Everything is a File
In Linux, hardware devices, directories, and running processes are all treated as files. This provides a unified interface for interacting with the system — you read from a disk the same way you read from a configuration file.
The file system originates from the root directory, represented by a single forward slash /. Everything — your home directory, mounted drives, device files — branches from here.
Linux has no drive letters like Windows (C:, D:). A second disk is mounted as a directory somewhere under
/, such as /mnt/backup or /data.The Filesystem Hierarchy Standard (FHS)
Every Linux distribution strictly follows the FHS. Knowing these directories by heart is essential for navigating any server.
Visual Overview
/ ← Root (top of everything)
├── bin/ ← Essential user binaries
├── sbin/ ← Essential system binaries
├── etc/ ← System-wide configuration
├── home/ ← Personal user directories
├── var/ ← Variable data (logs, databases)
├── dev/ ← Device files
├── tmp/ ← Temporary files (cleared on reboot)
├── proc/ ← Virtual filesystem (kernel/process info)
├── usr/ ← User programs and libraries
├── var/log/ ← All system and app logs
└── var/lib/ ← Application state data
Directory Reference
/bin and /sbin — Essential Binaries
/bin contains essential command binaries available to all users (ls, cp, mv, cat, grep).
/sbin contains essential system binaries for administration (fdisk, mkfs, iptables, reboot).
$ ls /bin | head -20
bash cat cp chown date df dmesg grep hostname init kill ls mkdir more mount mv ps pwd rm sh su touch umount$ ls /sbin | head -20
badblocks blkid blockdev cfdisk depmod df fdisk fsck getty halt ifconfig ifdown init insmod ip mkfs mkswap modprobe mount rebootDevOps context: When you troubleshoot a system that won't boot, ls /bin tells you which commands are still available.
/etc — Configuration Files
The brain of the system. Every daemon, service, and system tool stores its configuration here.
$ ls /etc | head -30
adjtime cron.d exports gre.d init.d ld.so.conf.d logrotate.d nginx/ passwd profile.d resolv.conf rsyslog.conf ssh/ systemd/ vimrc
apache2/ cron.daily fail2ban/ group hostname logcheck/ login.defs nsswitch.conf plymouth/ profile.pacnew rc.local rsyslog.d sudoers sysctl.conf X11/
apt/ cron.hourly fail2ban/ gshadow hosts localtime machine-id opt/ pm/ rc0.d/ resolv.conf security/ syslog-ng/ tmpfiles.d xdg/Key files you'll touch as a DevOps engineer:
| File | Purpose |
|---|---|
/etc/nginx/nginx.conf | NGINX web server configuration |
/etc/ssh/sshd_config | SSH daemon settings |
/etc/systemd/system/ | Systemd service definitions |
/etc/docker/daemon.json | Docker daemon configuration |
/etc/resolv.conf | DNS nameservers |
/etc/hosts | Static hostname-to-IP mappings |
/etc/passwd | User account database |
/etc/shadow | Encrypted user passwords |
# View DNS configuration
$ cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
# View nginx configuration structure
$ ls -la /etc/nginx/
total 48
drwxr-xr-x 3 root root 4096 Apr 10 08:00 .
drwxr-xr-x 3 root root 4096 Apr 9 14:00 ..
drwxr-xr-x 2 root root 4096 Apr 10 08:00 conf.d/
-rw-r--r-- 1 root root 2417 Apr 9 14:00 fastcgi.conf
-rw-r--r-- 1 root root 1317 Apr 9 14:00 fastcgi_params
-rw-r--r-- 1 root root 5285 Apr 9 14:00 mime.types
drwxr-xr-x 3 root root 4096 Apr 9 14:00 nginx.conf
-rw-r--r-- 1 root root 315 Apr 9 14:00 proxy_params
drwxr-xr-x 1 root root 4096 Apr 9 14:00 sites-available/
-rwxr-xr-x 1 root root 154 Apr 9 14:00 sites-enabled//home — User Directories
Each user gets a personal directory under /home. It stores user-specific configuration, documents, and files.
$ ls -la /home/
total 16
drwxr-xr-x 3 root root 4096 Apr 10 09:00 alice
drwxr-xr-x 2 root root 4096 Apr 10 09:05 bob
drwxr-xr-x 3 root root 4096 Apr 10 08:00 deploy# Each user's home contains their personal config
$ ls -la /home/alice/
total 32
drwxr-xr-x 3 root root 4096 Apr 10 09:00 .
drwxr-xr-x 9 root root 4096 Apr 10 08:00 ..
-rw------- 1 alice alice 220 Apr 9 15:30 .bash_history
-rw-r--r-- 1 alice alice 318 Apr 9 14:22 .bashrc
-rw-r--r-- 1 alice alice 52 Apr 9 14:22 .profile
drwxr-xr-x 3 alice alice 4096 Apr 10 09:00 projects/
drwxr-xr-x 3 alice alice 4096 Apr 10 09:05 .ssh/Root's home directory is
/root, not /home/root. This is intentional — even if /home is unavailable, root can still log in./var — Variable Data
The most dynamic directory. Files here constantly grow and change — logs, databases, email queues, print spools.
$ ls -la /var/
total 48
drwxr-xr-x 3 root root 4096 Apr 10 08:00 backups/ ← Manual backups
drwxr-xr-x 3 root root 4096 Apr 10 08:00 cache/ ← Application caches
drwxr-xr-x 3 root root 4096 Apr 10 09:00 log/ ← All logs (most important!)
drwxr-xr-x 3 root root 4096 Apr 10 08:00 lib/ ← Package manager state
drwxr-xr-x 3 root root 4096 Apr 10 08:00 mail/ ← Local email
drwxr-xr-x 3 root root 4096 Apr 10 08:00 opt/ ← Optional packages
drwxr-xr-x 3 root root 4096 Apr 10 08:00 run/ ← PID files for running processes
drwxr-xr-x 3 root root 4096 Apr 10 08:00 spool/ ← Print and cron spools
drwxr-xr-x 3 root root 4096 Apr 10 08:00 tmp/ ← Temporary between bootsLog directory breakdown:
$ ls -la /var/log/
total 216
drwxr-xr-x 3 root root 4096 Apr 10 08:00 apache2/ ← Apache logs
drwxr-xr-x 2 root root 4096 Apr 10 08:00 apt/ ← Package manager logs
drwxr-xr-x 3 root root 4096 Apr 10 09:05 auth.log ← Authentication (sudo, SSH)
drwxr-xr-x 3 root root 4096 Apr 10 09:05 syslog ← General system events
drwxr-xr-x 3 root root 4096 Apr 10 08:00 nginx/ ← NGINX access + error logs
drwxr-xr-x 3 root root 4096 Apr 10 08:00 docker/ ← Docker daemon logs
drwxr-xr-x 3 root root 4096 Apr 10 08:00 journal/ ← Systemd structured logs
drwxr-xr-x 3 root root 4096 Apr 10 08:00 kern.log ← Kernel messages/dev — Device Files
Linux represents hardware as special files in /dev. You interact with disks, terminals, and peripherals through these files.
$ ls /dev/
total 0
crw-rw---- 1 root video 226, 0 Apr 10 08:00 card0
crw-rw---- 1 root root 10, 234 Apr 10 08:00 hidraw0
crw------- 1 root root 5, 1 Apr 10 08:00 console
brw-rw---- 1 root disk 8, 0 Apr 10 08:00 sda ← First disk
brw-rw---- 1 root disk 8, 1 Apr 10 08:00 sda1 ← First partition
brw-rw---- 1 root disk 8, 2 Apr 10 08:00 sda2 ← Second partition
crw-rw-rw 1 root root 1, 7 Apr 10 08:00 loop0 ← Loop devices
crw-rw---- 1 root root 189, 0 Apr 10 08:00 usbmon0 ← USB monitor
crw--w---- 1 root root 4, 1 Apr 10 08:00 tty1 ← Virtual terminalsDevice type codes (first column):
b= Block device (disks — reads/writes in chunks)c= Character device (serial ports, terminals — byte-by-byte)p= FIFO/pipe (named pipes)
/tmp — Temporary Files
A writable space for short-lived files. Files here are deleted on every reboot by default.
$ ls -la /tmp
total 48
drwxr-xwt 3 root root 4096 Apr 10 08:00 .font-unix/
drwxr-xwt 3 root root 4096 Apr 10 08:00 .ICE-unix/
drwxrwxr-xr-x 9 root root 4096 Apr 10 09:00 systemd-private-abc123/ ← Systemd service tmp dirsNever store application data in
/tmp. It's wiped on reboot. Use /var/lib/<app> for persistent application data./proc — Virtual Filesystem
A window into the running kernel. /proc doesn't exist on disk — it's generated in memory by the kernel.
# View kernel parameters (you can read and sometimes write them!)
$ cat /proc/sys/net/ipv4/ip_forward
0
# Enable IP forwarding temporarily
$ echo 1 > /proc/sys/net/ipv4/ip_forward
# View memory info
$ cat /proc/meminfo | head -10
MemTotal: 8174112 kB
MemFree: 2048000 kB
MemAvailable: 4096000 kB
Buffers: 512000 kB
Cached: 2048000 kB
...
# View CPU info
$ cat /proc/cpuinfo | head -15
processor: 0
vendor_id: GenuineIntel
cpu family: 6
model: 142
model name: Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz
...Process information:
# View details for a specific process
$ ls -la /proc/$(pgrep nginx)/fd | head -10
total 0
lr-x------ 1 root root 64 Apr 10 09:05 0 -> /dev/null
lr-x------ 1 root root 64 Apr 10 09:05 1 -> /var/log/nginx/access.log
lr-x------ 1 root root 64 Apr 10 09:05 3 -> /var/log/nginx/error.logViewing the Root Directory
$ ls -la /
total 64
drwxr-xr-x 3 root root 4096 Apr 10 08:00 .
drwxr-xr-x 2 root root 4096 Apr 10 08:00 ..
drwxr-xr-x 3 root root 4096 Apr 10 08:00 bin
drwxr-xr-x 3 root root 4096 Apr 10 08:00 boot
drwxr-xr-x 5 root root 4096 Apr 10 08:00 dev
drwxr-xr-x 3 root root 4096 Apr 10 08:00 etc
drwxr-xr-x 3 root root 3 root root 4096 Apr 10 08:00 home
drwxr-xr-x 9 root root 4096 Apr 10 08:00 lib
drwxr-xr-x 3 root root 4096 Apr 10 08:00 lib64
drwxr-xr-x 3 root root 4096 Apr 10 08:00 media
drwxr-xr-x 3 root root 4096 Apr 10 08:00 mnt
drwxr-xr-x 3 root root 4096 Apr 10 08:00 opt
drwxr-xr-x 2 root root 4096 Apr 10 08:00 proc
drwxr-xr-x 3 root root 4096 Apr 10 08:00 root
drwxr-xr-x 3 root root 4096 Apr 10 08:00 run
drwxr-xr-x 4 root root 4096 Apr 10 08:00 sbin
drwxr-xr-x 3 root root 4096 Apr 10 08:00 srv
drwxr-xr-x 3 root root 4096 Apr 10 08:00 sys
drwxr-xr-x 4 root root 4096 Apr 10 08:00 tmp
drwxr-xr-x 3 root root 4096 Apr 10 08:00 usr
drwxr-xr-x 5 root root 4096 Apr 10 08:00 varQuick Reference
| Directory | Contains | DevOps Relevance |
|---|---|---|
/ | Root | Everything starts here |
/bin | Essential commands | Available in single-user mode |
/sbin | System binaries | Root-only commands |
/etc | Config files | NGINX, SSH, systemd, Docker |
/home | User directories | Non-root user files |
/var/log | All logs | Troubleshooting, monitoring |
/var/lib | App state | Docker, databases, packages |
/dev | Device files | Disks, terminals, USB |
/tmp | Temporary files | Cleared on reboot |
/proc | Kernel data | Runtime kernel/process info |
/sys | Kernel sysfs | Hardware/device kernel interface |
/usr | User programs | Installed software |
/opt | Optional packages | Third-party installs |
/run | Runtime data | PID files, sockets |
Practice Challenge
On a Linux system, explore the filesystem and answer:
- What user owns
/var/log/auth.log? What are its permissions? - Find the size of
/var/logusingdu -sh /var/log - List the contents of
/proc/sys/net/ipv4/— what network tunables can you see? - Check
/etc/nginx/— how is the configuration structured? - Find the disk device file for your primary hard drive in
/dev