I like to jot down the things I learn as I go along; it helps me to remember. I’ve reproduced this list of useful Linux files and folders which will hopefully grow over time, to represent those I have encountered. I figure if I write them here, they might be of use to others too. The majority can be explored with cat, a pager or a text editor.


root directory that must contain:
bin boot dev etc lib media mnt opt sbin srv tmp usr and var subfolders



Mail forwarding configuration FILE

SYNTAX for line in file:

mrnoobot, mrsnoobot
#forwards to specified users

mrnoobot, "|/usr/bin/vacation"
#forwards to user and runs program


contains Linux kernel and bootloader files FOLDER


contains Linux kernel and bootloader files (EFI)


The GRUB bootloader configuration file. FILE

Notable sections:

default = 0 #title to boot to by default
fallback = 1 #title to boot to if default fails
timeout = 5 #time to choose boot option
splashimage = /grub/splash/image.jpg #background image
hiddenmenu #hides all but default title unless key is pressed
password Password123 #password needed to use GRUB CLI

#denote available operating systems
root(hd0,2) #provides location of boot directory using hd syntax
kernel #image file and parameters to be passed to kernel
initrd #ramdisk to match kernel
password #when used in title, password must be entered before booting that title
password --md5 <MD5HASH> #uses an encrypted password for password functions (safer). Can be generated using grub-md5-crypt
rootnoverify #specifies bootable non-Linux operating systems
chainloader +1 #specify path to bootloader on non-Linux bootable OS OR +1 if it is in the first sector of the partition


pseudo-filesystem that represents all devices currently connected to the Linux system. FOLDER

#represents SATA/SCSI/USB device A partition 1
#represents IDE device b partition 2


Log FILE of the hardware clock first setting and subsequent adjustments.


configuration file for locating package repositories (Debian) FILE


FILE which specifies a list of users (one per line) who are permitted to use the at command. By default all users are allowed to use the command if it is installed and this file does not exist. 

If this file exists, then /etc/at.deny should NOT exist


FILE which specifies a list of users (one per line) who are NOT permitted to use the at command. By default all users are allowed to use the command if it is installed and this file may not exist (or will be empty). 

If this file exists, then /etc/at.allow should NOT exist

Adding a user to this file will not affect any existing at jobs that user has created. These should be removed manually using atrm


FILE for configuring the chronyd time service (an alternative to network time protocol for high latency environment)

pool <address> #specifies NTP server pools
logdir #specify location of log files
server #server address to use
keyfile #location of authentication information for NTP servers
driftfile #location of file to monitor drift for correction
allow <IP or subnet> #hosts that can use this server
deny <IP or subnet> #hosts that may not use this server


FILE which specifies a list of users (one per line) who are permitted to use the crontab command. By default all users are allowed to use the command and this file does not exist. 

If this file exists, then /etc/cron.deny should NOT exist


FOLDER containing system crontab (scheduled) jobs that do not require environment variables to be loaded before script execution


FILE which specifies a list of users (one per line) who are NOT permitted to use the crontab command. By default all users are allowed to use the command and this file does not exist. 

If this file exists, then /etc/cron.allow should NOT exist

Adding a user to this file will not affect any existing cron jobs that user has created. These should be removed manually using crontab -u mrnoobot -r


System crontab FILE for the scheduling of tasks.

The file will:
Define the environment for the scripts eg using SHELL/PATH variables
Define the frequency of script execution
Define what user the script will run as
Define a path to the script

User crontab files are similar but only run as the user.

Frequency is established by defining the following:
minutes (0-59)
hours (0-23)
day of the month (1-31)
month (1-12)
day of the week (0-7) (0 & 7 == Sunday)

Multiple days/weekdays/months can be specified using comma separation or defining a range with - 

These frequency fields can be replaced by the following keywords:


contains entries for default boot FOLDER


As the path suggests, a FILE in which the default locale can be adjusted by changing the LANG variable to an available locale. See also locale command. 


file system table - configures filesystems that will be mounted automatically on boot FILE


UUID/DEV/LABEL #lists the uuid, the device or the label
MOUNTPOINT #the point to mount the device on
FILESYSTEM # the filesystem on the device
OPTIONS #any specified options
DUMPBIT #1 for TRUE, 0 for FALSE - available to dump command
CHECKPRIORITY #0 for NEVER - order that filesystems are checked

ro #read only
rw #read and write
suid #allow suid executes
nosuid #do not allow suid executes
dev #allow device files
nodev #do not allow device files
exec #allow executable files
noexec #do not allow executable files
auto #automatically mount
noauto #do not automatically mount
async #asynchronous writes
sync #synchronous writes
relatime #only update access timestamp if file is modified or metadata changed
defaults #stick to default options


FILE containing list of groups and their members

Four fields delimited by colon:


group_name #name of the group
password #unusual but if x indicates password entry in /etc/gshadow
GID #numeric group ID
members #list of users who are members of the group delimited by ,


contains scripts run by GRUB2 FOLDER


similar to /etc/shadow this FILE holds the security information for groups in the /etc/group file

contains four fields delimited by colon :

groupname #the group name
password #an encrypted password for the group, if it exists (can prevent use of newgrp command)
admins #users who are group admins
members #users who are normal members of the group


FILE deprecated by DNS but still used for bootstrapping, non-internet(isolated) nodes and input for Network Information Services database

<IP ADDRESS>     <HOSTNAME>            <ALIAS>     test.noobot.com      noobot


Where this FILE exists, it may simply contain the word 'manual'. This will automatically override the .conf file and prevent the service from running automatically.


ubuntu variant of /etc/inittab; default runlevel can be amended


See also Shell Commands: runlevel for runlevel descriptions
See /etc/inittab for systemv/Red Hat systems


determines which scripts will be executed to provide services at startup FILE

default runlevel can be set in this file (see Shell Commands: runlevel for descriptions)

#in this line, 5 is the default runlevel and can be amended

SYSTEM V systems. See also /etc/systemd, /etc/init/rc-sysinit.conf


contains scripts executed to provide services on startup FOLDER

SYSTEM V systems. See also /etc/systemd


library configuration file - typically points to folder /etc/ld.so.conf.d/ which contains individual package conf files


FILE to manage default settings used when new accounts are created. Does NOT propagate if amended

#setting the range of UID and GIDs available to new users and groups.

UID_MIN #user UIDs start at this value (typically 1000)
UID_MAX #upper limit for UIDs
GID_MIN #group GIDs start at this value (typically 100)
GID_MAX #upper limit for GIDs
#SYS_ #preceding about values indicates the ranges reserved for system users and groups (services)

#setting password aging settings
PASS_MAX_DAYS #max number of days password is valid 99999 never expires
PASS_MIN_DAYS #min number of days a password must be valid 
PASS_WARN_AGE #days before expiry that warning will be generated


Configuration FILE for log file management
Establishes the default log settings, the directory for package logs, and customised settings for individual logs.

#Rotation interval

rotate 4	
#number of rotations to retain

#compress rotated logs

#no error if logfile is absent


FILE used to configure mail aliases

SYNTAX for each line in file:

noobots: mrnoobot, mrsnoobot, panoobot
#defines the mailgroup noobot and users in the mailgroup

mrnoobot: mrnoobot@mrnoobot.com;mrnoobot@uk.mrnoobot.com
#deliver to multiple addresses for same user

logissues: |/usr/local/bin/issues
#pipes mail to a logging application

chiefnoobot: /dev/null
#deletes all incoming mail for a user  


FOLDER containing files that determine how interfaces are configured


Configuration FILE for NTP (Network Time Protocol)

Comprises servers to sync with and method (eg iburst); recommended at least 3. If server will include own IP address.

Restricts computers from using the machine as a time server (default ignore) and restricts (whitelists) which computers can access the ntpd service ( for local host). If server, restrict default will be nomodify nopeer noquery.

Driftfile - a file that monitors the time drift between sync servers and system, ultimately providing for automatic correction

Logfile - location of the ntpd logfile


contains user data (not passwords) that may be useful for password cracking when combined with /etc/shadow

Each entry contains seven fields delimited with a colon.


loginID #username
x #denotes encrypted password stored in /etc/shadow
UID #user ID number (root is 0)
GID #primary group ID
comment #may contain user/admin customised details
home #absolute path to home directory
shell #absolute path to shell

/etc/rc#.d (# is number between 0 and 6)

A series or directories which define which services are stopped (and started) at specific runlevels (inidcated by the number #) FOLDER

The folder contains symbolic links which not only point to the relevant script in /etc/init.d but also indicate what action to perform with that script

#S STARTS the httpd service at runlevel 5; priority 85

#K KILLS the httpd service at runlevel 6; priority 15

The prefix number defines what order the script will run, 11 will run before 15 and so on. The correct values to apply are found in the relevant script under chkconfig

grep chkconfig /etc/init.d/httpd
#displays chkconfig (- OR 345) START KILL where START is the recommended S priority and KILL is the recommended K priority and - indicating that the service does not start automatically OR 345 indicating it starts on runlevels 3, 4 and 5.


Contains scripts of system services FOLDER

The scripts within can be used to manually start/stop services

/etc/rc.d/init.d/httpd start
#this will start the webserver

see also Shell Command: service which accomplishes the same thing


Configuration FILE for DNS resolution

 #IP address name server (max 3)

 #domain name used locally

 #search list for hostname lookup

 #Allow address sort,list specified by IP addresses 

 #modify internal variables EG:

attempts: 3 #set retry count for queries to 3


Configuration FILE for system logging


#Security and authorization-related commands

authpriv #Private authorization messages

#The cron daemon

#System daemons

#The ftp daemon

#The kernel

#The BSD printer spooling system

#sendmail and other mail-related software

mark    #Timestamps generated at regular intervals

#The Usenet news system

#Same as auth

#rsyslogd internal messages

#User processes

#Reserved for UUCP

local0 to local7	
#Eight flavors of local message

Priorities (low to high):
#For debugging only

#Informational messages

#Things that might merit investigation

warning (or warn)	
#Warning messages

#Other error conditions

#Critical conditions

#Urgent situations

emerg (or panic)	
#Panic situations
WARN and PANIC are deprecated

Example selectors:
#All facilities and priorities

#All facilities at info priority or higher

#Select all kernel messages

#Messages from the mail facility at a warning priority or higher

#Messages from the cron or lpr facility at an err priority or higher

#Messages from the cron facility at an err priority or higher, but not at alert priority

#Only err messages from the mail facility

 #Select messages from all facilities except mail and lpr

#Specify the full absolute path for the log file

#The - before the path means to not sync after writing each log message (better system performance for active logs eg mail)

#Specify a pipe symbol and a path to a named pipe file created with mkfifo (make first-in, first-out)

#Specify a terminal or console, such as /dev/console

#IP address,hostname or remote host

#Specify a list of users whose terminals will have the message displayed if the users are currently logged into the system

#Send to the terminal of everyone who is logged in

TEST using the LOGGER command


Legacy FILE for mapping application service names to port numbers. This is now typically done with individual config files but this file may still be useful for identifying default ports.


contains users hashed passwords which can be combined with /etc/passwd for cracking. Only accessible by root.

each entry comprises eight fields, delimited with a colon


loginID #corresponds with loginID in /etc/passwd
password #encrypted password (none if empty). If preceded by ! account is locked. ! or * on their own indicate inaccessible (likely system) account.
lastchg #no of days from 1st Jan 1970 until last password change
min #minimum age (days) before user can change password
max #maximum age (days) before password expiry (99999 no expiry)
warn #no of days before expiry to issue password change warning
inactive # no of days after password expiry account remains active
expiry #days post 1st Jan 1970 indicating a date when password will be deleted and account rendered inactive.


FOLDER that holds default directory structure/contents that will be applied to new users home directory ON CREATION (ie if this folder is amended it does not propagate to existing users)

Different template folders can be created on the system, for example /etc/skel_sales, /etc/skel_hr and /etc/skel_marketing and referenced in the -k option when creating accounts with useradd.


configuration file for the journald logging daemon, which creates the main log on systemd systems as binaries FILE

Storage auto/volatile/persistent/none
#log if log file exists/log to RAM/log to disk/log to console
#compress files or not
#define storage (default 10% capped at 4GB)
#define max file size before rotation


a symbolic link that points to the required default target (runlevel) in /lib/systemd/system on a systemd machine LINK


contains configuration files that specify how devices are handled when connected. FOLDER


location of user home directories FOLDER


contains systemd targets (runlevels) for boot. FOLDER

default target can be set by making a symbolic link:


that points to the required target in /lib/systemd/system


systemd mount FILE

Description #mount unit to be mounted
Before #filename to be mounted

What #absolute path to file to be mounted
Where #location to mount to
Type #filesystem type
Options #options

WantedBy #systemd target that this filesystem will be used by


directory containing third party software installations


contains a list of hardware items that can exercise Direct Memory Access (bypassing the CPU) FILE


/proc/iomem contains a list of locations used to pass and store data similar to RAM FILE


/proc/ioports contains memory addresses used for communication with hardware devices such as keyboards FILE


/proc/meminfo contains information about the system memory FILE


file for non-persistent and RAM-based logging FILE must be opend with journalctl command


virtual memory that is NOT mounted as a directory - can be up to twice the physical memory on a system VIRTUAL


/sys contains values relevant to the operation and configuration of the kernel FOLDER


temporary WORLD WRITEABLE directory for system and users FOLDER


operating system files, commands and system software FOLDER


locally installed software that should not be upgraded alongside the operating system


FOLDER containing available timezone files


directory for heavy activity functions such as mail, ftp, http FOLDER



System boot log FILES


cron service (scheduled task) log files


contains messages generated during the boot process FILE


Apache web server error log file FILE


Kernel log FILES


file for persistent logging on a systemd system must be opend using the journalctl command. FILE


Mail server log FILE


Kernel and system-related messages - the MAIN log file FILE
See also /var/log/syslog, /var/log/rsyslog


Kernel and system-related messages - the MAIN log file FILE
See also /var/log/messages, /var/log/syslog


Authentication log FILE - see also /var/log/auth.log


Kernel and system-related messages - the MAIN log file FILE
See also /var/log/messages, /var/log/rsyslog


Log FILE for the Uncomplicated Firewall


FOLDER containing user crontab files. Should not be edited directly, rather user should use crontab command.