It’s now easier than ever for AI to write your bash scripts or give you the exact command to restart a service. It’s now also easy to skip learning how the Linux file system actually works if you are new to the Linux CLI. But understanding where things live in a Linux system isn’t just old-school knowledge—it’s foundational. Whether you're troubleshooting, hardening a server, or simply navigating with confidence, knowing the file system hierarchy saves time, prevents mistakes, and gives you more control.
Let’s start with some common questions and misconceptions. If you are unsure about these, then definitely read on.
Common Questions or Misconceptions
Is /usr the same as /home?
No. /usr is for system-wide tools and libraries. /home is for personal user data.
Can I delete files in /tmp?
Yes, but the system usually handles this automatically. Just avoid deleting something that’s actively in use.
What happens if I mess with /etc?
This folder holds key system configs. Break something here and you might not be able to boot or log in.
Is /proc a real directory?
Not really. It’s a virtual filesystem generated by the kernel on the fly.
These kinds of questions all point back to a bigger concept: how the Linux file system is structured. To understand the answers, you need to understand where everything begins—at /.
What Is This? /
Linux follows the Filesystem Hierarchy Standard (FHS), a structured layout where everything starts at the root (or slash) directory /. From there, the system organizes everything into specific folders with clearly defined purposes—user files, system binaries, configurations, device files, and more.
Even though most Linux distributions (Ubuntu, Debian, RHEL, Arch, etc.) have their quirks, the file structure is largely the same thanks to this standard. It’s like learning a city map—you don’t need GPS if you know the landmarks.
Technical Breakdown
Here’s a simplified map of the most important directories you'll encounter:
/ – Root
This is the top of the filesystem tree. Every file and directory “branches out” from here.
Pro tip (or warning): You might’ve heard the infamous joke about running rm -rf /. That command recursively and forcefully deletes everything under the root directory. If it were allowed to run, your entire Linux system would disappear in a puff of digital smoke.
Thankfully, most modern distributions protect against this by default, requiring --no-preserve-root to even attempt it. Still—don’t be curious. Curiosity nukes the system.
/bin – Essential Binaries
Contains critical user commands like ls, cp, and mv—these work even in single-user (rescue) mode. Now often symlinked to /usr/bin on modern systems.
Note: You might see /bin listed as its own folder, but on many systems today it's just a shortcut (a symlink) to another folder like /usr/bin. This means the files aren’t really duplicated they just appear in both places, which helps keep things organized without breaking older tools that still look for /bin.
/boot – Boot Files
Includes the Linux kernel and bootloader (like GRUB). If this gets corrupted, your system won’t boot.
/dev – Device Files
Every hardware device (like your disk, USB drive, or even /dev/null) is represented as a file here.
/etc – Configuration Files
System-wide configuration lives here: think /etc/passwd, /etc/fstab, and init configs.
/home – User Directories
Each user has a folder here (e.g., /home/kathy) with their files, downloads, and personal configs. When you log into Linux, this is usually where you start. You'll often see it represented as ~ (tilde), which is a shortcut to your own home directory, no matter what your username is. Think of this as the You Are Here point on your Linux file system map.
/lib, /lib64 – Shared Libraries
Like .dll files on Windows, these are required by executables in /bin and /sbin.
/media, /mnt – Mounted Devices
External drives (USB, CD-ROM, network shares) and manual mount points live here.
/opt – Optional Software
Third-party or add-on software not installed via your system package manager typically goes here. This one is also now often merged into /usr/lib on modern systems.
/proc, /sys – Kernel Interfaces
These are virtual filesystems that expose real-time system and kernel info (like /proc/cpuinfo). You don’t edit these, but you can read from them.
/root – Root User’s Home
This is not the same as /. It’s the home directory of the root (superuser) account.
/run – Runtime Data
Temporary system info like process IDs or service state is stored here during boot/runtime.
/sbin – System Binaries
Critical tools for system management—commands like iptables or fsck. You will also see this symlinked to /usr/sbin.
/srv – Service Data
Used by services and site specific data like web or FTP servers to store or serve data.
/tmp – Temporary Files
Short-lived files. It’s safe to delete things here (but the system usually cleans it up for you).
/usr – User Programs and Resources
Despite the name, /usr does not mean your stuff. That’s what /home is for.
Instead, /usr is home to system-wide userland resources—binaries, libraries, docs, and tools that aren’t essential to boot but are critical for daily use.
Originally, /usr was used for user-installed software, separated from the base system. Over time, it became a place for shared system resources and retained its structure for backward compatibility. Today, it’s essential to the OS itself.
/var – Variable Data
Logs, mail queues, and frequently changing data live here. For example, check /var/log/syslog when troubleshooting.
Real-World Examples / Use Cases
- Logs? → /var/log (e.g., journalctl or /var/log/syslog).
- Hardware details? → /proc/cpuinfo, /proc/meminfo.
- Installed software? → Check /usr/bin (system packages) vs /opt or /usr/local (manual installs).
- Backups? → Skip /dev, /proc, /sys, /run since they're virtual or temporary. These directories are runtime illusions, not real data.
- Debugging permissions? → Check /etc/passwd and /etc/group.
Sure, AI can serve up commands like a server at a Michelin-starred restaurant. But even the best ones spill the soup or mix up the order—more often than you'd think. And when that happens, you’ll wish you knew where things live and why. And no, you probably shouldn’t go yelling at the kitchen if your Steak au Poivre is underdone. Even if the kitchen is a cluster of GPU nodes…
The Linux file system is logical, structured, and incredibly powerful once you understand the purpose behind each directory. You don’t need to memorize it all—but getting comfortable with the layout makes you faster, more effective, and less frustrated when troubleshooting. And when you need a hand finding something, a few simple commands can help you track down tools and files quickly so you can spend less time hunting and more time getting things done. Or hunting for more interesting things.
which
When used in the screenshot below, this shows the full path to the python3 command. The which command is a quick way to find out where a tool lives on your system. It only works if the tool is in your system’s $PATH.
find
This next example uses find to search the entire system for any files or folders with impacket in the name. The * wildcard means anything before or after this word, so *impacket* will match anything that includes it. The 2>/dev/null part hides permission errors from protected directories, keeping your results clean and easy to read. This is especially helpful when you're not sure where something was installed or what the full name might be.
Learn the map. Then let the tools help you navigate it even better.
Want to go deeper?
Whether you're just getting started with IT or sharpening your command-line skills, we offer a wide range of Training designed to build real-world confidence. And as you advance, our team also provides services including Penetration Testing, Vulnerability Management, and Threat Exposure Management, just to name a few.