Skip to content
July 7, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Linux
  • Linux Directory Structure (File System Structure)
  • Linux

Linux Directory Structure (File System Structure)

Do Son August 13, 2017 7 minutes read
Screenshot from 2017-08-12 17-09-21
Add Daily CyberSecurity as a preferred
source on Google

/

/ Is at the top of the Linux file system tree structure, it is the Linux file system entry, all the directory, files, equipment are in / below.

/bin

This directory stores the most commonly used commands of the system, the equivalent of DOS internal commands, but they are in the form of independent documents exist. For example: ls, cp, mkdir and other orders. The files in this directory are executable and are commands that ordinary users can use. As the system’s most basic commands are placed here.

/usr

The directory is where the system is stored, such as normal commands, help files, installed software, and so on. There are a lot of files and directories in this directory. When we install a Linux distribution official package, most of the installed here. When there is a configuration file that involves the server, the configuration file is installed in the /etc directory. /usr directory includes the font directory /usr/share/fonts, help directory /usr/share/man or /usr/share/doc and so on.

/var

The content of the directory is constantly changing, /var/log directory used to store the system log directory. The /var/www directory is used to define the Apache server site storage directory. /var/lib is used to store some library files.

/sbin

Most of the commands involved in system management are stored in the directory, it is super-privileged user root executable command storage, the general user does not have permission to execute the order of the order, all directory sbin contains the order is root authority implemented.

/root

Linux super privilege user (system administrator) root home directory.

/home

Ordinary users of the main directory are stored in the directory by default, such as: a user called ddos, then its home directory is /home/ddos, you can also use ~ddos.

/etc

The directory is the location of the system configuration file, some of the server’s configuration file is also here, such as: user account and password configuration files.

/boot

Linux kernel and boot system procedures required documents are stored in the directory, such as vmlinuz, initrd.img and other documents are located in this directory. In general, GRUB or LILO system boot manager in this directory.

/opt

The directory is optional package installation directory, some software package we can install it in the directory.

/tmp

The directory is used to store temporary files, sometimes when the user runs the program, it will produce some temporary files. /tmp is used to store temporary files. /var/tmp directory and the role of the directory is similar.

/lost + found

In the ext2 or ext3 file system, when the system accidental crash or machine accident shutdown, and some of the file fragments generated in the directory. When the system starts in the process the fsck tool will check here and fix the damaged file system. Sometimes a problem with the system, there are a lot of files to be moved to this directory, may be used to repair the manual way, or moved to the original location of the file.

/lib

This directory is used to store library files, which store the most basic shared library of the system, which acts like a .dll file in Windows. Almost all applications need to use these shared libraries.

/mnt

The directory is used to store the mount storage device mount directory, the system provides this directory is to allow users to temporarily mount other file systems, such as cdrom and other directories.

/proc

When the operating system is running, the process (running program) information and kernel information (such as cpu, hard disk partition, memory information, etc.) stored here. / Proc directory is disguised file system proc mount directory, proc is not a real file system. Therefore, this directory is a virtual directory, it is the system memory mapping, we can directly access the directory to obtain system information. In other words, the contents of this directory is not on the hard disk but in memory.

/misc

The directory can be used to store miscellaneous files or directories, that is, those files or directories whose uses or meaning is ambiguous can be stored in that directory.

/media

The mount point for the Plug and Play storage device is automatically created in that directory. Such as USB disk system automatically mount, will be in this directory to produce a directory; CDROM / DVD automatically mount, will also create a directory in this directory, similar to cdrom this directory. This directory is only available on the latest distribution.

/initrd

The kernel before the boot is compressed (this is related to ramdisk), when the system starts to extract, the directory is unzipped when the temporary directory, when the boot and then clear the directory.

/usr/man

This directory is the storage directory of the Linux system help documentation.

/proc/cpuinfo

Information about the processor, such as type, manufacturer, model, and performance. Such as cat /proc/cpuinfo

/proc/devices

A list of all the devices that are currently running by the kernel.

/proc/filesystems

The currently running kernel is configured for the file system.

/proc/dma

The current DMA channel is being used.

/proc/interrupts

The number of interrupts being used and how many interrupts were there.

/proc/ioports

The I/O port currently being used.

/etc/init.d

This directory is used to store the system or server in System V mode to start the script, which in the System V mode to start or initialize the system common. Such as RedHat Fedora.

/etc/xinetd.d

If the server is running through xinetd mode, its script should be placed in this directory. Some systems do not have this directory, such as Slackware, some old version did not. In Redhat Fedora in the relatively new version exists.

/etc/rc.d

This is the Slackware release in a directory, is the BSD way to start the script to store, such as the definition of network cards, server open scripts.

/etc/x11

Is the X-Window related configuration file storage.

/usr/bin

This directory is the executable program directory, ordinary users have the authority to implement. When we install a program from the system’s own package, most of his executable files will be placed in this directory. A similar directory is the /usr/local/bin directory. Sometimes /usr/bin in the file is /usr/local/bin link file.

/usr/sbin

This directory is also a directory of executable programs, but mostly stores commands that involve system administration. Only root privileges can be executed, the similar directory is /sbin or /usr/local/sbin or /usr/X11R6/sbin and so on.

/usr/local

This directory is generally used to store the user self-compiled software installation directory. Usually through the source package installed software, if not specified in the installation directory, it is generally installed in this directory.

/usr/lib

The directory and the /lib directory are similar to the repository directory of the library file. Store some commonly used shared libraries.

/usr/share

The directory used to store the system shared things, such as /usr/share/fonts is the font directory, is the user are shared.

/usr/share/doc

This directory is the place where Linux is shared.

/usr/share/man

The directory is where the shared help file is stored.

/usr/src

The directory is the kernel source code storage, the following kernel source directory, such as linux, linux-2.xxx.xx directory. Some systems will also install some source code packages here, such as Redhat Fedora. In addition Redhat 4.0 / 5.0, its kernel source package directory is located in /usr/src/kernels directory under a directory (only installed after the corresponding directory).

/var/adm

Such as package installation information, log, management information, etc. stored in the directory, in the Slackware operating system is the directory. There seems to be no in Fedora.

/var/log

This directory is used to store system logs.

/var/spool

Printers, mail, proxy servers and other spool directory stored in the directory.

Install one of these Linux photo editors to work with Linux directory structure and practice with commands.

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: File System Structure Linux Linux Directory Structure

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
  • CVE-2026-45659CVSS 8.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 1, 2026
  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-55500CVSS 9.9
    ## Summary The `/api/settings/database` endpoint allows full database export (containing all credentials,...
  • CVE-2026-54496CVSS 9.3
    ### Summary A soundness vulnerability in the variable-base scalar multiplication gadget of...
  • CVE-2026-55615
    Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no...
  • CVE-2026-57572CVSS 10.0
    Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0,...
  • CVE-2026-57571CVSS 9.6
    Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0,...
  • CVE-2026-34038CVSS 9.9
    Coolify is an open-source and self-hostable tool for managing servers, applications, and...
  • CVE-2026-54769CVSS 10.0
    ### Advisory Details **Title**: Sandbox Escape to Remote Code Execution via Incomplete...
  • CVE-2026-54760
    # SQLChatAgent `_validate_query` dangerous-pattern regex is bypassable via quoted/commented/qualified function names ##...
  • CVE-2026-53486CVSS 9.1
    ### Impact When extracting an archive to a directory, a crafted archive...
  • CVE-2026-9181CVSS 9.8
    ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.