Unless you are on familiar ground, you usually need a map to get around any large area. To get from one place to another, the best map is a road map (or street map). If you are staying in one general area and are looking for places of interest, you need a tourist map. Because we are staying within the context of Linux and were looking for things of interest, what I am going to give you now is a tourist map of Linux directories.
In later chapters, we’ll go into detail about many of the directories that we are going to encounter here. For now, I am going to briefly describe where they are and what their functions are. As we get into different sections of the book, it will be a lot easier to move about and know how files relate if we already have an understanding of the basic directory structure.
One thing I would like to point out is that (for the most part) the directories of most UNIX systems are laid out according to the functionality of the files and programs within the directory. One enhancement that Linux makes is allowing things to be in more than one place. For example, files that the system uses may be in one place and those that normal users need may be in another place. Linux takes advantage of links to allow the necessary files to be in both places. We’ll talk more about links as we move on.
One question people often ask is why it is necessary to know what all the directories are for. Well, it isn’t. It isn’t necessary to know them all, just the more important ones. While working in tech support, I have talked numerous times with administrators who were trying to clean up their systems a little. Because they had little experience with UNIX systems, they ended up removing things that they thought were unnecessary, but turned out to be vital for the operation of the system. If they knew more about where things were and what they were for, they wouldn’t have made these mistakes.
As we go through these directories, keep in mind that your system may not be like this. I have tried to follow the structure of the Linux Filesystem Standard as well as to find some commonality among the different versions that I’ve installed. On your system, the files and directories may be in a different place, have different names, or may be gone altogether.
Note that depending on your distribution and the packages you have installed, these files and directories may look different. In addition, although my system used in these examples has every conceivable package installed (well, almost), I did not list all the files and directories I have. I included this list with the intention of giving you a representative overview. In addition, some of the directories are not mentioned in the text, as I cannot say too much more than in the popup in the image map in so little space.
With that said, let’s have a look.
The top-most directory is the root directory. In verbal conversation, you say “root directory” or “slash,” whereas it may be referred to in text as simply “/.”
So when you hear someone talking about the /bin directory, you may hear them say “slash bin.” This is also extended to other directories, so /usr/bin would be “slash user, slash bin.” However, once you get the feeling and begin to talk “Linux-ese,” you will start talking about the directories as “bin” or “user bin.” Note that ‘usr’ is read as “user.”
Under the root directory, there are several subdirectories with a wide range of functions. The image below shows the key subdirectories of /. This representation does not depict every subdirectory of /, just the more significant ones that appear with most default installations. In subsequent diagrams, I will continue to limit myself to the most significant directories to keep from losing perspective.
One of these files, one could say, is the single most important file: vmlinuz. This file is the operating system proper. It contains all the functions that make everything go. When referring to the file on the hard disk, one refers to /vmlinuz, whereas the in-memory, executing version is referred to as the kernel.
The first directory we get to is /bin. Its name is derived from the word “binary.” Often, the word “binary” is used to refer to executable programs or other files that contains non-readable characters. The /bin directory is where many of the system-related binaries are kept, hence the name. Although several of the files in this directory are used for administrative purposes and cannot be run by normal users, everyone has read permission on this directory, so you can at least see what the directory contains.
Note that binaries programs exist in many other directories, but the most common or frequently used ones are found in /bin. Sometimes the /bin is a symbolic link to /usr/bin. We’ll get into details about /usr/bin shortly.
The /boot directory is used to boot the system. There are several files here that the system uses at different times during the boot process. For example, the files /boot/boot.???? are copies of the original boot sector from your hard disk. (for example boot.0300) Files ending in .b are “chain loaders,” secondary loaders that the system uses to boot the various operating systems that you specify.
The /dev directory contains the device nodes. As I mentioned in our previous discussion on operating system basics, device files are the way both the operating system and users gain access to the hardware. Every device has at least one device file associated with it. If it doesn’t, you can’t gain access to it. We’ll get into more detail on individual device files later.
The /etc directory contains files and programs that are used for system configuration. Its name comes from the common abbreviation etc., for “et cetera”, meaning “and so on.” This seems to come from the fact that on many systems, /etc contains files that don’t seem to fit elsewhere.
Over the years the /etc directory has evolved to the point where it is the place where a large number of programs stored their configuration files and many of the other files they use while in operation.
Under /etc are several subdirectories of varying importance to both administrators and users. The following image shows a number of important sub-directories. Depending on what software you have installed you may not have some of these or you may have many more not listed. Unfortunately, there are few standards as to any specific file extension to use for configuration files. Sometimes the program uses .conf, other times .ini and other times nothing at all.
In some Linux distributions you will find the /etc/lilo directory, which is used for the Linux loader (lilo). This directory contains a single file, install, which is a link to /sbin/lilo. This file is used (among other things) to install the boot configuration options. On some systems, the lilo configuration file (lilo.conf) is found directly in the /etc directory We’ll get into this more in the section on starting and stopping your system.
There several directories named /etc/cron*. As you might quess these are used by the cron daemon. The /etc/cron.d contains configuration files used by cron. Typically what is here are various system related cron jobs, such as /etc/cron.d/seccheck, which does various security checks. The directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly contain files with cron jobs which run hourly, daily, weekly and monthly, respectively. There is a cron job listed in system-wide /etc/crontab that runs the program /usr/lib/cron/run-crons, which checks the other files.
The /etc/init.d directory contains scripts that the system uses when starting up or shutting down. Which files are read depends on whether the system is being started or shut down. We’ll talk more about these directories and their associated files in the section on starting up and shutting down the system. You may also find that these files are located in /etc/rc.d. On SuSE, /etc/rc.d is a symbolic link to /etc/init.d.
The /etc/skel directory is used when you create a new user with the adduser command. This is the “skeleton” of files that is copied to the user’s home directory when it’s created (hence the name “skel”). If you want to ensure that each user gets other files at startup, place them in here. For example, you may want everyone to have a configuration file for vi (.exrc) or for mail (.mailrc).
Depending on your Linux distribution, either the /etc/sysconfig or /etc/rc.config.d directory contains default system configuration information. For example, the keyboard file defines which keyboard table is to be used and the network file contains network parameters, such as the hostname.
The /etc/pam.d directory contains configuration files used by the Pluggable Authentication Modules (PAM). PAM is a system of libraries that are responsible for authentication tasks of applications and services on your system. These libraries provide an Application Programming Interface (API) allowing for a standardization of authorization functions. Previously, where necessary each program did its own authorization/authentication. With PAM, a single set of configuration files allows for a more consistent security policy. In some cases, an /etc/pam.conf file is used instead of the /etc/pam.d directory.
The /etc/profile.d directory contains default configuration for many of the shells that Linux provides. As we talk about in the section on shells, each shell has an environment which contains a number of different characteristics. Many of the defaults are defined in the files under /etc/profile.d. The name of each file gives an indication of the appropriate shell.
The /etc/security directory contains security related configurations files. Whereas PAM concerns itself with the methods used to authenticate any given user, the files under /etc/security are concerned with just what a user can or cannot do. For example, the file /etc/security/access.conf is a list of what users are allowed to login and from what host (for example, using telnet). The /etc/security/limits.conf contains various system limits, such as maximum number of processes. (Yes, these are really related to security!)
Moving back up to the root directory, we next find /home. As its name implies, this is the default location for user’s home directories. However, as we’ll talk about later, you can have the home directory anywhere.
The /lost+found directory is used to store files that are no longer associated with a directory. These are files that have no home and are, therefore, lost. Often, if your system crashes and the filesystem is cleaned when it reboots, the system can save much of the data and the files will end up here. Note that a lost+found directory is created automatically for each filesystem you create. We’ll get into more detail about this in the section on filesystems.
The /lib directory (for library) contains the libraries needed by the operating system as it is running. You will also find several sub directories.
The /proc directory takes a little while to get used to, especially if you come from a non-UNIX world or have used a version of UNIX without this directory. This is a “pseudo-filesystem” that is used to access information in the running system. Rather than having you access kernel memory directly (i.e., through the special device /dev/kmem), you can access the files within this directory. There are directories for every running process as well. We will get into more detail about this when we talk about monitoring your system. If you are curious now, check out the proc(8) man-page.
The /root directory is the home directory for the user root. This is different from many UNIX dialects that have the root’s home directory directly in /. With some Linux distributions, the /root directory is actually a symbolic link to /home/root.
The /sbin directory contains programs that are used (more or less) to administer the system. In other words, the system binaries. Many documentation sources say that this is only for system administrators. However, most of these files are executable by normal users, as well. Whether the support files or device nodes are accessible is another matter. If a normal user cannot access the device nodes or other files, the program won’t run.
The /usr directory contains many user-related subdirectories. (Note the ‘e’ is missing from “user”). In general, one can say that the directories and files under /usr are used by and related to users. There are programs and utilities here that users use on a daily basis. On many older systems, /usr is where users have their home directory. The figure below shows what the sub-directories of /usr would look like graphically.