Essential Linux system files
The whos who of files in a linux system

List of system files and directories
- Root directory details
- Boot loader
- Kernel
- Devices
- File systems
systemd
- Services
- Shells
- Networking
- Log files (
rsyslogd
)
- Log files (
journald
)
- Users management
- Groups management
- Sudo access control
- System-wide crontab (with username)
- User crontabs (no username)
- Aptitude files
- Alternatives files
- Vim files
- User files
- System installation logs
- Miscellaneous
/ # file system root
├── bin -> /usr/bin # binaries for common programs (system, administrator, users)
├── boot # startup files (boot loader, kernel, config, initial RAM )
├── dev # system device files (represent CPU peripheral hardware)
├── etc # system configuration files (similar to windows control panel)
├── home # users home directories
├── lib -> /usr/lib # libraries for common programs
├── lost+found # data recovered during failures
├── media # mount points for cdrom, usb, etc
├── mnt # mount points for external devices
├── opt # third party software
├── proc # process information pseudo-filesystem (see man page for details)
│ # - kernel data structures accessors
│ # - info on system state and hardware (cpu, memory, partitions, swap, etc)
├── root # root user home directory
├── run # /var/run -> /run symlink target, wiped out on reboot
├── sbin -> /usr/sbin # binaries for common programs (system, administrator, users)
├── sys # modern sysfs based alternative to procfs (see /proc)
├── tmp # temp system files, wiped out on reboot
├── usr # user related programs
└── var # temporary files created by users
Note : explanations on procfs vs sysfs can be found here.
-
uname -r
prints the current kernel version and architecture.
-
<arch>
is x64
for 64-bit systems.
path |
dir |
description |
/boot/efi |
X |
EFI partition mountpoint |
/boot/efi/EFI/debian/grub<arch>.efi |
|
GRUB boot loader executable |
/boot/efi/EFI/debian/grub.cfg |
|
GRUB config, points to /boot/grub/grub.cfg
|
/boot/grub/grub.cfg |
|
GRUB UEFI menu configuration file |
/boot/grub/<arch>-efi/. |
X |
GRUB modules |
/boot/vmlinuz-$(uname -r) |
|
System kernel image |
/boot/config-$(uname -r) |
|
System kernel config file |
/boot/initrd.img-$(uname -r) |
|
Initial ramdisk image (initramfs : initial ram filesystem) |
/boot/System.map-$(uname -r) |
|
Kernel symbol table, resolves symbol names to memory addresses |
/etc/default/grub |
|
GRUB default options |
/etc/grub.d/. |
X |
GRUB menu templates (header, theme, etc ...) |
path |
dir |
description |
/proc/sys/. |
X |
Kernel variables storage |
/proc/loadavg |
|
Average system load |
/proc/filesystems |
|
Kernel supported file systems |
/lib/modules/$(uname -r)/kernel/fs/. |
X |
Kernel supported file systems (exhaustive) |
/etc/sysctl.conf |
|
Kernel variables default values |
/etc/sysctl.d/. |
X |
Additional kernel variables |
/etc/modules |
|
Kernel modules to load at boot time (initially empty) |
path |
dir |
description |
/dev/disk/. |
X |
Links from storage devices to partitions (by id, partuuid, path, uuid) |
/dev/block/. |
X |
Links from block devices to partitions (major/minor numbers) |
/dev/tty* |
|
Native terminals |
/dev/pts/. |
X |
Pseudo terminals (ssh, etc) |
/dev/null |
|
Writes are discarded, reads return EOF
|
/dev/zero |
|
Writes are discarded, reads return zero-value ASCII characters |
/dev/full |
|
Writes produces ENOSPC ("disk full"), reads return zero-value ASCII characters |
/dev/random |
|
Random bytes from the kernel secure pseudorandom number generator
|
/dev/std* |
|
Standard streams for current process |
/dev/fd/. |
X |
File descriptors for current process |
path |
dir |
description |
/proc/partitions |
|
System partitions list |
/etc/mke2fs.conf |
|
Default options for new file systems |
/etc/fstab |
|
Static list of partitions to mount in the file system at startup |
/etc/crypttab |
|
Static list of encrypted volumes to mount in the file system at startup |
path |
dir |
description |
/lib/systemd/system/. |
X |
Default configuration units |
/etc/systemd/system/. |
X |
Administrator configuration units (emulate runlevels) |
/run/systemd/system/. |
X |
Dynamically generated configuration units (EMPTY) |
/etc/systemd/system/default.target |
|
Symlink to default system target unit in /lib/systemd/system |
path |
dir |
description |
/etc/services |
|
Accepted connections by network service (service name / protocol / port number) |
/etc/ssh/. |
X |
Host public / private keys + SSH client and server config |
/etc/pam.d/. |
X |
Configuration files of authentication modules |
path |
dir |
description |
/bin/bash |
|
Default shell, use for shebang and users creation |
/bin/sh -> /bin/dash |
|
Lightweight shell, no history available, no nothing |
/etc/shells |
|
List of valid login shells for the system |
/etc/profile |
|
System-wide .profile file for bash |
/etc/bash.bashrc |
|
System-wide .bashrc file for bash |
/etc/login.defs |
|
Login configuration options |
|
|
--> retries, timeouts, events logs, default commands options ... |
path |
dir |
description |
/etc/resolv.conf |
|
DNS configuration file: local domain + name servers |
/etc/host.conf |
|
Name resolver configuration file |
/etc/hosts |
|
List of machines to be contacted over the network without using DNS |
/etc/hostname |
|
Static hostname (used to initialize the kernel at boot) |
/etc/nsswitch.conf |
|
Sequential order of names resolvers to contact when process need host name resolution |
/etc/protocols |
|
Supported internet protocols |
/etc/networks |
|
IP networks name to addresses mappings |
path |
dir |
description |
/var/log/kern.log |
|
Kernel startup logs |
/var/log/auth.log |
|
Users sessions history logs |
/var/log/daemon.log |
|
Services activity logs |
/var/log/syslog |
|
System startup logs |
/etc/logrotate.conf |
|
Configuration of logs rotation (limiting amount of logs) |
path |
dir |
description |
/var/log/journal/.../system* |
|
System activity logs (binary data) |
/var/log/journal/.../user-<id>* |
|
User activity logs (binary data) |
path |
dir |
description |
/var/run/utmp |
|
List of connected users |
/etc/default/useradd |
|
Default values for useradd
|
/etc/passwd |
|
List of users, edit with useradd , usermod , userdel only |
/etc/shadow |
|
Shadowed password files for users |
/etc/skel/. |
X |
Default config files for new users |
/etc/adduser.conf |
|
Default values for adduser
|
/etc/deluser.conf |
|
Default values for deluser
|
path |
dir |
description |
/etc/group |
|
List of groups, edit with groupadd , groupmod , groupdel only |
/etc/gshadow |
|
Shadowed passwords files for groups |
path |
dir |
description |
/etc/sudoers |
|
Use visudo to edit this file |
/etc/sudo.conf |
|
sudo front end options |
System-wide crontab (with username)
path |
dir |
description |
/etc/cron.d/. |
X |
Crontabs with unusual scheduling |
/etc/crontab |
|
System crontab, schedules execution of hourly, daily, etc... jobs |
/etc/cron.hourly |
X |
Jobs to execute every hour |
/etc/cron.daily |
X |
Jobs to execute every day |
/etc/cron.weekly |
X |
Jobs to execute every week |
/etc/cron.monthly |
X |
Jobs to execute every month |
User crontabs (no username)
path |
dir |
description |
/var/spool/cron/crontabs/. |
X |
User crontab files, edit using the crontab command |
path |
dir |
description |
/etc/apt/sources.list |
|
Default apt data sources, formatted |
/etc/apt/sources.list.d/. |
X |
Additional apt data sources, see man sources.list
|
/etc/apt/keyrings |
X |
PGP public keys for downloaded packages authentication |
/usr/share/keyrings |
X |
Alternative location for PGP public keys |
/var/log/dpkg.log |
|
Logging of dpkg status messages |
path |
dir |
description |
/etc/alternatives/. |
X |
Directory containing all the symlinks for alternatives |
/etc/apt/sources.list.d/. |
X |
Directory containing alternatives description files |
path |
dir |
description |
$HOME/.vimrc |
|
... |
$HOME/.vim/colors/dante.vim |
|
... |
path |
dir |
description |
$HOME/.profile |
|
Executed by bash for login shells |
$HOME/.bashrc |
|
Executed by bash for non-login shells |
$HOME/.bash_profile |
|
|
$HOME/.bash_login |
|
|
path |
dir |
description |
/var/log/installer/lsb-release |
|
Logs installer version |
/var/log/installer/hardware-summary |
|
Logs detected hardware |
/var/log/installer/syslog |
|
Logs installer messages |
/var/log/installer/status |
|
Logs packages installed during installation |
/var/log/installer/partman |
|
Logs initial system partitioning |
path |
dir |
description |
/usr/share/dict/american-english |
|
List of 102401 known words (dictionary) |
/var/spool/mail/. |
X |
Local users mail boxes (plain text files) |
/var/cache/locate/locatedb |
|
Default locate database |