Linux Directory Structure for DevOps Context

If you’re new to Linux and stepping into the DevOps world, understanding the Linux directory structure is crucial. Unlike Windows, which uses drive letters (C:, D:), Linux organizes everything under a single root directory /. This hierarchical structure follows the Filesystem Hierarchy Standard (FHS), and as a DevOps engineer, you’ll interact with specific directories daily when working with containers, logs, configurations, and system monitoring.

The Root Directory: Where It All Begins

The root directory / is the top-level directory in Linux. Every file and directory on your system exists under this root. Think of it as the foundation of a tree where all branches (subdirectories) stem from.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

/
├── bin/
├── boot/
├── dev/
├── etc/
├── home/
├── lib/
├── media/
├── mnt/
├── opt/
├── proc/
├── root/
├── run/
├── sbin/
├── srv/
├── sys/
├── tmp/
├── usr/
└── var/

Essential Directories for DevOps Engineers

/var - The Variable Data Directory

The /var directory is perhaps the most important for DevOps professionals. It contains variable data that changes frequently during system operation.

Key subdirectories:

  • /var/log/ - System and application logs
  • /var/lib/ - Application state data
  • /var/cache/ - Cached data from applications
  • /var/spool/ - Temporary files waiting to be processed
  • /var/run/ - Runtime variable data (now often symlinked to /run/)

DevOps Use Cases:

1
2
3
4
5
6
7
8

# Common log locations
/var/log/messages       # General system messages
/var/log/syslog         # System log (Ubuntu/Debian)
/var/log/auth.log       # Authentication logs
/var/log/kern.log       # Kernel logs
/var/log/cron.log       # Cron job logs
/var/log/nginx/         # Web server logs
/var/log/mysql/         # Database logs

Container Context: When running containers, you’ll often mount /var/log to persist logs:

1

docker run -v /var/log/myapp:/var/log/myapp myapp:latest

/etc - System Configuration Files

The /etc directory contains system-wide configuration files. No executables should be placed here, only configuration files.

Critical files for DevOps:

  • /etc/passwd - User account information
  • /etc/group - Group information
  • /etc/hosts - Static hostname resolution
  • /etc/fstab - Filesystem mount information
  • /etc/crontab - System-wide cron jobs
  • /etc/ssh/ - SSH configuration
  • /etc/nginx/ - Nginx configuration
  • /etc/docker/ - Docker daemon configuration

Example configurations:

1
2
3
4
5
6
7
8

# Check system timezone
cat /etc/timezone

# View DNS configuration
cat /etc/resolv.conf

# Check network interfaces
cat /etc/network/interfaces

/proc - Process and System Information

The /proc directory is a virtual filesystem that provides information about running processes and system hardware. It doesn’t contain real files but rather runtime system information.

DevOps Monitoring Essentials:

1
2
3
4
5
6

/proc/cpuinfo          # CPU information
/proc/meminfo          # Memory usage
/proc/loadavg          # System load average
/proc/diskstats        # Disk I/O statistics
/proc/net/dev          # Network interface statistics
/proc/[PID]/           # Process-specific information

Practical Examples:

1
2
3
4
5
6
7
8

# Check memory usage
cat /proc/meminfo | grep MemTotal

# Monitor system load
cat /proc/loadavg

# Check process information
cat /proc/1234/status  # Replace 1234 with actual PID

/sys - System Hardware Information

The /sys directory is another virtual filesystem that exposes kernel objects, their attributes, and relationships between them. It’s particularly useful for hardware monitoring and configuration.

Key areas:

  • /sys/class/ - Device classes (network, block devices, etc.)
  • /sys/devices/ - Physical devices
  • /sys/fs/ - Filesystem information
  • /sys/kernel/ - Kernel parameters

/tmp - Temporary Files

The /tmp directory stores temporary files that are typically deleted on system reboot. Many applications use this space for temporary storage.

DevOps Considerations:

  • Monitor disk usage in /tmp to prevent full disk issues
  • Some containers mount /tmp as tmpfs for performance
  • Log rotation scripts often use /tmp for processing

/opt - Optional Software

The /opt directory is used for installing optional software packages that aren’t part of the default system installation.

Common DevOps tools locations:

1
2
3
4

/opt/docker/           # Docker installation (some distributions)
/opt/kubernetes/       # Kubernetes binaries
/opt/prometheus/       # Prometheus monitoring
/opt/grafana/          # Grafana installation

/usr - User Programs and Data

The /usr directory contains user-installed programs and their related files.

Important subdirectories:

  • /usr/bin/ - User command binaries
  • /usr/sbin/ - System administration binaries
  • /usr/lib/ - Libraries for programs
  • /usr/local/ - Locally installed software
  • /usr/share/ - Shared data (documentation, icons, etc.)

/home - User Home Directories

Each user on the system has a home directory under /home/username. This is where personal files, configurations, and user-specific data are stored.

DevOps User Scenarios:

1
2
3
4

/home/devops/.ssh/         # SSH keys and configuration
/home/devops/.docker/      # Docker user configuration
/home/devops/.kube/        # Kubernetes configuration
/home/devops/scripts/      # Personal automation scripts

Container-Specific Directory Considerations

Docker and Container Runtime Directories

When working with containers, you’ll encounter these important directories:

Docker-specific locations:

1
2
3
4
5

/var/lib/docker/           # Docker's data directory
├── containers/            # Container data
├── images/               # Image layers
├── volumes/              # Named volumes
└── overlay2/             # Overlay filesystem data

Container filesystem mounts:

1
2
3
4

# Common volume mounts for containers
-v /var/log:/var/log              # Log persistence
-v /etc/localtime:/etc/localtime  # Timezone synchronization
-v /var/run/docker.sock:/var/run/docker.sock  # Docker socket access

Log Management in Containerized Environments

Understanding log locations is crucial for troubleshooting:

Container logs:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# Docker container logs
docker logs container-name

# System journal logs (systemd)
journalctl -u docker.service
journalctl -u kubelet.service

# Container runtime logs
/var/log/containers/       # Kubernetes container logs
/var/log/pods/            # Kubernetes pod logs

Practical Navigation Commands

Here are essential commands for navigating and understanding the directory structure:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

# Display directory tree structure
tree -L 2 /

# Check disk usage by directory
du -sh /var/log/*

# Find large files
find /var -size +100M -type f

# Monitor real-time log files
tail -f /var/log/syslog

# Search for files containing specific text
grep -r "error" /var/log/

# Check directory permissions
ls -la /etc/

# Display filesystem usage
df -h

Best Practices for DevOps Engineers

1. Log Management

  • Regularly monitor /var/log disk usage
  • Implement log rotation to prevent disk full issues
  • Use centralized logging for containerized applications
  • Set up log monitoring and alerting

2. Configuration Management

  • Keep configuration files in version control
  • Use configuration management tools (Ansible, Puppet, Chef)
  • Maintain backup copies of critical /etc files
  • Document configuration changes

3. System Monitoring

  • Monitor /proc and /sys for system health metrics
  • Set up alerts for high CPU, memory, and disk usage
  • Use tools like Prometheus and Grafana for visualization
  • Implement automated health checks

4. Security Considerations

  • Regularly audit file permissions in /etc
  • Monitor /var/log/auth.log for security events
  • Secure SSH configuration in /etc/ssh/
  • Implement proper user access controls

Troubleshooting Common Issues

Disk Space Problems

1
2
3
4
5
6
7

# Check which directories are using most space
du -sh /* | sort -hr

# Clean up common areas
sudo apt-get autoremove
sudo docker system prune
sudo journalctl --vacuum-time=2d

Permission Issues

1
2
3
4
5
6

# Check file ownership and permissions
ls -la /path/to/file

# Fix common permission issues
sudo chown user:group /path/to/file
sudo chmod 644 /path/to/file

Log Analysis

1
2
3
4
5
6
7
8

# Search for errors in logs
sudo grep -i error /var/log/syslog

# Monitor logs in real-time
sudo tail -f /var/log/syslog | grep -i error

# Check systemd service logs
sudo journalctl -u service-name -f

Conclusion

Understanding the Linux directory structure is fundamental for any DevOps engineer. The directories covered in this post - particularly /var, /etc, /proc, and /sys - will be your daily companions when managing systems, troubleshooting issues, and working with containerized applications.

Remember that Linux follows the principle of “everything is a file,” so directories, devices, and even system information are accessible through the filesystem. This consistency makes Linux powerful and predictable once you understand the structure.

As you grow in your DevOps journey, you’ll find that familiarity with these directories will make you more efficient at system administration, debugging, and automation tasks. Practice navigating these directories, understand what each contains, and you’ll be well-equipped to handle most Linux-based infrastructure challenges.

Start exploring these directories in a safe environment, use the commands provided, and gradually build your confidence with the Linux filesystem. The investment in understanding this foundation will pay dividends throughout your DevOps career.