Initially, the Unix/Linux file structure can be difficult to understand, for someone who is used to working in the extended- and full-name environment of Microsoft Windows. Many of the directories in the Unix-based operating systems are abbreviated, which helps reduce key strokes once the names can be deciphered, but have also been known to add a great deal of confusion for those who are exploring it for the first time. I experienced this first-hand!!
The directories below do not represent an exhaustive list of directory names in the Linux- and Unix-based operating systems, but it is the author's intent that this list will at least succeed in establishing a basic level of understanding, pertaining to the abbreviated names used and the purpose of the directories. Also, it is hoped that this information will act as a launching pad for newly introduced Unix/Linux users, who are still trying to understand the terminology, and lead them to many happy years of Linux loyalty!
********************************************************************************
. = current directory
.[directory] = hidden directory (Any directory or file with a dot [.] in front of the name is a hidden file or directory. Files and directory typically are not hidden for security purposes [that's what the permissions and file ownership are for], but rather as a matter of convenience for the average user. If the files or directories do not need to be accessed often, such as with system configurations, then they are hidden so as to prevent the file lists from appearing cluttered)
.. = parent directory to the current directory
/ = root (This is the primary directory, or 'root' of the file system)
bin = binary (This is where binary files/compiled code is located. Functions and commands that come with the base operating system, and that are needed by regular users, are typically located in this folder)
boot =bootup (These files are executed when the system is booting up; ie starting)
dev = device (These are where the regularly attached devices are mounted, such as internal drives and hardware)
etc = et cetera (This was initially intended as the directory for anything that didn't fit into one of the other specific directories)
home = home (This is where the home directories for the non-root/regular users will be created)
lib = library (This is where the resource files and data are kept for installed applications and system tools)
lost+found = orphaned data (This is where the unclaimed blocks of data or non-allocated files are placed. This data can become lost when the file system is unable to shut down properly, such as with a power-outage)
media = media storage (This is where additional storage devices are attached, like USB thumb drives or external DVRs)
mnt = mount (This directory can be used to mount external storage devices or remote file systems, such as a Windows drive, to the local file system)
opt = option
proc = processes (These files don't really exist. This portion of the operating system operates on an as-needed basis and these are actually virtual files, rather than real files. Do not include this directory in your system backup! Once when I tried doing a .tar.gz backup on my 320GB system and included this directory, it created a 1.5TB file, even with compression, before I canceled the backup!)
root = root user (This is the home directory for the root, or super user)
sbin = secure binary (System administrative functions and commands that come with the base operating system, that are used by the root user and other system resources, are typically located in this folder)
src = source (This is the directory for source code)
srv = service
sys = system
tmp = temporary (This is for any files that will only exist temporarily, such as files for currently running applications, that will be deleted once the associated processes are stopped)
usr = Unix system resources (Often pronounces as "user", but done so in error. This directory should be pronounced as the individual letters, u-s-r. This is where some of the primary system resources, drivers, and libraries are stored)
usr/bin = Unix system resources/binary (This is where binary files/compiled code is located, that the system has installed after the usr directory was mounted; i.e. after the operating system's initial installation. This includes functions and
commands that are needed
by regular users)
usr/sbin = Unix system resources/binary (This directory includes system administrative functions and commands that the system has installed after the usr directory was mounted; i.e. after the operating system's initial installation. This includes functions and commands that are used by the root user and other system resources)
usr/local/bin = Unix system resources/local/binary (Functions and
commands that are installed by locally by the root user, but are intended for regular users, should be placed in this folder)
usr/local/sbin = Unix system resources/local/binary (System administrative functions and
commands that are installed locally by the root user should be placed in this folder)
var = variables (This directory contains the main system logs, in additional to other data. For example, on a SUSE Linux system, the error log is found at /var/log/warn)
Unix/Linux file structure is difficult to understand,for me but your instruction help me lot and i must say its work great and fantastic output.Thanks for sharing.
ReplyDeletewow error
134
thanks.
I wonder what kind of forensically interesting data could be pulled from the lost+found part, if any. Also, what is the difference between bin and sbin. In picking apart intrusions, I find that sometimes they overwrite bin code, and then other times they choose things from the sbin. Good write-up! Can't wait to see more!
ReplyDelete