Linux File System Exploration Looking Inside the System

Introduction

When we use Linux, we mostly interact with it through commands. But those commands are only interfaces.

The real system exists underneath, inside the filesystem.

Linux follows a powerful design philosophy: the operating system exposes its internal state through files. If you know where to look, you can understand how everything works — users, processes, networking, services, and even hardware.

In this exploration, I moved beyond basic commands and investigated how Linux actually works internally by studying its filesystem structure.

Starting Point — The Root of Everything

Linux begins from a single root directory:

/

Unlike operating systems that separate drives (like C:, D:), Linux builds everything under one unified tree.

This structure organizes the system clearly:

• Configuration → /etc

• Processes → /proc

• Devices → /dev

• Logs → /var/log

• Boot system → /boot

This unified design solves fragmentation problems and makes the system easier to inspect, debug, and understand.

1. /etc — Where System Behavior Is Defined

The /etc directory contains configuration files that control how the system behaves.

User Management — /etc/passwd and /etc/shadow

• /etc/passwd → stores user information (username, UID, home directory, shell)

• /etc/shadow → stores encrypted passwords

Problem

If password data were stored in a publicly readable file, it would create a major security risk.

Solution

Linux separates user identity and authentication:

• /etc/passwd → readable by all programs

• /etc/shadow → restricted access

Insight

Security in Linux is not only about permissions, but also about data separation and system design.

2. DNS Resolution — How Linux Finds Websites

To understand how Linux connects to websites, I explored:

• /etc/hosts

• /etc/resolv.conf

• /etc/nsswitch.conf

How it works

When you access a domain:

1. Linux checks /etc/hosts (local mapping)

2. If not found, it queries DNS servers from /etc/resolv.conf

3. The lookup order is defined in /etc/nsswitch.conf

Problem

Systems need a reliable way to resolve domain names, even without external DNS.

Solution

Linux provides a flexible, file-based resolution system.

Real-world use

Developers use /etc/hosts to override domains locally for testing applications.

Insight

Networking behavior in Linux is not hidden — it is fully configurable through simple files.

3. /proc — The Kernel’s Live Interface

The /proc directory is not stored on disk. It is a virtual filesystem created by the kernel in real time.

What it exposes

• Process information → /proc/[PID]/status

• Open files → /proc/[PID]/fd

• System stats → /proc/cpuinfo, /proc/meminfo

Problem

Applications and tools need access to internal system state (processes, memory, CPU usage).

Solution

Instead of complex APIs, Linux exposes this data as files.

Investigation

When I explored /proc/$$, I could directly see details about the current running shell process.

Insight

Tools like ps, top, and lsof are not special — they simply read from /proc. This means the system is transparent and you can build your own monitoring tools.

4. Network Routing — How Data Finds Its Path

Routing information is available in:

• /proc/net/route

• ip route output

What it represents

The routing table defines:

• Where packets should go

• Which interface to use

• Which gateway to use

Problem

Without routing rules, the system would not know how to send data across networks.

Solution

Linux maintains routing information in structured, readable form.

Insight

Even complex networking decisions are exposed as data. Linux does not hide its networking logic — it makes it inspectable.

5. systemd — Service Management Through Files

Modern Linux systems use systemd to manage services.

Where configuration lives

• /etc/systemd/system/

• /lib/systemd/system/

Each service is defined using a configuration file.

Problem

Managing system services manually would be complex and inconsistent.

Solution

Linux uses declarative configuration files to define:

• How services start

• Dependencies

• Restart policies

Insight

Enabling a service does not install anything new. It simply creates links that include the service in the boot process.

6. /var/log — The System’s Memory

Logs are stored in /var/log.

What logs contain

• Login attempts

• System errors

• Service activity

• Kernel messages

Problem

Without logs, debugging and monitoring system behavior would be extremely difficult.

Solution

Linux records system activity in structured log files.

Real-world use

System administrators use logs to debug production issues and detect security threats.

Insight

Linux is highly observable. If something goes wrong, the evidence is usually already recorded.

7. /dev — Everything Is a Device File

The /dev directory represents hardware and virtual devices as files.

Examples

• /dev/null → discards output

• /dev/zero → generates zero bytes

• /dev/urandom → generates random data

Problem

Programs need a consistent way to interact with hardware.

Solution

Linux abstracts devices into files, allowing standard operations like read and write.

Insight

This reflects a core Unix philosophy: everything is treated as a file, making the system consistent and simple.

8. File Permissions — The Security Model

Linux controls access using permissions:

• Owner

• Group

• Others

Special Case — SUID

Some binaries have a special permission:

-rwsr-xr-x

This allows them to run with the owner’s privileges.

Problem

Some programs require elevated privileges but giving full root access is dangerous.

Solution

Linux allows controlled privilege escalation using mechanisms like SUID.

Insight

Linux security is granular. It enables limited privilege access instead of unrestricted control.

9. /boot — How the System Starts

The /boot directory contains files required to start the system.

Contents

• Kernel (vmlinuz)

• Initial RAM disk (initrd)

• Bootloader files

Boot process

1. Firmware starts the system

2. Bootloader loads the kernel

3. Kernel initializes hardware

4. systemd starts services

Problem

The system needs a way to load essential components before the full OS is available.

Solution

Linux uses an initial temporary environment (initrd) to prepare the system.

Insight

Linux solves complex startup problems using staged initialization rather than a single step.

10. Hardware Information — Direct from the Kernel

System information is available in:

• /proc/cpuinfo

• /proc/meminfo

Observation

Memory may appear “used” even when the system is idle.

Problem

Unused memory is wasted memory.

Solution

Linux uses free memory for caching to improve performance.

Insight

Linux prioritizes efficiency — it uses available resources instead of leaving them idle.

Conclusion

This exploration changed how I understand Linux.

Instead of seeing it as a command-line system, I now see it as a system built around files:

• Configuration is stored in files

• System state is exposed through files

• Hardware is accessed through files

This design makes Linux:

• Transparent

• Debuggable

• Flexible

Linux is not a black box. It is a system you can inspect, understand, and even reconstruct from its filesystem.

Understanding the filesystem is not just a skill — it is the key to understanding how Linux actually works.