This chapter covers the Linux File System Structure, a core topic for the CompTIA A+ 220-1102 exam under Domain 1.0: Operating Systems, Objective 1.6. Understanding the Linux directory hierarchy is essential for navigating, managing files, and troubleshooting Linux systems. Approximately 5-8% of exam questions touch on Linux file system structure, focusing on the purpose of key directories, file permissions, and absolute vs. relative paths. Mastering this topic will help you answer scenario-based questions about locating configuration files, logs, user data, and system binaries.
Jump to a section
Imagine a city with a single central square (the root directory, /). All roads and buildings start from this square. The city is divided into districts: residential (home), commercial (usr), administrative (etc), temporary construction sites (tmp), and utilities (var). Each district has its own purpose and rules. For example, the residential district (home) contains homes for each resident (user), and only the resident or the city mayor (root) can modify their home. The administrative district (etc) holds city-wide configuration files like zoning laws and tax rates; only the mayor can change these. The utilities district (var) contains variable data like logs of city events and print spools. The temporary construction sites (tmp) are for anyone to use, but everything is cleaned up periodically. The city also has special areas like a virtual filesystem (sys) that shows real-time city sensor data, and another (proc) that shows the state of every ongoing city project (process) in real time. The city is built on a single hard drive partition, but the city planner can mount additional drives (like external storage) onto empty lots anywhere in the city, making them appear as part of the city structure. This hierarchical, single-root tree is the Linux Filesystem Hierarchy Standard (FHS).
What is the Linux File System Structure?
The Linux file system is a hierarchical, tree-like structure starting from a single root directory, represented by a forward slash (/). Unlike Windows which uses drive letters (C:, D:), Linux treats everything as a file — including devices, processes, and directories. The Filesystem Hierarchy Standard (FHS) defines the purpose and layout of directories to ensure consistency across different Linux distributions. The 220-1102 exam expects you to know the key directories and their contents.
The Root Directory (/)
The root directory is the top of the hierarchy. All other directories and files are descendants of /. Only the root user (superuser) has write access to most directories directly under /, except /tmp and /home (where users have their own space). The root directory itself contains essential system directories and is typically on the same partition as the operating system.
Key Directories Under /
/bin – Essential user command binaries. Contains executable programs needed for booting and repairing the system, such as ls, cp, mv, cat. These commands are available to all users. In modern distributions, /bin is often a symbolic link to /usr/bin.
/sbin – System binaries. Contains administrative commands needed for system maintenance, such as fdisk, mkfs, shutdown, ifconfig. Typically only root can execute these.
/etc – Configuration files. Contains system-wide configuration files for the operating system and applications. Examples: /etc/passwd (user accounts), /etc/fstab (filesystem mount table), /etc/hosts (hostname resolution). This directory should not contain binary executables.
/dev – Device files. Contains special files that represent hardware devices (e.g., /dev/sda for first hard disk, /dev/ttyUSB0 for USB serial port). These are used by the kernel to interact with hardware.
/proc – Process information pseudo-filesystem. A virtual filesystem that provides kernel and process information in real-time. Files like /proc/cpuinfo (CPU info), /proc/meminfo (memory info), and numbered directories for each running process (e.g., /proc/1234). Most files are 0 bytes but contain dynamic data when read.
/sys – Sysfs virtual filesystem. Similar to /proc but focuses on hardware devices and kernel objects. Used for managing and querying hardware from user space.
/tmp – Temporary files. Used for temporary storage by applications and users. Often cleared on reboot. Permissions allow all users to write, but users can only delete their own files (sticky bit set).
/var – Variable data. Contains files that change in size and content during normal operation: logs (/var/log), spools (/var/spool for print jobs), temporary files (/var/tmp), and databases (/var/lib).
/home – User home directories. Each regular user gets a subdirectory here (e.g., /home/john). Users have full control over their home directory. The root user's home is typically /root, not under /home.
/root – Home directory for the root user. Not under /home to allow access during boot when /home may not be mounted.
/usr – User system resources. Contains user utilities, applications, libraries, documentation, and source code. Subdirectories include /usr/bin (user commands), /usr/lib (libraries), /usr/share (architecture-independent data), /usr/local (locally installed software).
/opt – Optional add-on software. Used for third-party commercial software packages. Each package typically gets its own subdirectory (e.g., /opt/google/chrome).
/srv – Service data. Contains site-specific data for services like web servers (/srv/www), FTP, etc. Not used by all distributions.
/media – Mount point for removable media. Used by the system to automatically mount devices like USB drives, CDs, and DVDs (e.g., /media/usb).
/mnt – Mount point for temporary filesystems. Traditionally used by administrators to manually mount filesystems temporarily.
/run – Runtime variable data. Contains information about the running system since last boot, such as PID files and sockets. Often a tmpfs (in-memory filesystem).
/lost+found – Recovered files. Each filesystem has this directory at its root; it stores files recovered by fsck after a crash or corruption.
File Permissions and Ownership
Linux uses a permission model with three categories: owner (user), group, and others. Each file or directory has read (r), write (w), and execute (x) permissions for each category. Permissions are displayed using ls -l:
-rwxr-xr-- 1 user group 1234 Jan 1 12:34 file.txtThe first character indicates type (- for file, d for directory, l for symlink). The next nine characters are three groups of three: owner, group, others. For directories, execute permission means the ability to enter the directory (traverse).
Numeric (octal) representation: r=4, w=2, x=1. So rwx = 7, r-x = 5, r-- = 4. Common permissions: 755 (rwxr-xr-x) for executables, 644 (rw-r--r--) for files, 700 (rwx------) for private directories.
Commands: chmod changes permissions, chown changes owner, chgrp changes group. Examples:
chmod 755 script.sh
chown john:developers file.txt
chgrp admin config.cfgAbsolute vs. Relative Paths
An absolute path starts from root (/), e.g., /home/john/docs/report.pdf. A relative path is relative to the current working directory, e.g., docs/report.pdf if in /home/john. Use . for current directory and .. for parent directory.
Special Files and Links
Symbolic links (symlinks): Pointers to another file or directory. Created with ln -s target link_name. If the target is deleted, the symlink becomes broken (dangling).
Hard links: Multiple directory entries pointing to the same inode (data block). Cannot span filesystems or directories. Created with ln target link_name. Deleting one hard link does not remove data until all links are deleted.
Device files: Block devices (e.g., /dev/sda) and character devices (e.g., /dev/tty). Major and minor numbers identify the driver and device.
Named pipes (FIFOs): Special files for inter-process communication.
Sockets: Used for network communication or local IPC (e.g., /var/run/docker.sock).
Filesystem Hierarchy Standard (FHS) Compliance
Most Linux distributions follow FHS version 3.0. The exam may test your knowledge of which directory contains what. Key rules:
- /bin and /sbin are essential for booting; /usr/bin and /usr/sbin are for non-essential commands.
- /etc contains configuration files, not binaries.
- /var contains variable data that persists across reboots (logs, databases).
- /tmp is cleared at boot; /var/tmp persists across reboots but may be cleaned by systemd.
- /home is for user data; /root is for root's data.
- /opt is for third-party software; /usr/local is for locally compiled software.
Commands for Navigating and Managing Files
pwd – Print working directory.
cd – Change directory. cd /path, cd .., cd ~ (home).
ls – List directory contents. Options: -l (long), -a (all, including hidden), -h (human-readable).
cp – Copy files/directories: cp source dest, cp -r dir1 dir2 (recursive).
mv – Move/rename files.
rm – Remove files. rm -r for directories, rm -f to force. Be careful: no recycle bin.
mkdir – Create directory: mkdir newdir, mkdir -p path/to/dir (creates parent directories).
rmdir – Remove empty directory.
touch – Create empty file or update timestamp.
find – Search for files: find /home -name "*.txt".
grep – Search text: grep "error" /var/log/syslog.
which – Locate a command: which ls returns /bin/ls.
file – Determine file type: file document.pdf.
du – Estimate file space usage: du -sh /home.
df – Report filesystem disk space usage: df -h.
Mounting and Filesystems
Mounting attaches a filesystem to a directory (mount point). The mount command:
mount -t ext4 /dev/sda1 /mnt/dataPermanent mounts are defined in /etc/fstab. Each line contains: device, mount point, filesystem type, options, dump, pass. Example:
/dev/sda1 / ext4 defaults 0 1Common filesystem types: ext4, xfs, btrfs, ntfs, vfat (FAT32). The unmount command detaches: umount /mnt/data.
Disk Partitions and Layout
Partitions are created using fdisk, gdisk, or parted. A typical layout includes:
- /boot – Contains kernel and bootloader files (often ext2/3/4, 500MB-1GB).
- / – Root filesystem.
- /home – Separate partition for user data.
- Swap partition – Used as virtual memory.
Logical Volume Manager (LVM) allows flexible resizing and snapshots.
Exam Relevance
The 220-1102 exam tests your ability to:
Identify the purpose of specific directories (e.g., where are log files stored? /var/log).
Distinguish between absolute and relative paths.
Interpret file permissions from ls -l output.
Use basic file management commands.
Understand the role of /etc/fstab and mounting.
Recognize common filesystem types (ext4, NTFS, FAT32).
Boot and Mount Root Filesystem
When the Linux kernel starts, it mounts the root filesystem (/) from the specified partition (e.g., /dev/sda1). The kernel uses parameters from the bootloader (GRUB) or initramfs to locate the root device. The root filesystem must contain essential directories like /bin, /sbin, /etc, /dev, /proc, /sys, and /lib (or /usr/lib) for the system to continue booting. The init process (systemd or SysV init) then takes over.
Start init and Mount Additional Filesystems
The init process reads /etc/fstab to mount other filesystems (e.g., /home, /var, /tmp). Each line in fstab specifies the device, mount point, filesystem type, options, dump, and pass. The system mounts filesystems in order, ignoring entries with 'noauto' option. If a mount fails, the system may boot into emergency mode. After mounting, the system switches to the real root filesystem if an initramfs was used.
Initialize System Services and Logging
Systemd (or init) starts services defined in /etc/systemd/system or /etc/init.d. Services write logs to /var/log (e.g., syslog, messages, auth.log). The kernel ring buffer can be viewed with `dmesg`. The /proc and /sys filesystems are populated with kernel and hardware data. User login processes create entries in /var/log/wtmp and /var/log/lastlog.
User Login and Home Directory Access
When a user logs in, the system reads /etc/passwd to get the user's home directory and shell. The user's home directory (typically /home/username) is where personal files and configuration files (dotfiles) are stored. The user has full control over their home directory. Environment variables like $HOME, $PATH, and $SHELL are set. The shell starts in the home directory.
File Operations and Permission Checks
Every file access (read, write, execute) is checked against the file's permissions and the user's UID/GID. The kernel checks if the user is the owner, then checks group, then others. If permissions deny access, the operation fails with 'Permission denied'. The `umask` value determines default permissions for new files (e.g., umask 022 results in 755 for directories, 644 for files). Commands like `chmod`, `chown`, and `chgrp` modify permissions and ownership.
Shutdown and Unmount Filesystems
During shutdown, systemd stops services, unmounts all filesystems, and finally remounts the root filesystem as read-only. The `umount` command detaches a filesystem. If a filesystem is busy (files open), unmount fails; use `lsof` or `fuser` to find processes. The system then halts or reboots. Data in /tmp is typically cleared, but /var/tmp persists.
In enterprise environments, Linux file system structure is critical for system administration, security, and performance. Consider a web server running Apache on CentOS. The configuration files are in /etc/httpd, logs in /var/log/httpd, and document root in /var/www/html. Administrators must ensure that /var has enough space for logs (often on a separate partition to prevent log filling from crashing the OS). They use logrotate (configured in /etc/logrotate.conf) to compress and rotate logs. Permissions on /etc/httpd are typically 700 or 755 to prevent non-root users from modifying configurations.
Another scenario: A multi-user development server where each developer has a home directory under /home. The /opt directory contains proprietary software (e.g., Oracle database). The /usr/local directory holds locally compiled tools. Administrators set quotas on /home to limit disk usage per user. They use du and df to monitor space. If /tmp fills up, applications may crash; they might mount /tmp as tmpfs (in memory) to improve performance but risk data loss on reboot.
A third scenario: A cloud server instance with ephemeral storage. The root filesystem is on a small SSD, while /data is on a larger attached volume. The administrator edits /etc/fstab to mount the volume at boot. They use LVM to resize partitions without downtime. Misconfiguration of /etc/fstab (e.g., incorrect UUID or filesystem type) can cause boot failure, requiring recovery via rescue mode. Understanding the FHS helps administrators quickly locate configuration files (e.g., /etc/ssh/sshd_config for SSH settings) and troubleshoot issues like 'cannot write to /var/log' due to full disk.
The 220-1102 exam (Objective 1.6) tests your knowledge of Linux file system structure in several ways:
Directory purposes: You must know which directory contains configuration files (/etc), logs (/var/log), user homes (/home), temporary files (/tmp), device files (/dev), and essential binaries (/bin, /sbin). A typical question: 'Where are log files stored in Linux?' Answer: /var/log.
Absolute vs. relative paths: Questions may ask you to identify the absolute path given a relative path and current directory. For example, if you are in /home/user and run cd ../docs, the absolute path becomes /home/docs.
File permissions: You will be shown an ls -l output and asked to interpret permissions (e.g., -rwxr-xr-- means owner can read/write/execute, group can read/execute, others can read). Numeric equivalents (755, 644) are common. Know that execute on a directory allows traversal.
Commands: Basic commands like cd, ls, cp, mv, rm, mkdir, chmod, chown, pwd are testable. You may be asked which command changes file permissions (chmod).
Mounting and /etc/fstab: Understand the format of fstab entries and the purpose of mount options like 'defaults', 'noatime', 'ro'. A question might ask: 'Which file contains filesystem mount information?' Answer: /etc/fstab.
Common wrong answers:
Confusing /etc (config) with /var (variable data). Candidates often pick /etc for logs.
Thinking /root is under /home. It is not; /root is a separate home for root.
Believing /tmp persists across reboots. It is typically cleared; /var/tmp persists.
Mixing up /bin (user binaries) and /sbin (system binaries).
Edge cases:
Symbolic links vs. hard links: symlinks can cross filesystems; hard links cannot.
The sticky bit on /tmp: only file owners can delete their files, even if others have write permission.
Hidden files (starting with .) are not shown with ls unless -a is used.
Exam tip: When eliminating wrong answers, focus on the directory's defined purpose. If a question asks about 'user-specific configuration files', the answer is likely in the user's home directory, not /etc.
The Linux filesystem is a single rooted tree starting at /.
Key directories: /etc (config), /var (variable data), /home (users), /tmp (temp), /dev (devices), /bin and /sbin (binaries).
File permissions are rwx for owner, group, others; numeric representation uses 4,2,1.
Absolute paths start with /; relative paths do not.
/etc/fstab defines filesystems to mount at boot.
/proc and /sys are virtual filesystems for kernel/hardware info.
The sticky bit on /tmp prevents users from deleting others' files.
Symbolic links can span filesystems; hard links cannot.
These come up on the exam all the time. Here's how to tell them apart.
Linux Filesystem Hierarchy
Single root (/) with no drive letters
Case-sensitive filenames
Uses forward slashes (/) in paths
Everything is a file (devices, processes)
Permissions based on user/group/others with rwx
Windows Directory Structure
Multiple roots (drive letters like C:, D:)
Case-insensitive (by default)
Uses backslashes (\) in paths
Devices are not files (e.g., C: is a volume)
Permissions based on ACLs with inheritance
Mistake
The root directory is the same as the root user's home directory.
Correct
The root directory (/) is the top of the filesystem tree, while the root user's home directory is /root. They are different.
Mistake
/tmp files survive a reboot.
Correct
/tmp is typically cleared on reboot. For persistent temporary files, use /var/tmp.
Mistake
/etc contains executable binaries.
Correct
/etc is for configuration files only. Binaries belong in /bin, /sbin, or /usr/bin.
Mistake
Hard links can be created across different filesystems.
Correct
Hard links must reside on the same filesystem because they share the same inode. Symbolic links can cross filesystems.
Mistake
The /proc directory contains actual files on disk.
Correct
/proc is a virtual filesystem that exists only in memory and provides kernel and process information in real-time.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The FHS is a standard that defines the directory structure and contents of Linux systems. It ensures consistency across distributions. Key directories include /etc for configs, /var for variable data, /tmp for temporary files, and /home for user homes. The 220-1102 exam expects familiarity with these directories.
Use the `chmod` command. For example, `chmod 755 file` sets owner rwx, group r-x, others r-x. You can also use symbolic mode: `chmod u+x file` adds execute for owner. To change ownership, use `chown user:group file`. The exam may ask you to interpret `ls -l` output.
Log files are typically stored in /var/log. Common logs include /var/log/syslog (system log), /var/log/auth.log (authentication), and /var/log/kern.log (kernel). The exam may ask which directory contains logs.
/tmp is cleared on reboot; it is used for temporary files that don't need to persist. /var/tmp is for temporary files that should survive a reboot. Both are world-writable but have the sticky bit set.
The sticky bit (permission 't') restricts deletion: only the file owner, directory owner, or root can delete files within that directory, even if others have write permission. It prevents users from deleting each other's temporary files.
Use `ls` command. `ls -l` shows detailed list with permissions, owner, size, and date. `ls -a` shows hidden files (starting with .). `ls -lh` shows sizes in human-readable format. The exam may test these options.
An absolute path starts from root (e.g., /home/user/file.txt) and is independent of current directory. A relative path is based on the current directory (e.g., ../file.txt means parent directory). The exam may ask you to convert relative to absolute.
You've just covered Linux File System Structure — now see how well it sticks with free 220-1102 practice questions. Full explanations included, no account needed.
Done with this chapter?