File systems in the UNIX family have never been very well organized. Various incompatible naming conventions are used simultaneously, and different types of files are scattered randomly around the namespace. In many cases, files are divided by function and not by how likely they are to change, making it difficult to upgrade the operating system. The /etc directory, for example, contains some files that are never customized and some that are entirely local.
How do you know which files to preserve during the upgrade? Well, you just have to know… Despite several incremental improvements over the years (such as the designation of /var as a place to store system-specific data), UNIX and Linux systems are still pretty much a disorganized mess. Nevertheless, there’s a culturally correct place for everything. Most software can be installed with little reconfiguration if your system is set up in a standard way. If you try to improve upon the default structure, you are asking for trouble.
The root filesystem includes the root directory and a minimal set of files and subdirectories. The file that contains the OS kernel usually lives somewhere within the root filesystem, but it has no standard name or location; under Solaris, it is not really even a single file so much as a set of components.
Also part of the root filesystem are /etc for critical system and configuration files, /sbin and /bin for important utilities, and sometimes /tmp for temporary files.
/dev is usually a real directory that’s included in the root filesystem, but some or all of it may be overlaid with other filesystems if your system has virtualized its device support.
Some systems keep shared library files and a few other odd things such as the C preprocessor in the /lib directory. Others have moved these items into /usr/lib, sometimes leaving /lib as a symbolic link.
The directories /usr and /var are also of great importance. /usr is where most standard programs are kept, along with various other booty such as on-line manuals and most libraries. It is not strictly necessary that /usr be a separate filesystem, but for convenience in administration it often is. Both /usr and /var must be available to enable the system to come up all the way to multiuser mode.
/var houses spool directories, log files, accounting information, and various other items that grow or change rapidly and that vary on each host. Since /var contains log files, which are apt to grow in times of trouble, it’s a good idea to put /var on its own filesystem if that is practical.
Home directories of users are often kept on a separate filesystem, usually one that’s mounted in the root directory. Dedicated filesystems can also be used to store bulky items such as source code libraries and databases.
On many systems, a hier man page (filesystem man page on Solaris) outlines some general guidelines for the layout of the filesystem. Don’t expect the actual system to conform to the master plan in every respect, however.
- /bin – Core operating system commands
- /boot – Kernel and files needed to load the kernel
- /dev – Device entries for disks, printers, pseudo-terminals, etc.
- /etc – Critical startup and configuration files
- /home – Default home directories for users
- /kernel – Kernel components
- /lib – Libraries, shared libraries, and parts of the C compiler
- /media – Mount points for filesystems on removable media
- /mnt – Temporary mount points, mounts for removable media
- /opt – Optional software packages (not consistently used)
- /proc – Information about all running processes
- /root – Home directory of the superuser (often just /)
- /sbin – Commands needed for minimal system operabilityc
- /stand – Stand-alone utilities, disk formatters, diagnostics, etc.
- /tmp – Temporary files that may disappear between reboots
- /usr – Hierarchy of secondary files and commands
- /usr/bin – Most commands and executable files
- /usr/include – Header files for compiling C programs
- /usr/lib – Libraries; also, support files for standard programs
- /usr/lib64 – 64-bit libraries on 64-bit Linux distributions
- /usr/local – Software you write or install; mirrors structure of /usr
- /usr/sbin – Less essential commands for administration and repair
- /usr/share – Items that might be common to multiple systems
- /usr/share/man – On-line manual pages
- /usr/src – Source code for nonlocal software (not widely used)
- /usr/tmp – More temporary space (preserved between reboots)
- /var – System-specific data and configuration files
- /var/adm – Varies: logs, setup records, strange administrative bits
- /var/log – Various system log files
- /var/spool – Spooling directories for printers, mail, etc.
- /var/tmp – More temporary space (preserved between reboots)
- CTEM – A Strategic Approach to Mitigating Cyber Risks
- AI in Penetration Testing – Revolutionizing Security Assessments
- Protecting Your Organization from AI-Enhanced Social Engineering Attacks
- The Rise of AI-Powered Cyber Attacks in 2025
- Top 5 Penetration Testing Methodologies to Follow in 2025
- Top 10 Penetration Testing Tools Every Security Professional Should Know in 2025
- Emerging Trends in Vulnerability Assessment and Penetration Testing (VAPT) for 2025
- The Role of Cybersecurity in Protecting IoT Devices in 2025
- Understanding the Five Phases of Penetration Testing
- Top 20 Cybersecurity Career Options