The Filesystem Hierarchal Standard

by Ostatic Staff - Nov. 01, 2010

If you open nautilus and browse to the root filesystem, you’ll see something that looks like the image to the left.

This is the default layout of the filesystem in Ubuntu 10.10, and is a peek into the ancient (by computer science standards) history and genealogy of Linux. The directories listed above are holdouts from one of the oldest standards, the Filesystem Hierarchal Standard, FHS. FHS is the system that defines what belongs where. Here’s a quick rundown of the default Ubuntu filesystem:

/ - This is the root filesystem, where everything else is mounted to.

/bin - “bin” stands for binary. This is where user accessible binaries like ksh or grep are meant to live.

/boot - The files required to boot the system

/dev - Stands for devices, this special directory is not to be trifled with.

/etc - Short for “etcetera”, /etc is where you find all of your system configuration files.

/home - Where the heart is! /home is where all of the users personal files go, inside a directory with your username. For example, mine is in /home/jonbuys.

/lib - Shared libraries and kernel modules.

/lost+found - Hard drives can be fragile things, and from time to time files might become corrupted. If Linux encounters a problem and needs to run fsck, the file system check, it will place any files that it finds, but cannot fully recover, into the lost+found directory. This directory is special, and each sub-directory under root has one of these directories. If you’ve had any hard drive or filesystem related problems, it’s a good idea to check in this directory for lost files.

/media - Often mistaken for the next directory, /media is meant for removable disks like CD-ROMs and USB drives.

/mnt - Intended to be used for more permanent mounts than /media. For example, an nfs mount that is required for a server would most likely have a subdirectory under /mnt, like /mnt/nfs.

/opt - Short for “optional”, /opt is meant for third-party applications that don’t really fit in anywhere else. IBM puts a lot of their software in /opt.

/proc - Another special filesystem, this one resides entirely in memory, and is used by the kernel for storage of information. There are lots of interesting files to look at, and I strongly encourage anyone curious about the internal workings of Linux to spend some time looking through the different bits of information represented here. Many command line apps get their information from reading /proc first. cat /proc/cpuinfo is a good place to start.

/root - The home directory for the root user.

/sbin - System binaries that should not be accessible by normal users. These binaries have the ability to change system configuration, and so most of them are restricted.

/selinux - Yet another special filesystem, this one deals entirely with security associated with SELinux. Very similar in function to /proc, /selinux is what is called a “pseudo-filesystem”, meaning that it exists only in memory, and is not intended to be interacted with by the users.

/srv - If you are running a server of any kind, the files associated with what you are serving up are meant to be located in this directory. Strangely, on Ubuntu this directory is empty.

/sys - Yet another filesystem not meant for mortal eyes. /sys presents a kernel-eye-view of the computer, and is another pseudo-filesystem. Interestingly, /sys and /selinux are not part of the official FHS.

/tmp - Temporary files used by programs or processes. /tmp is the only filesystem that is world-writeable, with permissions set to 777. [edit: Permissions on /tmp are actually 1777, with the sticky bit set so only the creator of the file, root, can delete the file, but anyone can write to it.  Thanks to Sam in the comments for pointing this out.]

/usr - According to the FHS, /usr “is shareable, read-only data.” /usr partly replicates the root filesystem, including it’s own bin, lib, and sbin directories, along with a few others. Most third-party utilities will be installed to /usr. For example, launching Firefox from the command line resolves to /usr/bin/firefox.

/var - The “var” stands for variable, and this directory is meant to store rapidly changing data. /var/log for example stores system logs, /var/spool is for data that is waiting on further processing. /var and /usr were once the same filesystem, but were separated so /usr could be mounted read-only, and therefore shared between systems.

If you deal at all with Linux as an administrator, it’s important to have a good understanding of the intended use of each directory. I once worked with a sysadmin, (well, someone who held the title of sysadmin anyway), who stored all of her firewall logs in /var/spool, instead of A) zipping them up and keeping them in /var/log, or B) copying the pertinent parts over to her home directory for further study. This sysadmin’s misunderstanding of the FHS led to the rest of us wondering where the old logs were when we went to look something up!