Linux File System
Most people interact with Linux through commands. I tried something different: I treated the file system like a map of the entire operating system.
What I found is that Linux doesn’t “hide” how it works. It exposes everything networking, processes, users, boot logic all as files.
Here are the most meaningful discoveries from that exploration.
1. /etc - System Behavior Is Just Configuration
What it does
/etc stores system-wide configuration files that control how Linux behaves.
Why it exists
To separate system logic (code) from system behavior (configuration).
Problem it solves
Makes systems flexible without needing recompilation or deep system changes.
Insight
Files like:
/etc/hosts→ manual DNS overrides/etc/resolv.conf→ DNS configuration/etc/passwd→ user definitions
Linux exposes its configuration in plain text. There’s no hidden registry or system layer. You can directly inspect and modify behavior.
That changes how you debug problems: instead of guessing, you read the system’s configuration.
2. /etc/resolv.conf - DNS Is More Dynamic Than It Looks
What it does
Defines which DNS servers your system queries.
Example:
nameserver 8.8.8.8
Why it exists
To allow domain name resolution without hardcoding IP addresses.
Problem it solves
Decouples user-friendly names from network-level addressing.
Insight
This file is often overwritten automatically by DHCP or network managers.
So while it looks like a static config file, it’s actually part of a dynamic pipeline: DHCP → Network Manager → resolv.conf → DNS resolution
This revealed that networking in Linux is layered, not centralized.
3. /proc - The Kernel Exposes Itself as Files
What it does
A virtual filesystem that provides real-time system and process data.
Examples:
/proc/cpuinfo/proc/meminfo/proc/[pid]/
Why it exists
To give userspace programs a consistent interface to kernel data.
Problem it solves
Avoids the need for specialized APIs for system introspection.
Insight
Nothing in /proc actually exists on disk.
When you read a file here, you’re querying the kernel in real time.
This completely changes the mental model: You’re not reading files - you’re interacting with the kernel through a file interface.
4. /dev - Hardware Becomes Files
What it does
Represents devices (hardware and virtual) as files.
Examples:
/dev/sda→ storage device/dev/null→ discards data/dev/tty→ terminal interface
Why it exists
To unify hardware interaction under the file abstraction.
Problem it solves
Provides a consistent interface for programs to interact with devices.
Insight
Devices are dynamically created by udev.
This means:
Plug in a USB → new file appears in
/devRemove it → file disappears
The system is constantly updating its own structure based on hardware state.
5. /var/log - The System Never Forgets
What it does
Stores logs from the OS and services.
Examples:
authentication logs
system events
package installation history
Why it exists
To provide observability into system behavior.
Problem it solves
Debugging, auditing, and tracing system activity.
Insight
Logs are not just for errors - they are a timeline.
If something breaks, the answer is usually already written in /var/log.
This shifts debugging from “trial and error” to “investigation and evidence.”
6. /etc/passwd and /etc/shadow - Identity vs Security
What they do
/etc/passwd→ user metadata/etc/shadow→ encrypted passwords
Why they exist
To separate publicly readable identity info from sensitive authentication data.
Problem they solve
Security and controlled access to credentials.
Insight
Linux internally identifies users by UID, not username.
Usernames are just labels. The system operates on numeric identities.
Also, moving passwords to /etc/shadow ensures only privileged processes can access them - a simple but effective security design.
7. /etc/systemd - Boot Is a Dependency Graph
What it does
Defines services and how they start using systemd.
Why it exists
To manage system initialization and background services reliably.
Problem it solves
Coordinating complex startup sequences.
Insight
Each .service file defines:
what runs
when it runs
dependencies
Booting Linux is not a linear process. It’s a graph of dependent services.
Understanding this explains why some services wait, fail, or restart - it’s all defined declaratively.
8. /boot - The Most Critical Small Directory
What it does
Contains kernel images and bootloader configurations.
Why it exists
To provide the minimal components required to start the system.
Problem it solves
Separates bootstrapping from the rest of the OS.
Insight
If /boot is broken, nothing else matters - the system won’t start.
This directory is tiny compared to the rest of the system, but it controls the entire startup process.
9. /proc/net/route - Networking Is Decision-Making
What it does
Contains the system’s routing table.
Why it exists
To determine how network packets are forwarded.
Problem it solves
Ensures data reaches the correct destination through the correct interface.
Insight
Your system doesn’t just “send data.” It decides where and how to send it every time.
Reading the routing table reveals:
default gateway
interface priorities
routing logic
Networking is not just connectivity - it’s controlled flow.
10. Permissions - A Minimal Model That Scales
What it does
Controls access using:
read
write
execute
Across:
owner
group
others
Why it exists
To enforce isolation and security.
Problem it solves
Prevents unauthorized access while allowing controlled sharing.
Insight
This simple model powers:
file access
process execution
system-level security
Despite being minimal, it scales across multi-user systems without complexity.
Summary
This exploration changed how I think about Linux.
Linux is not:
a black box
a command-line tool
It is a system where:
everything is visible
everything is inspectable
everything is represented as files
The key realization:
Linux doesn’t abstract reality away - it organizes it.
