Guided Tour

Guided Tour

Unless you are on familiar ground, you usually need a map to get around any large area. To get from one place to another, the best map is a road map (or street map). If you are staying in one general area and are looking for places of interest, you need a tourist map. Because we are staying within the context of Linux and were looking for things of interest, what I am going to give you now is a tourist map of Linux directories.

In later chapters, we’ll go into detail about many of the directories that we are going to encounter here. For now, I am going to briefly describe where they are and what their functions are. As we get into different sections of the book, it will be a lot easier to move about and know how files relate if we already have an understanding of the basic directory structure.

One thing I would like to point out is that (for the most part) the directories of most UNIX systems are laid out according to the functionality of the files and programs within the directory. One enhancement that Linux makes is allowing things to be in more than one place. For example, files that the system uses may be in one place and those that normal users need may be in another place. Linux takes advantage of links to allow the necessary files to be in both places. We’ll talk more about links as we move on.

One question people often ask is why it is necessary to know what all the directories are for. Well, it isn’t. It isn’t necessary to know them all, just the more important ones. While working in tech support, I have talked numerous times with administrators who were trying to clean up their systems a little. Because they had little experience with UNIX systems, they ended up removing things that they thought were unnecessary, but turned out to be vital for the operation of the system. If they knew more about where things were and what they were for, they wouldn’t have made these mistakes.

As we go through these directories, keep in mind that your system may not be like this. I have tried to follow the structure of the Linux Filesystem Standard as well as to find some commonality among the different versions that I’ve installed. On your system, the files and directories may be in a different place, have different names, or may be gone altogether.

Note that depending on your distribution and the packages you have installed, these files and directories may look different. In addition, although my system used in these examples has every conceivable package installed (well, almost), I did not list all the files and directories I have. I included this list with the intention of giving you a representative overview. In addition, some of the directories are not mentioned in the text, as I cannot say too much more than in the popup in the image map in so little space.

With that said, let’s have a look.

The top-most directory is the root directory. In verbal conversation, you say “root directory” or “slash,” whereas it may be referred to in text as simply “/.”

So when you hear someone talking about the /bin directory, you may hear them say “slash bin.” This is also extended to other directories, so /usr/bin would be “slash user, slash bin.” However, once you get the feeling and begin to talk “Linux-ese,” you will start talking about the directories as “bin” or “user bin.” Note that ‘usr’ is read as “user.”

Under the root directory, there are several subdirectories with a wide range of functions. The image below shows the key subdirectories of /. This representation does not depict every subdirectory of /, just the more significant ones that appear with most default installations. In subsequent diagrams, I will continue to limit myself to the most significant directories to keep from losing perspective.

Image – Listing of a typical root directory. (interactive)

One of these files, one could say, is the single most important file: vmlinuz. This file is the operating system proper. It contains all the functions that make everything go. When referring to the file on the hard disk, one refers to /vmlinuz, whereas the in-memory, executing version is referred to as the kernel.

The first directory we get to is /bin. Its name is derived from the word “binary.” Often, the word “binary” is used to refer to executable programs or other files that contains non-readable characters. The /bin directory is where many of the system-related binaries are kept, hence the name. Although several of the files in this directory are used for administrative purposes and cannot be run by normal users, everyone has read permission on this directory, so you can at least see what the directory contains.

Note that binaries programs exist in many other directories, but the most common or frequently used ones are found in /bin. Sometimes the /bin is a symbolic link to /usr/bin. We’ll get into details about /usr/bin shortly.

The /boot directory is used to boot the system. There are several files here that the system uses at different times during the boot process. For example, the files /boot/boot.???? are copies of the original boot sector from your hard disk. (for example boot.0300) Files ending in .b are “chain loaders,” secondary loaders that the system uses to boot the various operating systems that you specify.

The /dev directory contains the device nodes. As I mentioned in our previous discussion on operating system basics, device files are the way both the operating system and users gain access to the hardware. Every device has at least one device file associated with it. If it doesn’t, you can’t gain access to it. We’ll get into more detail on individual device files later.

The /etc directory contains files and programs that are used for system configuration. Its name comes from the common abbreviation etc., for “et cetera”, meaning “and so on.” This seems to come from the fact that on many systems, /etc contains files that don’t seem to fit elsewhere.

Over the years the /etc directory has evolved to the point where it is the place where a large number of programs stored their configuration files and many of the other files they use while in operation.

Under /etc are several subdirectories of varying importance to both administrators and users. The following image shows a number of important sub-directories. Depending on what software you have installed you may not have some of these or you may have many more not listed. Unfortunately, there are few standards as to any specific file extension to use for configuration files. Sometimes the program uses .conf, other times .ini and other times nothing at all.

Image – Listing of a key directories under the /etc directory. (interactive)

In some Linux distributions you will find the /etc/lilo directory, which is used for the Linux loader (lilo). This directory contains a single file, install, which is a link to /sbin/lilo. This file is used (among other things) to install the boot configuration options. On some systems, the lilo configuration file (lilo.conf) is found directly in the /etc directory We’ll get into this more in the section on starting and stopping your system.

There several directories named /etc/cron*. As you might quess these are used by the cron daemon. The /etc/cron.d contains configuration files used by cron. Typically what is here are various system related cron jobs, such as /etc/cron.d/seccheck, which does various security checks. The directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly contain files with cron jobs which run hourly, daily, weekly and monthly, respectively. There is a cron job listed in system-wide /etc/crontab that runs the program /usr/lib/cron/run-crons, which checks the other files.

The /etc/init.d directory contains scripts that the system uses when starting up or shutting down. Which files are read depends on whether the system is being started or shut down. We’ll talk more about these directories and their associated files in the section on starting up and shutting down the system. You may also find that these files are located in /etc/rc.d. On SuSE, /etc/rc.d is a symbolic link to /etc/init.d.

The /etc/skel directory is used when you create a new user with the adduser command. This is the “skeleton” of files that is copied to the user’s home directory when it’s created (hence the name “skel”). If you want to ensure that each user gets other files at startup, place them in here. For example, you may want everyone to have a configuration file for vi (.exrc) or for mail (.mailrc).

Depending on your Linux distribution, either the /etc/sysconfig or /etc/rc.config.d directory contains default system configuration information. For example, the keyboard file defines which keyboard table is to be used and the network file contains network parameters, such as the hostname.

The /etc/pam.d directory contains configuration files used by the Pluggable Authentication Modules (PAM). PAM is a system of libraries that are responsible for authentication tasks of applications and services on your system. These libraries provide an Application Programming Interface (API) allowing for a standardization of authorization functions. Previously, where necessary each program did its own authorization/authentication. With PAM, a single set of configuration files allows for a more consistent security policy. In some cases, an /etc/pam.conf file is used instead of the /etc/pam.d directory.

The /etc/profile.d directory contains default configuration for many of the shells that Linux provides. As we talk about in the section on shells, each shell has an environment which contains a number of different characteristics. Many of the defaults are defined in the files under /etc/profile.d. The name of each file gives an indication of the appropriate shell.

The /etc/security directory contains security related configurations files. Whereas PAM concerns itself with the methods used to authenticate any given user, the files under /etc/security are concerned with just what a user can or cannot do. For example, the file /etc/security/access.conf is a list of what users are allowed to login and from what host (for example, using telnet). The /etc/security/limits.conf contains various system limits, such as maximum number of processes. (Yes, these are really related to security!)

Moving back up to the root directory, we next find /home. As its name implies, this is the default location for user’s home directories. However, as we’ll talk about later, you can have the home directory anywhere.

The /lost+found directory is used to store files that are no longer associated with a directory. These are files that have no home and are, therefore, lost. Often, if your system crashes and the filesystem is cleaned when it reboots, the system can save much of the data and the files will end up here. Note that a lost+found directory is created automatically for each filesystem you create. We’ll get into more detail about this in the section on filesystems.

The /lib directory (for library) contains the libraries needed by the operating system as it is running. You will also find several sub directories.

The /proc directory takes a little while to get used to, especially if you come from a non-UNIX world or have used a version of UNIX without this directory. This is a “pseudo-filesystem” that is used to access information in the running system. Rather than having you access kernel memory directly (i.e., through the special device /dev/kmem), you can access the files within this directory. There are directories for every running process as well. We will get into more detail about this when we talk about monitoring your system. If you are curious now, check out the proc(8) man-page.

The /root directory is the home directory for the user root. This is different from many UNIX dialects that have the root’s home directory directly in /. With some Linux distributions, the /root directory is actually a symbolic link to /home/root.

The /sbin directory contains programs that are used (more or less) to administer the system. In other words, the system binaries. Many documentation sources say that this is only for system administrators. However, most of these files are executable by normal users, as well. Whether the support files or device nodes are accessible is another matter. If a normal user cannot access the device nodes or other files, the program won’t run.

The /usr directory contains many user-related subdirectories. (Note the ‘e’ is missing from “user”). In general, one can say that the directories and files under /usr are used by and related to users. There are programs and utilities here that users use on a daily basis. On many older systems, /usr is where users have their home directory. The figure below shows what the sub-directories of /usr would look like graphically.

Image – Listing of a key directories under the /usr directory. (interactive)

Where /bin contains programs that are used by both users and administrators, /usr/bin contains files that are almost exclusively used by users. (However, like everything in UNIX, there are exceptions.) Here again, the bin directory contains binary files. In general, you can say the the programs and utilities that all users more or less require are stored in bin, whereas the “nice-to-have” programs and utilities are stored in /usr/bin. Programs and utilities needs for administrative tasks are stored in /sbin. Note that it is common to seperate files like this, but it is not an absolute.

The /usr/adm directory contains mostly administrative data. The name “adm” comes from “administration,” which is no wonder considering this contains a lot of the administrative information that relates to users. This may be a symbolic link to the /var directory. Note that this directory does not exist on many systems.

The /usr/include directory and its various subdirectories contain all the include files. These contain information that is needed both by the kernel when it is being recreated and by programs when they are being compiled. For normal users and even most system administrators, the information here is more a place to get one’s curiosity satisfied. (For those of you who know that this is dramatic over-simplification, all I can say is that you already know what this directory is for anyway.)

The /usr/src directory contains the source code for the Linux kernel, kernel modules and for any program that you specifically install. Although this directory existed on every Linux machine I have ever seen, it may be empty depending on what packages are installed. It the kernel source code is installed, it will reside in a sub-directory based on the kernel version, for example linux-2.6.13-15.

Many system parameters and default values of various variables that are needed when compiling a new kernel are stored inside the files underneath /usr/src/linux/include. Because of the information provided in many of the files, I will be making reference to them through the site. Rather than spelling out the full path of the directory, I will make a reference to the files relative to the /usr/src/linux/include directory, the same way that it is done in C source code. For example, when I refer to something like <linux/user.h>, I mean the full path /usr/src/linux/include/linux/user.h. When you see something enclosed in angled brackets like this, you can make the expansion yourself.

The /usr/lib directory is difficult to explain. We could say that it contains the user-related library files (based on its name). However, that still does not accurately describe the complete contents. One thing it contains is the library files that are less general than those you find in /lib. This directory contains many of the systemwide configuration files for user-level programs such as perl and emacs.

If you have switched to the more secure npasswd program, the /usr/lib/npasswd directory is used to contain some configuration information.

When configuring UUCP, all the necessary files are contained in the /usr/lib/uucp directory. Not only are the configuration files here, but this is also home for most of the UUCP programs. UUCP (Unix-to-Unix Copy) is a package that allows you to transfer files and communicate with remote systems using serial lines. We’ll talk in more detail about this directory in the section on networking.

There are typically many more directories under /usr/lib. Most are related to user programs and operations. We’ll get to some of them as we move along.

The directory /usr/X11R6 contains all the X Windows System files. This makes upgrading to newer releases of X much easier as the files are not spread out over the entire system. If you have an older version of Linux, you might still have X11R5 or if a newer release comes out you might have X11R7. To simplify things even further, the directory /usr/X11 is what many things look at instead. This is then linked to the appropriate directory (i.e., /usr/X11R6, /usr/X11R5).

Underneath this directory are the subdirectories bin, lib, and man, which have the same functionality as those under /usr. In most cases, links in other directories point here. For example, you should have a directory /usr/bin/X11. This is a symbolic link to the directory /usr/X11R6/bin. The directory /usr/lib/X11 is a symbolic link to /usr/X11R6/lib. The reason for this is to maintain the directory structure, but still make upgrading easy. When X11R7 comes out, all that you need to do is make the links point to the X11R7 directories and not copy the individual files.

Next, /usr/sbincontains more system binaries, including the daemon programs that run in the background. In some UNIX dialects, these files may be in /etc.

Moving back up to the /usr directory, we find the /usr/local sub-directory. This may or may not contain anything. In fact, there are no rules governing its contents. It is designed to contain programs, data files, and other information that is specific or even unique to your local system, hence the name. There is often a bin directory that contains local programs and a lib directory that contains data files or libraries used by the programs in /usr/local/bin.

Note that many packages that you compile and install from source code end up in the /usr/local by default. Although you can change this when you compile the package and it is not always the case, you need to be aware of it. The safest thing to say is that typically applications installed with the Linux distribution are not installed into /usr/local.

Also in the /usr directory you may find /usr/man. This is where the man-pages and their respective indices are kept. This directory contains the index files, which you can search through to find a command you are looking for. You can also create and store your own manual pages here. The /usr/info and /usr/doc directories contain GNU Info documents and other documentation files.

On newer distributions, the man-pages and doc files are typically located underneath /usr/share. The /usr/share contains files that are “shared” among multiple applications, hence the name.

The /usr/share/kbd directory contains files that are used to configure the system console keyboard. Through these files, you can configure your keyboard to accommodate one of several different languages. You can even configure it for dialects of the same language, such as the German keyboard as used in Switzerland or Germany. You can also change these files to create a totally new keyboard layout, such as the Dvorak. Note that it is possible that on older distributions you will find these files underneath /usr/lib/kbd.

The /usr/share/terminfo directory contains both the source files and compiled versions of the terminfo database. Terminfo is the mechanism by which the system can work with so many different types of terminals and know which key is being pressed. For more information, see the terminfo(5) man-page. On older distributions you will find these files underneath /usr/lib/terminfo. Some older program use the ther termcap (terminal capabilties) mechanism. The termcap configuration file is /etc/termcap

The /var directory contains files that vary as the system is running, such as log files. This was originally intended to be used when the /usr directory is shared across multiple systems. In such a case, you don’t want things like the mail or print spoolers to be shared.

Many system “lock” files are kept in /var/lock. These are used to indicate that one program or another is currently using a particular file or maybe even a device. If other programs are written to check in here first, you don’t have collisions.

As you might guess, the /var/log directory contains log files. The /var/run contains information that is valid until the system is rebooted. For example, the process ID of the inetd daemon can be found here. It is often important to know this information when changes are made to the system and storing them here makes them quickly accessible.

The /var/spool directory is the place where many different kinds of files are stored temporarily. The sub-directories serve as a kind of holding area for various applications and system daemons programs. The word “spool” is an acronym for simultaneous peripheral operation off-line, the process whereby jobs destined for some peripheral (printer, modem, etc.) are queued to be processed later. This may be a link to /usr/spool or on some older systems only the /usr/spool is used. The /usr/spool/lp directory not only contains print jobs as they are waiting to be printed, it also contains the configuration files for the printers.

The /var/yp directory contains the changing files that are used with the Network Information Service (NIS), also know as Yellow Pages, or YP.

As I mentioned before, the /usr/adm directory is often a link to /var/adm. There are several key log files stored here. Perhaps, the most important is the messages file that contains all the system service, kernel, and device driver messages. This is where the system typically logs messages from the syslogd daemon. Note that you can configured syslogd to write the messages to other places.

You will typically find that there are many different log files located in /var/log. If you are not sure where a particular process is logging information, then this is the place to look. In some cases, the log files are stored in sub-directories.

There were many directories that I skipped, as I said I would at the beginning of this section. Think about the comparison that I made to a tourist map. We visited all the museums, 200-year-old churches, and fancy restaurants, but I didn’t show you where the office of city planning was. Granted, such offices are necessary for a large city, but you really don’t care about them when you’re touring the city; just as there are certain directories and files that are not necessary to appreciate and understand the Linux directory structure.