Linux File System Structure and FHS Cheat Sheet

Updated 2026-05-20

Next Topic: Linux Package Management Cheat Sheet

The Filesystem Hierarchy Standard (FHS), maintained by the Linux Foundation, defines the directory tree used by Linux and most Unix-like operating systems — making it possible to write software, scripts, and tools that work consistently across distributions. Understanding this hierarchy is foundational to system administration, debugging, and security: when something goes wrong on a Linux system, knowing exactly where logs live, where binaries are found, and how virtual filesystems expose kernel state can mean the difference between a quick fix and hours of confusion. A key mental model: the Linux filesystem is a single tree rooted at /, and every device, network share, or virtual interface is mounted as a subtree within it — nothing is outside the tree.

What This Cheat Sheet Covers

This topic spans 15 focused tables and 141 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Root Filesystem Top-Level DirectoriesTable 2: The /usr HierarchyTable 3: The /var HierarchyTable 4: The /etc Configuration DirectoryTable 5: Inodes and LinksTable 6: The /proc Virtual FilesystemTable 7: The /dev Device FilesTable 8: The /sys Sysfs Virtual FilesystemTable 9: File Permissions and Special BitsTable 10: Linux File TypesTable 11: /boot Directory ContentsTable 12: Shared Libraries and the Dynamic LinkerTable 13: Filesystem Types on LinuxTable 14: Linux Namespaces and cgroups (Container Building Blocks)Table 15: Extended Attributes and the usrmerge Transition

Table 1: Root Filesystem Top-Level Directories

The root directory / is the anchor point for every path on a Linux system. Each immediate child of / has a carefully defined role under FHS 3.0, and understanding what belongs where prevents both misconfiguration and unnecessary confusion when navigating an unfamiliar machine.

Directory	Example	Description
/bin	`/bin/ls`, `/bin/bash`	Essential user command binaries needed in single-user mode and before `/usr` is mounted; on modern distros a symlink to `/usr/bin` via usrmerge.
/etc	`/etc/passwd`, `/etc/fstab`	Host-specific system configuration files; must be static text — no binaries; the central nerve centre for system behaviour.
/var	`/var/log/syslog`, `/var/spool/mail`	Variable data that changes during normal operation: logs, spools, caches, and runtime state.
/usr	`/usr/bin/python3`, `/usr/lib/`	Shareable, read-only user data; the second major section; contains the bulk of installed programs and libraries.
/home	`/home/alice/.bashrc`	User home directories; each user's personal data, configuration dotfiles, and settings live here.
/tmp	`mktemp /tmp/tmpXXXXXX`	Temporary files; deleted on reboot (often tmpfs); writable by all users; sticky bit set so users cannot delete each other's files.
/dev	`/dev/sda`, `/dev/null`	Device files — character and block devices; managed at runtime by udev on devtmpfs.
/proc	`/proc/cpuinfo`, `/proc/1234/`	Virtual filesystem (procfs) exposing kernel data structures and per-process information; nothing is stored on disk.
/sys	`/sys/class/net/eth0/`	sysfs virtual filesystem exporting the kernel device model; organised by buses, classes, and devices; mounted on `/sys`.
/run	`/run/sshd.pid`, `/run/docker.sock`	Runtime variable data (tmpfs); PID files, Unix sockets, and lock files valid only for the current boot — lost on reboot.

Table 1: Root Filesystem Top-Level Directories

Directory	Example	Description
/bin	`/bin/ls`, `/bin/bash`	Essential user command binaries needed in single-user mode and before `/usr` is mounted; on modern distros a symlink to `/usr/bin` via usrmerge.
/etc	`/etc/passwd`, `/etc/fstab`	Host-specific system configuration files; must be static text — no binaries; the central nerve centre for system behaviour.
/var	`/var/log/syslog`, `/var/spool/mail`	Variable data that changes during normal operation: logs, spools, caches, and runtime state.
/usr	`/usr/bin/python3`, `/usr/lib/`	Shareable, read-only user data; the second major section; contains the bulk of installed programs and libraries.
/home	`/home/alice/.bashrc`	User home directories; each user's personal data, configuration dotfiles, and settings live here.
/tmp	`mktemp /tmp/tmpXXXXXX`	Temporary files; deleted on reboot (often tmpfs); writable by all users; sticky bit set so users cannot delete each other's files.
/dev	`/dev/sda`, `/dev/null`	Device files — character and block devices; managed at runtime by udev on devtmpfs.
/proc	`/proc/cpuinfo`, `/proc/1234/`	Virtual filesystem (procfs) exposing kernel data structures and per-process information; nothing is stored on disk.
/sys	`/sys/class/net/eth0/`	sysfs virtual filesystem exporting the kernel device model; organised by buses, classes, and devices; mounted on `/sys`.
/run	`/run/sshd.pid`, `/run/docker.sock`	Runtime variable data (tmpfs); PID files, Unix sockets, and lock files valid only for the current boot — lost on reboot.