Linux File System Heirarchy Explained

by Darrel Johnston (djohnston)

In Linux, everything is a file, or is associated with a file. There are filesystem types, such as ext3, xfs, ntfs and btrfs. But this article is not about the different filesystem types. It is about the structure of the PCLinuxOS filesystem.

It all begins with root. Not the superuser root's directory, which is /root, but the root of the filesystem, which is /. All directories start from the / (root) directory. Shown below is a graphic depiction of a typical layout.

(Image from

If we do a root directory list on our PCLinuxOS installation, we'll see the following files and directories.
























Each file and directory in the root directory is owned by the superuser, root. Only root has full read, write and modify access here. Let's begin with the files. dead.letter is created or added to when a mail program cannot deliver the contents to the intended recipient. The one on my system is mostly the results of msec system security checks that could not be emailed. Module.symvers contains information about the native kernel modules. A quick check of the file's date and time stamp shows it was copied from the /var/lib/dkms/nvidia-current/290.10-1pclos2011/build/ directory. The source file contains the line:

0xeb97fcd5        nv_linux_devices        /var/lib/dkms/nvidia173/173.14.30-1pclos2011/build/nvidia        EXPORT_SYMBOL

Whereas the line only appears once in the original file, the line appears three times in /Module.symvers. It obviously has to do with the dkms-nvidia-current package, but I'm not sure why the line appears three times.

The purpose of the file null in the root directory is unknown. This file is not to be confused with /dev/null. I do not know what process creates this file.

Some directories can be put onto separate partitions or systems for easier backups due to network topology or security concerns. Other directories have to be on the root partition, because they are vital for the bdkms-nvidia-currentoot process. 'Mountable' directories are: '/home', '/mnt', '/tmp', '/usr' and '/var'. Essential for booting are: '/bin', '/boot', '/dev', '/etc', '/lib', '/proc' and '/sbin'.


The /bin directory contains useful commands that are of use to both a system administrator as well as non-privileged users. It usually contains shells, like bash, and commonly used commands like cp, mv, rm, cat, ls. The binaries in this directory are considered to be essential because the directory contains system programs that must be available even if only the partition containing / is mounted. This situation may arise should you need to repair other partitions but have no access to shared directories. (For example, if you are in single user mode and have no network access). It also contains programs which boot scripts may depend on. The /bin directory contains no subdirectories.


The /boot directory stores data that is used before the kernel begins executing user-mode programs. It contains everything required for the boot process, except for configuration files not needed at boot time, (those that belong to the GRUB boot-loader), and the map installer. This directory may include backup master boot records, sector/system map files, the kernel and other important boot files and data that is not directly edited by hand. Programs necessary for the boot loader to be able to boot a file are placed in /sbin. Configuration files for boot loaders are placed in /etc. The PCLinuxOS /boot directory has two subdirectories, grub and lost+found.


The /dev directory is the location of special or device files. It highlights one important aspect of the Linux filesystem - everything is a file or a directory. Look through this directory and you should see sda1, sda2, etcetera, which represent the various partitions on the first master drive of the system. /dev/cdrom and /dev/fd0 represent your CD-ROM drive and your floppy drive. This may seem strange, but it will make sense if you compare the characteristics of files to that of your hardware. Both can be read from and written to. Take /dev/dsp, for example. This file represents your speaker device. Any data written to this file will be redirected to your speaker. If you try “cat /boot/vmlinuz > /dev/dsp” in a terminal on a system where the sound card has been configured, you should hear some sound. (Turn your volume down before trying it!) That's the sound of your kernel.

The majority of devices are either block or character devices. However, other types of devices exist and can be created. In general, block devices are devices that store or hold data, and character devices can be thought of as devices that transmit or transfer data. Diskette drives, hard drives and CD-ROM drives are all block devices, and serial ports, mice and parallel printer ports are all character devices. The /dev directory contains no subdirectories.


This directory contains all system related configuration files here or in its subdirectories. A configuration file is a local file used to control the operation of a program. For this reason, it's a good idea to backup this directory regularly. It will save you a lot of reconfiguration time later if you reinstall or lose your current installation. Normally, no binaries should be located here. There are quite a few subdirectories here, notably the X11 directory, which contains all the configuration files for the X Window System.


Linux is a multi-user environment, so each user is also assigned a specific directory that is accessible only to them and the system administrator. If your username is jane, your home directory will be /home/jane. You can write and delete files, as well as install programs within your home directory. It also contains your personal configuration files and folders, the so-called dot files. (The file name is preceded by a dot). Personal configuration files are usually hidden. If you want to see them, you either have to turn on the appropriate option in your file manager or use ls with the -a switch. The settings in a personal configuration file will override system configurations while logged in as a user.

When a new user is created, their dotfiles will be taken from the /etc/skel directory. The dotfile most likely to be altered by a user is the .bashrc file. It contains aliases, user-specified commands and environment variables. Your home directory can become quite large when used for storing downloads, email, image and sound files, as well as other documents. Note that although the superuser root owns the /home directory, each user's individual home directory, for example, /home/jane, is owned by the user.


The /initrd directory provides the capability to load a RAM disk by the boot loader. The RAM disk can then be mounted as the root file system, and programs can be run from it. Afterwards, a new root file system is mounted from a different device. The previous root file system (from /boot/initrd.img) is then moved to a directory and can be subsequently unmounted. The /initrd directory is mainly designed to allow system startup to occur in two phases, where the kernel loads with a minimum set of compiled drivers, then additional modules are loaded from /boot/initrd.img. The PCLinuxOS /initrd directory contains a single file, README.WARNING. The contents of the file are:

(mkinitrd) Don't remove this directory, it's needed at boot time, in the initrd, to perform the pivot_root.


The /lib directory contains kernel modules and shared libraries needed to boot the system and run the commands in /bin and /sbin. Libraries are readily identifiable through their filename extension of *.so. The Windows equivalent to a shared library would be a DLL (dynamically linked library) file. They are essential for basic system functionality. Kernel modules (drivers) are in the subdirectory /lib/modules/”kernel-version”, where “kernel-version” is a kernel installed on your system. An example would be /lib/modules/


Your Linux system should always be shut down properly. Sometimes your system might crash, or a power failure might take the machine down. Either way, at the next boot, a lengthy filesystem check using fsck will be done. Fsck will go through the system and try to recover any corrupt files that it finds. The results of this recovery operation will be placed in the /lost+found directory. The files recovered are not likely to be complete or make much sense, but there is always a chance that something worthwhile is recovered. Each partition also has its own lost+found directory. If you find files in there, try to move them back to their original location. If you find something like a broken symbolic link to a file, you have to reinstall the file(s) from the corresponding RPM, since your file system was damaged so badly that the files were mutilated beyond recognition.


This directory contains subdirectories which are used as mount points for removable media such as floppy disks, cdroms and zip disks. Historically, there have been a number of other different places used to mount removable media such as /cdrom, /mnt or /mnt/cdrom. Placing the mount points for all removable media directly in the root directory would potentially result in a large number of extra directories in /.


This is a generic mount point under which you mount your filesystems or devices. Mounting is the process by which you make a filesystem available to the system. After mounting, your files will be accessible under the mount point. There is no limitation to creating a mount point anywhere on your system. But, by convention, and for practicality, do not litter your file system with mount points. Before one can use a filesystem, it has to be mounted. The operating system then does various bookkeeping chores to make sure that everything works. Since all files in Linux are in a single directory tree, the mount operation makes it look like the contents of the newly mounted filesystem are the contents of an existing subdirectory. An example of partitions and their related mount points can be seen by reading the /etc/fstab file.


This directory is reserved for all the software and add-on packages that are not part of the default installation. For example, LibreOffice, Adobe and VirtualBox packages are found here. All third party applications should be installed in this directory. Any package to be installed here must locate its extra fonts, clipart, database files, etcetera, in a separate /opt/”package” or /opt/”provider” directory tree, where “package” is a name that describes the software package and “provider” is the provider's LANANA (Linux Assigned Names And Numbers Authority) registered name. The structure of the directories below /opt/”provider” is left up to the packager of the software, but are generally installed in /opt/”provider”/”package”.


The /proc directory is very special in that it is also a virtual filesystem. It doesn't contain actual files, but runtime system information, such as system memory, devices mounted, hardware configuration, etcetera. For this reason, it can be regarded as a control and information center for the kernel. In fact, quite a few of the system utilities are simply calls to files in this directory. For example, “lsmod” is the same as “cat /proc/modules”, while “lspci” is a synonym for “cat /proc/pci”. By altering files located in the /proc directory, you can even read and change kernel parameters (sysctl) while the system is running. The most distinctive thing about files in this directory is the fact that all of them have a file size of 0, with the exception of config.gz, kcore, mounts and self.


This is the home directory of the superuser, root. In former days, / was root's home directory. To keep things tidier, root got his own home directory. But, why not in /home? Because /home is often located on a different partition, or even on another system, and would thus be inaccessible to superuser root when only / is mounted.


Linux discriminates between executeables available to all users and those used for system maintenance or administrative tasks. The latter are in /sbin. This directory contains binaries that are essential to the working of the system. These include system administration,  maintenance and hardware configuration programs. For example, you will find lilo, fdisk, init, ifconfig and others here.

Another directory that contains system executeables is /usr/sbin. This is where you will find the network daemons for your system, along with other binaries that generally only the system administrator has access to, but which are not required for system maintenance and repair. Usually, these directories are not part of a normal user's search path, only of root's. Programs executed after the /usr directory has been mounted are generally placed in /usr/sbin.


The /srv directory contains website specific data which is served by the system. The main purpose is so that users may find the location of the data files for a particular service, and so that services which require a single tree for read-only data, writable data and scripts, such as cgi scripts, can be reasonably placed. If you have no web services installed on your system, the /srv directory will be empty.


The purpose of the /swap directory is unknown. This directory is not to be confused with the swap partition. I do not know what process creates this directory.


The /sys directory is actually a virtual filesystem which is a counterpart to /proc. It provides a lot of non-process related, detailed information about the in-kernel status to userspace. The subdirectories are block, bus, class, dev, devices, firmware, fs, kernel, module and power.


This directory contains mostly files that are required temporarily. Many programs use this to create lock files and for temporary storage of data. Do not remove files from this directory unless you know exactly what you are doing. Many of these files are important for currently running programs and deleting them may result in a system crash. The files usually won't contain more than a few KB anyway. The directory can be cleared on reboot by setting the appropriate configuration, if so desired.


Although the /home directory can potentially contain much more data, the /usr directory usually contains the largest share of data on a system. This is one of the most important directories in the system, as it contains subdirectories with user binary executables, their documentation, libraries and header files. X and its supporting libraries can be found here. In the original UNIX implementations, /usr was where the home directories of the users were created. In current UNIX flavors, /usr is where userland programs and data are. The name hasn't changed, but it's meaning has narrowed and lengthened from "everything user related" to "user programs and data".


The /var directory contains variable data such as system logging files, mail and printer spool directories, and transient and temporary files. Some portions of /var are not shareable between different systems. For instance, /var/log, /var/lock, and /var/run. Other portions may be shared, notably /var/mail, /var/cache/man, /var/cache/fonts, and /var/spool/news. Why not put it into /usr? Because there might be circumstances when you may want to mount /usr as read-only, for example, if it is on a CD or on another computer. /var contains variable data the system must be able to write to during operation, whereas /usr should only contain static data.