Essential Linux system files

Directories details

/                        # root directory                                                                   
├── bin -> /usr/bin      # executables for common programs (system, administrator, users)                   
├── boot                 # system startup files (boot loader, kernel, config, initial RAM )                 
├── dev                  # contains references to all the CPU peripheral hardware                           
│                        # --> those are represented as files with special properties.                      
├── etc                  # most important system configuration files                                        
│                        # --> this directory contains data similar to those in the Control Panel in Windows
├── home                 # users home directories                                                           
├── lib -> /usr/lib      # library files for system and users programs                                      
├── lost+found           # stores data recovered during failures                                            
├── media                # stores mount points for cdrom, usb, etc ...                       
├── mnt                  # stores mount points for external devices                                         
├── opt                  # third party software                                         
├── proc                 # stores process information pseudo-filesystem (see man page for details)          
│                        # --> kernel data structures accessors                                             
│                        # --> info on system state and  hardware (cpu, memory, partitions, swap, etc...)   
├── root                 # root user home directory                                                         
├── run                  # /var/run -> /run symlink target, wiped out on reboot                             
├── sbin -> /usr/sbin    # executables for common programs (system, administrator, users)   
├── sys                  # modern sysfs based alternative to procfs (see /proc) 
├── tmp                  # temp system files, wiped out on reboot                                           
├── usr                  # all user related programs                                                        
└── var                  # all temporary files created by users

Note : explanations on procfs vs sysfs can be found here

System files details

✔️ Boot loader (the uname -r prints the current kernel release version + architecture) :

path	description
`/boot/efi`	EFI partition mountpoint
`/boot/efi/EFI/debian/grub<arch>.efi`	GRUB boot loader executable
`/boot/efi/EFI/debian/grub.cfg`	GRUB config, points to `/boot/grub/grub.cfg`
`/boot/grub/grub.cfg`	GRUB UEFI menu configuration file
`/boot/grub/<arch>-efi/.`	GRUB modules
`/boot/vmlinuz-$(uname -r)`	system kernel image
`/boot/config-$(uname -r)`	system kernel config file
`/boot/initrd.img-$(uname -r)`	initial ramdisk image (initrd or initramfs: initial ram filesystem)
`/boot/System.map-$(uname -r)`	kernel symbol table (resolves symbol names to memory addresses)
`/etc/default/grub`	GRUB default options
`/etc/grub.d`	GRUB menu templates (header, theme, etc ...)

✔️ Kernel :

path	description
`/proc/sys/.`	kernel variables storage
`/proc/loadavg`	average system load
`/proc/filesystems`	kernel supported file systems
`/lib/modules/$(uname -r)/kernel/fs`	kernel supported file systems (exhaustive)
`/etc/sysctl.conf`	kernel variables default values
`/etc/sysctl.d/.`	additional kernel variables
`/etc/modules`	kernel modules to load at boot time (initially empty)

✔️ Devices :

path	description
`/dev/disk/.`	links from storage devices to partitions (by id, partuuid, path, uuid)
`/dev/block/.`	links from block devices to partitions (major/minor numbers)
`/dev/tty*`	native terminals
`/dev/pts/.`	emulated terminals (ssh, etc)
`/dev/null`	writes are discarded, reads return `EOF`
`/dev/zero`	writes are discarded, reads return zero-value ASCII characters
`/dev/full`	writes produces `ENOSPC` ("disk full"), reads return zero-value ASCII characters
`/dev/random`	random bytes from the kernel secure pseudorandom number generator
`/dev/std*`	standard streams for current process
`/dev/fd/.`	file descriptors for current process

✔️ File systems :

path	description
`/proc/partitions`	system partitions list
`/etc/mke2fs.conf`	default options for new file systems
`/etc/fstab`	static list of partitions to mount in the file system at startup
`/etc/crypttab`	static list of encrypted volumes to mount in the file system at startup

✔️ Systemd :

path	description
`/lib/systemd/system`	default configuration units
`/etc/systemd/system`	administrator configuration units (emulate runlevels)
`/run/systemd/system`	dynamically generated configuration units (EMPTY)
`/etc/systemd/system/default.target`	symlink to default system target unit in /lib/systemd/system

✔️ Services :

path	description
`/etc/services`	accepted connections by network service (service name / protocol / port number)
`/etc/ssh`	host public/private keys + SSH client and server config
`/etc/pam.d/.`	configuration files of authentication modules

✔️ Shells :

path	description
`/bin/bash`	default shell, use for shebang and users creation
`/bin/sh -> /bin/dash`	lightweight shell, no history available, no nothing
`/etc/shells`	list of valid login shells for the system
`/etc/profile`	system-wide `.profile` file for bash
`/etc/bash.bashrc`	system-wide `.bashrc` file for bash
`/etc/login.defs`	login configuration options ()
	--> retries, timeouts, events logs, default commands options ...

✔️ Networking :

path	description
`/etc/hosts`	list of machines to be contacted over the network without using DNS
`/etc/hostname`	static hostname (used to initialize the kernel at boot)
`/etc/nsswitch.conf`	sequential order of names resolvers to contact when process need host name resolution

✔️ Log files (rsyslogd) :

path	description
`/var/log/kern.log`	kernel startup logs
`/var/log/auth.log`	users sessions history logs
`/var/log/daemon.log`	services activity logs
`/var/log/syslog`	system startup logs
`/etc/logrotate.conf`	configuration of logs rotation (limiting amount of logs)

✔️ Log files (journald) :

path	description
`/var/log/journal/.../system*`	system activity logs (binary data)
`/var/log/journal/.../user-<id>*`	user activity logs (binary data)

✔️ Users management :

path	description
`/var/run/utmp`	list of connected users
`/etc/default/useradd`	default values for `useradd`
`/etc/passwd`	list of users, edit with `useradd`, `usermod`, `userdel` only
`/etc/shadow`	shadowed password files for users
`/etc/skel/.`	default config files for new users
`/etc/adduser.conf`	default values for `adduser`
`/etc/deluser.conf`	default values for `deluser`

✔️ Groups management :

path	description
`/etc/group`	list of groups, edit with `groupadd`, `groupmod`, `groupdel` only
`/etc/gshadow`	shadowed passwords files for groups

✔️ Sudo access control :

path	description
`/etc/sudoers`	use `visudo` to edit this file
`/etc/sudo.conf`	`sudo` front end options, missing ?

✔️ System-wide crontab (with username) :

path	description
`/etc/cron.d/.`	crontabs with unusual scheduling
`/etc/crontab`	system crontab, schedules execution of hourly, daily, etc... jobs
`/etc/cron.hourly`	jobs to execute every hour
`/etc/cron.daily`	jobs to execute every day
`/etc/cron.weekly`	jobs to execute every week
`/etc/cron.monthly`	jobs to execute every month

✔️ User crontabs (no username) :

path	description
`/var/spool/cron/crontabs/.`	user crontab files, edit using the `crontab` command

✔️ Aptitude files :

path	description
`/etc/apt/sources.list`	default `apt` data sources, formatted
`/etc/apt/sources.list.d/.`	additional `apt` data sources, see `man sources.list`
`/var/log/dpkg.log`	logging of `dpkg` status messages

✔️ Alternatives files :

path	description
`/etc/alternatives/.`	directory containing all the symlinks for alternatives
`/etc/apt/sources.list.d/.`	directory containing alternatives description files

✔️ Vim files :

path	description
`$HOME/.vimrc`	...
`$HOME/.vim/colors/dante.vim`	...

✔️ User files :

path	description
`$HOME/.profile`	executed by bash for login shells
`$HOME/.bashrc`	executed by bash for non-login shells
`$HOME/.bash_profile`
`$HOME/.bash_login`

✔️ System installation logs :

path	description
`/var/log/installer/lsb-release`	logs installer version
`/var/log/installer/hardware-summary`	logs detected hardware
`/var/log/installer/syslog`	logs installer messages
`/var/log/installer/status`	logs packages installed during installation
`/var/log/installer/partman`	logs initial system partitioning

✔️ Miscellaneous :

path	description
`/usr/share/dict/american-english`	list of 102401 known words (dictionary)
`/var/spool/mail/.`	local users mail boxes (plain text files)
`/var/cache/locate/locatedb`	default locate database