I like to jot down the things I learn as I go along; it helps me to remember. I’ve reproduced this list of useful Linux files and folders which will hopefully grow over time, to represent those I have encountered. I figure if I write them here, they might be of use to others too. The majority can be explored with cat, a pager or a text editor.
root directory that must contain: bin boot dev etc lib media mnt opt sbin srv tmp usr and var subfolders FOLDER
Mail forwarding configuration FILE SYNTAX for line in file: mrnoobot, mrsnoobot #forwards to specified users mrnoobot, "|/usr/bin/vacation" #forwards to user and runs program
contains Linux kernel and bootloader files FOLDER
contains Linux kernel and bootloader files (EFI)
The GRUB bootloader configuration file. FILE Notable sections: GLOBAL OPTIONS default = 0 #title to boot to by default fallback = 1 #title to boot to if default fails timeout = 5 #time to choose boot option splashimage = /grub/splash/image.jpg #background image hiddenmenu #hides all but default title unless key is pressed password Password123 #password needed to use GRUB CLI TITLES #denote available operating systems root(hd0,2) #provides location of boot directory using hd syntax kernel #image file and parameters to be passed to kernel initrd #ramdisk to match kernel password #when used in title, password must be entered before booting that title password --md5 <MD5HASH> #uses an encrypted password for password functions (safer). Can be generated using grub-md5-crypt rootnoverify #specifies bootable non-Linux operating systems chainloader +1 #specify path to bootloader on non-Linux bootable OS OR +1 if it is in the first sector of the partition
pseudo-filesystem that represents all devices currently connected to the Linux system. FOLDER /dev/sda1 #represents SATA/SCSI/USB device A partition 1 /dev/hdb2 #represents IDE device b partition 2
Log FILE of the hardware clock first setting and subsequent adjustments.
configuration file for locating package repositories (Debian) FILE
FILE which specifies a list of users (one per line) who are permitted to use the at command. By default all users are allowed to use the command if it is installed and this file does not exist. If this file exists, then /etc/at.deny should NOT exist
FILE which specifies a list of users (one per line) who are NOT permitted to use the at command. By default all users are allowed to use the command if it is installed and this file may not exist (or will be empty). If this file exists, then /etc/at.allow should NOT exist Adding a user to this file will not affect any existing at jobs that user has created. These should be removed manually using atrm
FILE for configuring the chronyd time service (an alternative to network time protocol for high latency environment) pool <address> #specifies NTP server pools logdir #specify location of log files server #server address to use keyfile #location of authentication information for NTP servers driftfile #location of file to monitor drift for correction allow <IP or subnet> #hosts that can use this server deny <IP or subnet> #hosts that may not use this server
FILE which specifies a list of users (one per line) who are permitted to use the crontab command. By default all users are allowed to use the command and this file does not exist. If this file exists, then /etc/cron.deny should NOT exist
FOLDER containing system crontab (scheduled) jobs that do not require environment variables to be loaded before script execution
FILE which specifies a list of users (one per line) who are NOT permitted to use the crontab command. By default all users are allowed to use the command and this file does not exist. If this file exists, then /etc/cron.allow should NOT exist Adding a user to this file will not affect any existing cron jobs that user has created. These should be removed manually using crontab -u mrnoobot -r
System crontab FILE for the scheduling of tasks. The file will: Define the environment for the scripts eg using SHELL/PATH variables Define the frequency of script execution Define what user the script will run as Define a path to the script User crontab files are similar but only run as the user. Frequency is established by defining the following: minutes (0-59) hours (0-23) day of the month (1-31) month (1-12) day of the week (0-7) (0 & 7 == Sunday) Multiple days/weekdays/months can be specified using comma separation or defining a range with - These frequency fields can be replaced by the following keywords: @reboot @yearly/@annually @monthly @weekly @daily/@midnight @hourly
contains entries for default boot FOLDER
As the path suggests, a FILE in which the default locale can be adjusted by changing the LANG variable to an available locale. See also locale command.
file system table - configures filesystems that will be mounted automatically on boot FILE FORMAT: UUID/DEV/LABEL MOUNTPOINT FILESYSTEM OPTIONS DUMPBIT CHECKPRIORITY UUID/DEV/LABEL #lists the uuid, the device or the label MOUNTPOINT #the point to mount the device on FILESYSTEM # the filesystem on the device OPTIONS #any specified options DUMPBIT #1 for TRUE, 0 for FALSE - available to dump command CHECKPRIORITY #0 for NEVER - order that filesystems are checked OPTIONS ro #read only rw #read and write suid #allow suid executes nosuid #do not allow suid executes dev #allow device files nodev #do not allow device files exec #allow executable files noexec #do not allow executable files auto #automatically mount noauto #do not automatically mount async #asynchronous writes sync #synchronous writes relatime #only update access timestamp if file is modified or metadata changed defaults #stick to default options
FILE containing list of groups and their members Four fields delimited by colon: group_name:password:GID:members group_name #name of the group password #unusual but if x indicates password entry in /etc/gshadow GID #numeric group ID members #list of users who are members of the group delimited by ,
contains scripts run by GRUB2 FOLDER
similar to /etc/shadow this FILE holds the security information for groups in the /etc/group file contains four fields delimited by colon : groupname:password:admins:members groupname #the group name password #an encrypted password for the group, if it exists (can prevent use of newgrp command) admins #users who are group admins members #users who are normal members of the group
FILE deprecated by DNS but still used for bootstrapping, non-internet(isolated) nodes and input for Network Information Services database FIELDS <IP ADDRESS> <HOSTNAME> <ALIAS> 192.168.24.11 test.noobot.com noobot
Where this FILE exists, it may simply contain the word 'manual'. This will automatically override the .conf file and prevent the service from running automatically.
ubuntu variant of /etc/inittab; default runlevel can be amended DEFAULT_RUNLEVEL = See also Shell Commands: runlevel for runlevel descriptions See /etc/inittab for systemv/Red Hat systems
determines which scripts will be executed to provide services at startup FILE default runlevel can be set in this file (see Shell Commands: runlevel for descriptions) id:5:initdefault: #in this line, 5 is the default runlevel and can be amended SYSTEM V systems. See also /etc/systemd, /etc/init/rc-sysinit.conf
contains scripts executed to provide services on startup FOLDER SYSTEM V systems. See also /etc/systemd
library configuration file - typically points to folder /etc/ld.so.conf.d/ which contains individual package conf files
FILE to manage default settings used when new accounts are created. Does NOT propagate if amended #setting the range of UID and GIDs available to new users and groups. UID_MIN #user UIDs start at this value (typically 1000) UID_MAX #upper limit for UIDs GID_MIN #group GIDs start at this value (typically 100) GID_MAX #upper limit for GIDs #SYS_ #preceding about values indicates the ranges reserved for system users and groups (services) #setting password aging settings PASS_MAX_DAYS #max number of days password is valid 99999 never expires PASS_MIN_DAYS #min number of days a password must be valid PASS_WARN_AGE #days before expiry that warning will be generated
Configuration FILE for log file management Establishes the default log settings, the directory for package logs, and customised settings for individual logs. SETTINGS weekly/daily/monthly/yearly #Rotation interval rotate 4 #number of rotations to retain compress #compress rotated logs missingok #no error if logfile is absent
FILE used to configure mail aliases SYNTAX for each line in file: noobots: mrnoobot, mrsnoobot, panoobot #defines the mailgroup noobot and users in the mailgroup mrnoobot: email@example.com;firstname.lastname@example.org #deliver to multiple addresses for same user logissues: |/usr/local/bin/issues #pipes mail to a logging application chiefnoobot: /dev/null #deletes all incoming mail for a user
FOLDER containing files that determine how interfaces are configured
Configuration FILE for NTP (Network Time Protocol) Comprises servers to sync with and method (eg iburst); recommended at least 3. If server will include own IP address. Restricts computers from using the machine as a time server (default ignore) and restricts (whitelists) which computers can access the ntpd service (127.0.0.1 for local host). If server, restrict default will be nomodify nopeer noquery. Driftfile - a file that monitors the time drift between sync servers and system, ultimately providing for automatic correction Logfile - location of the ntpd logfile
contains user data (not passwords) that may be useful for password cracking when combined with /etc/shadow Each entry contains seven fields delimited with a colon. loginID:x:UID:GID:comment:home:shell loginID #username x #denotes encrypted password stored in /etc/shadow UID #user ID number (root is 0) GID #primary group ID comment #may contain user/admin customised details home #absolute path to home directory shell #absolute path to shell
/etc/rc#.d (# is number between 0 and 6)
A series or directories which define which services are stopped (and started) at specific runlevels (inidcated by the number #) FOLDER The folder contains symbolic links which not only point to the relevant script in /etc/init.d but also indicate what action to perform with that script /etc/rc5.d/S85httpd #S STARTS the httpd service at runlevel 5; priority 85 /etc/rc6.d/K15httpd #K KILLS the httpd service at runlevel 6; priority 15 The prefix number defines what order the script will run, 11 will run before 15 and so on. The correct values to apply are found in the relevant script under chkconfig grep chkconfig /etc/init.d/httpd #displays chkconfig (- OR 345) START KILL where START is the recommended S priority and KILL is the recommended K priority and - indicating that the service does not start automatically OR 345 indicating it starts on runlevels 3, 4 and 5.
Contains scripts of system services FOLDER The scripts within can be used to manually start/stop services /etc/rc.d/init.d/httpd start #this will start the webserver see also Shell Command: service which accomplishes the same thing
Configuration FILE for DNS resolution nameserver #IP address name server (max 3) domain #domain name used locally search #search list for hostname lookup sortlist #Allow address sort,list specified by IP addresses options #modify internal variables EG: attempts: 3 #set retry count for queries to 3
Configuration FILE for system logging Syntax: FACILITY.PRIORITY ACTION #DESCRIPTION Facilities: auth #Security and authorization-related commands authpriv #Private authorization messages cron #The cron daemon daemon #System daemons ftp #The ftp daemon kern #The kernel lpr #The BSD printer spooling system mail #sendmail and other mail-related software mark #Timestamps generated at regular intervals news #The Usenet news system security #Same as auth rsyslog #rsyslogd internal messages user #User processes uucp #Reserved for UUCP local0 to local7 #Eight flavors of local message Priorities (low to high): debug #For debugging only info #Informational messages notice #Things that might merit investigation warning (or warn) #Warning messages err #Other error conditions crit #Critical conditions alert #Urgent situations emerg (or panic) #Panic situations WARN and PANIC are deprecated SELECTOR = FACILITY.PRIORITY Example selectors: *.* #All facilities and priorities *.info #All facilities at info priority or higher kern.* #Select all kernel messages mail.warning #Messages from the mail facility at a warning priority or higher cron,lpr.err #Messages from the cron or lpr facility at an err priority or higher cron.err;cron.!alert #Messages from the cron facility at an err priority or higher, but not at alert priority mail.=err #Only err messages from the mail facility *.info;mail.none;lpr.none #Select messages from all facilities except mail and lpr ACTION /path/to/file #Specify the full absolute path for the log file -/path/to/file #The - before the path means to not sync after writing each log message (better system performance for active logs eg mail) |/path/to/named/pipe #Specify a pipe symbol and a path to a named pipe file created with mkfifo (make first-in, first-out) /dev/tty10 #Specify a terminal or console, such as /dev/console @10.0.0.1 #IP address,hostname or remote host noobot,mrsnoobot,panoobot #Specify a list of users whose terminals will have the message displayed if the users are currently logged into the system * #Send to the terminal of everyone who is logged in TEST using the LOGGER command
Legacy FILE for mapping application service names to port numbers. This is now typically done with individual config files but this file may still be useful for identifying default ports.
contains users hashed passwords which can be combined with /etc/passwd for cracking. Only accessible by root. each entry comprises eight fields, delimited with a colon loginID:password:lastchg:min:max:warn:inactive:expire loginID #corresponds with loginID in /etc/passwd password #encrypted password (none if empty). If preceded by ! account is locked. ! or * on their own indicate inaccessible (likely system) account. lastchg #no of days from 1st Jan 1970 until last password change min #minimum age (days) before user can change password max #maximum age (days) before password expiry (99999 no expiry) warn #no of days before expiry to issue password change warning inactive # no of days after password expiry account remains active expiry #days post 1st Jan 1970 indicating a date when password will be deleted and account rendered inactive.
FOLDER that holds default directory structure/contents that will be applied to new users home directory ON CREATION (ie if this folder is amended it does not propagate to existing users) Different template folders can be created on the system, for example /etc/skel_sales, /etc/skel_hr and /etc/skel_marketing and referenced in the -k option when creating accounts with useradd.
configuration file for the journald logging daemon, which creates the main log on systemd systems as binaries FILE Storage auto/volatile/persistent/none #log if log file exists/log to RAM/log to disk/log to console Compress #compress files or not SystemMaxUse #define storage (default 10% capped at 4GB) SystemMaxFileSize #define max file size before rotation
a symbolic link that points to the required default target (runlevel) in /lib/systemd/system on a systemd machine LINK
contains configuration files that specify how devices are handled when connected. FOLDER
location of user home directories FOLDER
contains systemd targets (runlevels) for boot. FOLDER default target can be set by making a symbolic link: /etc/systemd/system/default.target that points to the required target in /lib/systemd/system
systemd mount FILE UNIT Description #mount unit to be mounted Before #filename to be mounted MOUNT What #absolute path to file to be mounted Where #location to mount to Type #filesystem type Options #options INSTALL WantedBy #systemd target that this filesystem will be used by
directory containing third party software installations
contains a list of hardware items that can exercise Direct Memory Access (bypassing the CPU) FILE
/proc/iomem contains a list of locations used to pass and store data similar to RAM FILE
/proc/ioports contains memory addresses used for communication with hardware devices such as keyboards FILE
/proc/meminfo contains information about the system memory FILE
file for non-persistent and RAM-based logging FILE must be opend with journalctl command
virtual memory that is NOT mounted as a directory - can be up to twice the physical memory on a system VIRTUAL
/sys contains values relevant to the operation and configuration of the kernel FOLDER
temporary WORLD WRITEABLE directory for system and users FOLDER
operating system files, commands and system software FOLDER
locally installed software that should not be upgraded alongside the operating system
FOLDER containing available timezone files
directory for heavy activity functions such as mail, ftp, http FOLDER /var/tmp is WORLD WRITEABLE
System boot log FILES
cron service (scheduled task) log files
contains messages generated during the boot process FILE
Apache web server error log file FILE
Kernel log FILES
file for persistent logging on a systemd system must be opend using the journalctl command. FILE
Mail server log FILE
Kernel and system-related messages - the MAIN log file FILE See also /var/log/syslog, /var/log/rsyslog
Kernel and system-related messages - the MAIN log file FILE See also /var/log/messages, /var/log/syslog
Authentication log FILE - see also /var/log/auth.log
Kernel and system-related messages - the MAIN log file FILE See also /var/log/messages, /var/log/rsyslog
Log FILE for the Uncomplicated Firewall
FOLDER containing user crontab files. Should not be edited directly, rather user should use crontab command.