In-Depth Analysis of Linux Core Directory Structure and Function Mapping

System Command Hub: /bin

• • Core Positioning: Stores the core executable instruction set of the system (abbreviated as Binaries), covering the basic command toolchain used frequently.

• • Analog Reference: Similar to the C:\Windows\System32 instruction set storage area in Windows environments.

Boot Loader Hub: /boot

• • Core Components: Contains Linux kernel images, hardware driver modules, and bootloader files (such as GRUB) that are dependencies for booting.

• • Typical Contents: vmlinuz kernel file, initramfs initial memory disk, /grub2 boot configuration directory.

Hardware Abstraction Layer: /dev

• • Device Management: Maps physical/virtual devices (such as disk sda, terminal tty) in a file format, achieving a unified I/O interface.

• • Operational Characteristics: Dynamically manages device nodes through udev, supporting real-time responses for hot-plug devices.

Global Configuration Center: /etc

• • Function Coverage: Centrally manages system-level configuration files and service initialization scripts (such as network configuration, user permission policies).

• • Typical Files: passwd user database, fstab mount table, nginx.conf service configuration.

User Space Isolation: /home

• • Permission Model: Allocates independent storage domains for each user (such as /home/alice), achieving resource isolation and personalized configuration.

• • Extension Mechanism: Supports quota limits and encrypted subdirectories (such as .ssh key vault).

Runtime Dependency Libraries: /lib

• • Basic Support: Stores dynamic link libraries (.so) and kernel modules (.ko), ensuring compatibility for application and kernel interactions.

• • Architecture Differentiation: 64-bit systems typically add the /lib64 directory to store architecture-specific dependencies.

Disaster Recovery Area: /lost+found

• • Emergency Function: Automatically recovers fragmented file segments on disk after an abnormal shutdown using the fsck tool.

• • Access Restrictions: Ordinary users have no viewing permissions and must operate with root privileges.

Peripheral Mount Points: /media and /mnt

• • Design Differences:

• • /media: Automatically mounts removable media (USB drives, CDs) by the system.

• • /mnt: Manually mounts temporary file systems (NFS, ISO images) by the administrator.

• • Operation Example:

  mount /dev/cdrom /mnt/iso  # Mount CD-ROM to custom path  

Optional Software Repository: /opt

• • Standard Use: Stores complete suites of third-party commercial/closed-source software (such as Oracle DB, MATLAB).

• • Directory Structure: Typically organized by /opt/<vendor>/<app> hierarchy to avoid polluting system default paths.

Kernel Interface: /proc

• • Virtualization Features: Real-time mapping of process and hardware status to the memory file system, supporting dynamic tuning.

• • Tuning Example:

  echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all  # Disable ICMP response  

Privileged User Domain: /root

• • Security Isolation: Exclusive space for the super administrator, independent of ordinary user directory trees, preventing unauthorized access.

Advanced Management Tools: /sbin

• • Permission Levels: Stores system-level operational commands that require root privileges (such as fdisk, ifconfig).

Security Enhanced Framework: /selinux

• • Mandatory Access Control: Implements process-file level security policies (TE rules) to defend against privilege escalation attacks.

• • Compatibility Note: Enabled by default only in RedHat-based distributions, while Ubuntu and others use AppArmor as an alternative.

Service Data Pool: /srv

• • Best Practices: Stores web service data (such as Apache site files), version repositories (Git/SVN), and other production environment assets.

Device Topology Mapping: /sys

• • Kernel Object Model: Dynamically displays device trees, driver status, and power management parameters based on the sysfs virtual file system.

• • Interaction Scenario: Monitors device hot-plug events using the udevadm tool.

Temporary File Swap Area: /tmp

• • Cleanup Policy: Automatically cleared on system reboot, with some distributions using tmpfs for memory-accelerated access.

Application Resource Repository: /usr

• • Hierarchical Division:

• • /usr/bin: User-level applications (such as Python, GCC).

• • /usr/sbin: System service components requiring administrator privileges (such as sshd).

• • /usr/src: Kernel source code and compilation environment configuration.

Variable Data Storage: /var

• • Dynamic Content:

• • Log Archives: /var/log (system logs), /var/spool (queue data).

• • Runtime Status: /var/run (PID files), /var/lock (process locks).

Temporary Runtime Image: /run

• • Process Hosting: Stores system process IDs, socket files, and other temporary runtime data since the last boot.

• • Symbolic Links: Modern distributions redirect /var/run to this directory for standardization.

Architectural Insight: The Linux directory tree achieves efficient resource management and security control through functional decoupling and permission layering, with its design philosophy profoundly influencing the development trajectory of cloud computing and container technologies.