What You'll Learn
A deep dive into the Linux Filesystem Hierarchy Standard (FHS) — what lives in each directory, why it matters for DevOps, and practical examples for working with /etc, /var, /proc, and more.
The Linux Filesystem Hierarchy
Linux organizes all files into a single directory tree starting from the root /. Unlike Windows (with C:\, D:\), everything in Linux is under one unified tree. Understanding where things live is essential for configuration, debugging, and security.
| Directory | Purpose | DevOps Relevance |
|---|---|---|
| / | Root of the entire filesystem | Starting point for all paths |
| /etc | System-wide configuration files | ⭐ Critical — nginx.conf, passwd, hosts, ssh configs |
| /var | Variable data — logs, caches, databases | ⭐ Critical — /var/log for all application logs |
| /opt | Optional/third-party software | Jenkins, custom apps install here |
| /usr | User programs and data (/usr/bin, /usr/lib) | Most installed binaries live here |
| /tmp | Temporary files — cleared on reboot | Scripts, build temp files |
| /proc | Virtual filesystem — kernel/process info | Process debugging, kernel tuning |
| /sys | Hardware/kernel interface (sysfs) | Kernel parameters, hardware info |
| /home | User home directories | SSH keys, user-specific configs |
| /root | Root user's home directory | Root's SSH keys and configs |
| /bin, /sbin | Essential user/system binaries | ls, cp, mount, fdisk, etc. |
| /lib, /lib64 | Shared libraries for /bin, /sbin | Required .so library files |
| /dev | Device files (block, character devices) | /dev/sda (disk), /dev/null |
| /mnt, /media | Mount points for filesystems | Mount EBS volumes, NFS shares |
| /boot | Boot loader files, kernel images | vmlinuz, initrd, GRUB |
Deep Dive: /etc — The Configuration Brain
bash — Key files in /etc
/etc/
├── nginx/ # Nginx config directory
│ ├── nginx.conf # Main Nginx config
│ ├── conf.d/ # Virtual host configs
│ └── sites-enabled/ # Symlinks to enabled sites
├── ssh/
│ ├── sshd_config # SSH server config (PermitRootLogin, PasswordAuth)
│ └── ssh_config # SSH client defaults
├── hosts # Static hostname → IP mapping
├── resolv.conf # DNS server config
├── hostname # System hostname
├── fstab # Filesystem mount table (persistent mounts)
├── crontab # System-wide cron jobs
├── cron.d/ # Drop-in cron files
├── passwd # User accounts (no passwords!)
├── shadow # Hashed passwords (root only)
├── group # Group definitions
├── sudoers # sudo permission rules
├── environment # System-wide environment variables
├── profile # Login shell profile (ALL users)
├── profile.d/ # Drop-in profile scripts
├── bashrc # Interactive bash config (ALL users)
├── sysctl.conf # Kernel parameter tuning
├── limits.conf # Resource limits per user/process
├── logrotate.conf # Global log rotation config
├── logrotate.d/ # Per-application rotation rules
├── systemd/
│ └── system/ # Systemd unit files
├── apt/ # APT package manager config
│ └── sources.list # Repository list
└── yum.repos.d/ # YUM/DNF repository filesDeep Dive: /var — Variable Data & Logs
bash — /var directory structure
/var/
├── log/ # ⭐ All log files
│ ├── syslog # General system log (Debian/Ubuntu)
│ ├── messages # General system log (RHEL/CentOS)
│ ├── auth.log # Authentication events (sudo, SSH)
│ ├── kern.log # Kernel messages
│ ├── nginx/
│ │ ├── access.log # HTTP requests
│ │ └── error.log # Nginx errors
│ ├── mysql/
│ │ └── error.log # MySQL errors
│ ├── journal/ # systemd journal (binary format)
│ └── dpkg.log # Package install/remove history
├── cache/ # Application caches
│ ├── apt/ # APT package cache
│ └── nginx/ # Nginx cache
├── lib/ # Persistent app data
│ ├── mysql/ # MySQL data files
│ ├── postgresql/ # PostgreSQL data
│ └── docker/ # Docker layers and containers
├── www/ # Web server document root
│ └── html/ # Default Nginx/Apache web root
├── run/ # Runtime data (PID files)
│ └── nginx.pid # Nginx process ID
├── spool/ # Queue data (print, mail, cron)
│ └── cron/ # User crontab files
└── tmp/ # Temp files (NOT cleared on reboot!)
# Key commands for /var/log
tail -f /var/log/nginx/access.log # Follow nginx requests
grep "ERROR" /var/log/syslog # Find errors
journalctl -u nginx --since "1h ago" # Systemd journalDeep Dive: /proc — The Live Kernel Interface
bash — Reading /proc for system info
# CPU information
cat /proc/cpuinfo | grep "model name" | head -1
cat /proc/cpuinfo | grep -c processor # CPU core count
# Memory information
cat /proc/meminfo | grep -E "MemTotal|MemFree|MemAvailable"
# Load average (1, 5, 15 min)
cat /proc/loadavg
# Kernel version
cat /proc/version
uname -r
# Network interfaces and stats
cat /proc/net/dev
# Open file descriptors for a process
ls /proc/1234/fd | wc -l # Count open files for PID 1234
# Kernel parameters (tunable via sysctl)
cat /proc/sys/vm/swappiness # Swap usage tendency (0-100)
cat /proc/sys/net/ipv4/ip_forward # IP forwarding (needed for Docker)
cat /proc/sys/fs/file-max # Max open file descriptors
# Modify kernel params (runtime, not persistent)
echo 1 > /proc/sys/net/ipv4/ip_forward
# Persistent way via /etc/sysctl.conf:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -pDevOps Quick Tips
- Disk full alert? Run
du -sh /var/log/*— logs are almost always the culprit. - Config changed? All service configs live in
/etc/— backup before editing:cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak - Finding config files:
find /etc -name "*.conf" -newer /etc/hostname— recently modified configs. - Docker file storage: Lives in
/var/lib/docker/— check size withdu -sh /var/lib/docker