from the system kernel and committing it when the user or application reads the proc file. Not all of these files or subfolders listed below are present on your system, depending on your kernel configuration and the modules loaded. In addition, there are three very important directories under /proc: net, scsi, and sys. The Sys directory is writable and can be used to access or modify kernel parameters, while net and scsi are kernel configuration dependent. For example, if the system does not support scsi, the scsi directory does not exist.
In addition to those described above, there are also some directories named with numbers, they are process directories. Each process currently running in the system has a corresponding directory under /proc with the PID number of the process as the directory name, and they are the interface to read process information. The self directory, on the other hand, is the interface to read information about the process itself, and is a link.
Subfiles or subfolders.
- /proc/buddyinfo How many blocks are available for each order in each memory area, related to memory fragmentation issues
- /proc/cmdline Information about the parameters passed to the kernel at boot time
- /proc/cpuinfo information about the cpu
- /proc/crypto All installed encryption passwords and details used by the kernel
- /proc/devices Devices that have been loaded and categorized
- /proc/dma List of ISA DMA channels that have been registered for use
- /proc/execdomains The currently supported execution domains of the Linux kernel
- /proc/fb List of frame buffer devices, including the number and drivers that control it
- /proc/filesystems The types of file systems currently supported by the kernel
- /proc/interrupts Number of interrupts per IRQ in the x86 architecture
- /proc/iomem the current mapping of each physical device in system memory
- /proc/ioports The range of registered ports used by a device’s inputs and outputs
- /proc/kcore represents the physical memory of the system, stored in core file format, where the number of bytes is shown, equal to the RAM size plus 4kb
- /proc/kmsg records kernel-generated messages, which can be processed via /sbin/klogd or /bin/dmesg
- /proc/loadavg Load status based on CPU and IO status over time, related to the uptime command
- /proc/locks List of files locked by the kernel
- /proc/mdstat Multiple disks, RAID configuration information (md=multiple disks)
- /proc/meminfo Information about RAM usage
- /proc/misc Drivers registered on other major devices (device number 10)
- /proc/modules List of all modules loaded into the kernel
- /proc/mounts A list of all mounts used in the system
- /proc/mtrr Memory Type Range Registers (MTRRs) used by the system
- /proc/partitions Block allocation information in partitions
- /proc/pci List of PCI devices in the system
- /proc/slabinfo Information about all active slab caches in the system
- /proc/stat All CPU activity information
- /proc/sysrq-trigger When using the echo command to write this file, the remote root user can execute most of the system request key commands as if they were executed in the local terminal. To write to this file, /proc/sys/kernel/sysrq must not be set to 0. This file is also unreadable to root
- /proc/uptime how long the system has been running
- /proc/swaps swap space usage
- /proc/version Linux kernel version and gcc version
- /proc/bus System bus (Bus) information, such as pci/usb, etc.
- /proc/driver Driver information
- /proc/fs file system information
- /proc/ide ide device information
- /proc/irq interrupt request device information
- /proc/net network card device information
- /proc/scsi scsi device information
- /proc/tty tty device information
- /proc/net/dev shows network adapter and statistics
- /proc/uptime is the information that appears when you use uptime
- /proc/version The version of the kernel, which is what is displayed with uname -a
- /proc/vmstat Virtual memory statistics
- /proc/vmcore Memory image when kernel panic
- /proc/diskstats Get disk information
- /proc/schedstat kernel scheduler statistics
- /proc/zoneinfo shows memory space statistics, useful for analyzing virtual memory behavior
The following is information about process N in the /proc directory.
- /proc/N pid for process N
- /proc/N/cmdline Process start command
- /proc/N/cwd Link to the current working directory of the process
- /proc/N/environ List of process environment variables
- /proc/N/exe Link to the process’s execution command file
- /proc/N/fd contains all file descriptors associated with the process
- /proc/N/maps Memory mapping information associated with the process
- /proc/N/mem refers to the memory held by the process, not readable
- /proc/N/root Links to the process’s root directory
- /proc/N/stat Status of the process
- /proc/N/statm Status of the memory used by the process
- /proc/N/status process status information, more readable than stat/statm
- /proc/self Link to the currently running process
/dev directory
dev is the abbreviation for device. The /dev directory is very important for all users. It contains all the external devices used in the Linux system. But this is not the place for the drivers of external devices, unlike windows and dos operating systems. It is actually a port to access these external devices. We can access these external devices very easily, no different from accessing a file or a directory.
Linux follows the Unix style of recognizing all devices as one file. There are two types of device files: block device files (b) and character device files (c). Device files are generally stored in the /dev directory, and common device files are described as follows.
- /dev/hd[a-t] IDE devices
- /dev/sd[a-z] SCSI devices
- /dev/fd[0-7] Standard floppy drives
- /dev/md[0-31] soft raid devices
- /dev/loop[0-7] local loopback device
- /dev/ram[0-15] memory
- /dev/null infinite data receiving device,equivalent to black hole
- /dev/zero infinite zero resources
- /dev/tty[0-63] virtual terminal
- /dev/ttyS[0-3] serial port
- /dev/lp[0-3] parallel port
- /dev/console console
- /dev/fb[0-31] framebuffer
- /dev/cdrom => /dev/hdc
- /dev/modem => /dev/ttyS[0-9]
- /dev/pilot => /dev/ttyS[0-9]
- /dev/random random random number device
- /dev/urandom random number device
Which folder should I put my web applications in?
Debian and some other older systems still use /var/www as the default root for web services, but Arch uses /srv/http. A more elegant solution is to create a symlink: sudo ln -s /srv/http/ /var/www
/srv
The main purpose of specifying /srv is to allow users to find where the files for a particular service are located, so that services that require a separate directory for read-only data, writable data, and scripts (such as cgi scripts) can be placed in a reasonable location. Data of interest to a particular user should be available to all users in their home directory.
The method of naming the /srv subdirectory is not specified, as there is no consensus on how it should be named. One way is to organize the data in the /srv directory by protocol, such as ftp, rsync, www and cvs. For larger systems, it is useful to organize /srv by administrative environment, such as /srv/physics/www, /srv/compsci/cvs and so on. This step varies from server to server. Therefore, no program can exist on a specific /srv organization, nor can any data have to be stored in the /srv directory. However, on FHS-compliant systems, the /srv directory should always exist, and should be the default directory for such data.
Distributions must be aware that local files cannot be placed in these directories without administrator privileges.
/var
/var stores variable data files. This includes spool directories and files, administrative and log data, and temporary files.
Some parts of /var are not shared between systems. For example, /var/log, /var/lock, and /var/run. Other parts are shared, especially /var/mail, /var/cache/man, /var/cache/fonts, and /var/spool/news.
/var is specified to make it possible to mount /usr read-only. If a file, once in /usr, is writable for the duration of the system (as opposed to installation and software maintenance), then it must be in /var.
If /var can’t be a separate part, then it’s better to move /var from the root directory to /usr. (This is sometimes used to reduce the size of the root directory, or when there is not much space left in the root directory.) However, /var must not be linked to /usr, as this makes it more difficult to separate /usr from /var, and may lead to naming conflicts. Instead, link /var to /usr/var.
Applications usually do not add new directories to the top-level directory of /var. These directories can only be added if there are system-wide applications in them, and after consulting the FHS mailing list.
For example:
- /var/log for logs
- /var/tmp for temporary files
- /var/cache for cache
- /var/lock for lock files