Deep Dive: Exploring Linux’s File System Secrets
Developers often recommend Linux as the preferred operating system for development, servers, and system-level work. However, many beginners—including me—know Linux mainly through basic commands without truly understanding how it functions internally.
To bridge this gap, I decided to explore Linux beyond surface-level usage and investigate how the system actually works under the hood. Instead of focusing on command practice, I examined the Linux file system structure and discovered how core system components—such as networking, DNS configuration, processes, permissions, and device management—are organised and controlled through files.
Before diving deeper, it is important to understand what an operating system is. An operating system acts as an interface between hardware and software. It manages system resources like CPU, memory, storage, and input/output devices, allowing applications to run smoothly. Common examples include Windows, macOS, and Linux.
One of the most fascinating concepts I discovered during this exploration is that Linux treats almost everything as a file. Configuration settings, running processes, hardware devices, and system logs are all exposed through the file system. This design makes Linux highly transparent, flexible, and powerful, allowing users to inspect and control system behaviour directly.
In this blog, I will walk through my findings while exploring the Linux file system, explain what each component does, why it exists, and what insights I gained from investigating it. The goal is to provide a beginner-friendly yet meaningful deep dive into how Linux operates internally and why it is widely preferred by developers and system administrators.
Setting Up the Exploration Environment
Although my laptop runs Windows, I needed access to a real Linux environment to explore the Linux file system. Instead of installing Linux as a separate operating system, I used Windows Subsystem for Linux, which allows Linux to run directly inside Windows.
WSL works by creating a complete Linux environment within Windows. It installs a Linux filesystem, essential system utilities, and a shell interface. Even though the terminal window remains the same, the commands are executed by Linux once the environment is launched.
To enter this Linux environment, I ran:
wsl
Before running this command, the terminal prompt showed a Windows-style path:
After executing wsl, the prompt changed to a Linux-style format:
This change indicates that the shell has switched from Windows to Linux. From this point onward, all commands are interpreted by Linux, not Windows.
Even though Linux is running inside Windows, it maintains its own filesystem. This filesystem contains directories such as /etc, /proc, /dev, and /var, which do not exist in Windows. These directories are created as part of the Linux environment installed by WSL.
To verify that I was inside a Linux system, I inspected the root directory:
This displayed the standard Linux directory structure, confirming that I was now working inside a real Linux filesystem.
This setup allowed me to explore Linux internals without leaving Windows, making it possible to investigate configuration files, networking settings, processes, and system behaviour directly.
Quick Overview of Root Directories
After listing the root directory, I observed multiple system folders. Each directory serves a specific purpose in the Linux filesystem. Understanding these helped me see how Linux organises system components.
/bin — Essential User Commands
This directory contains basic commands required for system operation, such as ls, cp, and mv. These binaries are needed even in minimal system environments.
Why it exists:
Ensures core commands are always available
Used during system recovery or boot
/home — User Directories
Each user gets a personal directory inside /home. Files created by users are stored here.
Example:
Why it exists:
Separates user data from system files.
/var — Logs and Variable Data
This directory contains logs and frequently changing data, such as:
Why it exists:
Keeps logs separate from static system files.
/tmp — Temporary Files
Applications store temporary data here. Files may be deleted automatically.
Insight:
Used for short-lived data storage.
/usr — User Programs and Libraries
Contains installed software, binaries, and shared libraries.
Think of it as:
/usr/bin → applications
/root — Root User Home
This is the home directory for the administrator user.
Different from:
/home/smita
Discovery: /etc/passwd — How Linux Stores User Information
While exploring the /etc directory, I found a file named passwd. At first glance, the name suggested that it might contain passwords. However, upon inspecting the file, I discovered that it actually stores user account information.
To view its contents, I ran:
cat /etc/passwd
The output displayed multiple lines, each representing a user account on the system. A typical entry looked like this:
smita:x:1000:1000:Smita:/home/smita:/bin/bash
Each field in this line has a specific meaning:
smita→ usernamex→ password placeholder (actual password stored elsewhere)1000→ user ID (UID)1000→ group ID (GID)Smita→ user description/home/smita→ home directory/bin/bash→ default shell
This revealed an important insight: Linux stores user details in a structured text file rather than hiding them in a database. The actual passwords are not stored here; instead, they are kept in a protected file to improve security.
Why does this file exist?
The /etc/passwd The file provides a centralised way for the system to manage users. Applications and services refer to this file to identify users, determine their home directories, and assign permissions.
What problem does it solve?
By storing user information in a simple, readable format, Linux makes user management transparent and flexible. Administrators can easily inspect or modify user settings when required.
Interesting insight
This file demonstrates how Linux prioritises transparency. Even fundamental system components like user accounts are represented as plain text entries. This reinforces the idea that Linux exposes internal system behaviour through files, making it easier to understand and control.
Discovery: /etc/resolv.conf — Where DNS Configuration Lives
While continuing my exploration inside the /etc directory, I discovered another interesting file named resolv.conf. This file is responsible for configuring DNS (Domain Name System) in Linux.
DNS is the system that converts human-readable domain names such as google.com , into IP addresses that computers use to communicate. Without DNS, we would have to remember numeric IP addresses instead of simple domain names.
To inspect the DNS configuration, I ran:
cat /etc/resolv.conf
The output looked similar to:
This line indicates the DNS server that the system uses to resolve domain names. When I access a website, Linux first checks this file to determine which DNS server should handle the request.
Why does this file exist?
The system needs a defined DNS server to translate domain names into IP addresses. The /etc/resolv.conf The file provides this configuration in a simple and centralised way.
What problem does it solve?
Instead of hardcoding DNS settings into applications, Linux allows the entire system to rely on this file. Changing the DNS server here affects all applications, making configuration consistent and easy to manage.
Interesting insight
This discovery showed how networking behaviour in Linux is controlled through plain text files. By modifying a single configuration file, the DNS behaviour of the entire system can be changed. This reinforces the idea that Linux prioritises simplicity, transparency, and flexibility in system configuration.
Discovery: /proc — Linux Exposes Live System Information as Files
After exploring the configuration files inside /etc, I moved to another interesting directory called /proc. Unlike regular directories, /proc it is not stored on disk. Instead, it is a virtual filesystem created dynamically by the Linux kernel.
To explore it, I listed its contents:
ls /proc
I noticed many directories with numeric names, such as:
Each number represents a running process ID (PID). This means every running program in Linux has a corresponding directory inside /proc.
For example, I inspected CPU information using:
cat /proc/cpuinfo
This displayed detailed information about the processor, such as model name, cores, and frequency. What makes this interesting is that this data is generated in real time rather than being stored in a static file.
Why this directory exists
The /proc The filesystem provides a way for the kernel to expose internal system and process information to users and applications. Instead of using special tools, Linux allows this information to be accessed through simple file reads.
What problem does it solve?
System monitoring tools need access to process and hardware information. By exposing this data as files, Linux creates a unified and simple interface. Any program can read these files to understand system behaviour.
Interesting insight
The most surprising discovery was that /proc does not actually exist on disk. It is created dynamically in memory. This means Linux can expose live system data using the same file-based approach used for normal files. This strongly supports the philosophy that everything in Linux is treated as a file.
Discovery: /dev — Hardware Devices Represented as Files
After exploring /proc, I moved to another important directory named /dev. This directory further reinforced the idea that in Linux, everything is treated as a file — including hardware devices.
To inspect this directory, I listed its contents:
ls /dev
The output showed various entries such as:
These entries represent different hardware and virtual devices. For example:
/dev/sda→ hard disk device/dev/tty→ terminal interface/dev/null→ discards any data written to it/dev/random→ generates random numbers/dev/zero→ produces continuous zeros
Unlike traditional operating systems, Linux exposes hardware through device files. This allows applications to interact with hardware using the same file operations, like read and write.
Why this directory exists
The /dev The directory provides a standardised way to interact with hardware. Instead of using special APIs for each device, Linux allows programs to access hardware as files.
What problem does it solve?
By representing devices as files, Linux simplifies communication between software and hardware. Programs can read from or write to devices just like normal files, reducing complexity.
Interesting insight
One particularly interesting file is /dev/null. Any data written to this file is discarded. This is commonly used when output needs to be ignored. This demonstrates how even abstract system concepts are implemented using the file-based model.
Exploring /dev made it clear that Linux does not differentiate much between files and hardware. Both are accessed in a unified way, which makes the system highly flexible and powerful.
Discovery: /var/log — Where Linux Stores System Logs
After exploring hardware devices in /devI moved to the /var directory. Inside it, I found a subdirectory named /var/log, which contains system log files. These logs record events happening inside Linux and provide insights into system behaviour.
To explore the logs, I ran:
ls /var/log
The output showed multiple log files, such as:
syslog auth.log kern.log boot.log
Each file records a different type of system activity:
syslog→ general system messagesauth.log→ authentication and login eventskern.log→ kernel-related messagesboot.log→ system startup information
To inspect one of the logs, I viewed the system log:
cat /var/log/syslog
This displayed a chronological list of events generated by the system. These logs can help diagnose issues, monitor activity, and understand system operations.
Why this directory exists
Systems generate large amounts of runtime information. The /var/log directory provides a centralised place to store logs that change frequently.
What problem does it solve?
When something goes wrong, logs help identify the cause. Administrators rely on logs to troubleshoot errors, monitor performance, and track security events.
Interesting insight
This directory revealed that Linux maintains detailed transparency about its operations. Almost every important event is logged, making debugging and system monitoring easier. Instead of hiding internal operations, Linux exposes them in readable log files.
Discovery: Network Configuration
While investigating networking, I explored how Linux identifies network interfaces. I listed network devices using:
ls /sys/class/net
The output showed entries such as:
eth0→ network interfacelo→ loopback interface
The loopback interface allows the system to communicate with itself.
Why this exists
Linux needs a structured way to represent network interfaces.
What problem does it solve?
Applications can reference interfaces consistently when sending or receiving data.
Interesting insight
Linux exposes networking information as files, making it possible to inspect system connectivity without special tools.
Discovery: Permissions — Linux Security Model
Linux controls access to files using permissions. To inspect permissions, I ran:
ls -l /etc/passwd
The output looked like:
These symbols represent:
r→ readw→ writex→ execute
Permissions are grouped into:
owner
group
others
Why this exists
Linux is designed for multi-user environments where different users need different levels of access.
What problem does it solve?
Permissions prevent unauthorised users from modifying critical system files.
Interesting insight
This model shows that Linux security is built directly into the filesystem, not as an external feature.
Why Linux is Developer Favourite
After exploring the Linux filesystem, it became clear why developers prefer Linux.
Some key reasons include:
Transparency — system behavior is visible through files
Powerful command-line interface
File-based configuration makes automation easier
Strong permission-based security model
Lightweight and efficient
Widely used in servers and cloud environments
Many developer tools, such as:
Docker
Kubernetes
Git
are built to work best on Linux systems. This makes Linux the natural choice for development and deployment.
Conclusion
This deep dive into the Linux filesystem helped me understand how Linux works internally. Instead of hiding system behaviour behind graphical interfaces, Linux exposes configuration, processes, devices, and logs through files.
I discovered that:
system configuration lives in
/etcuser information is stored in
/etc/passwdDNS configuration is managed through
/etc/resolv.conflive system data is available in
/prochardware devices appear in
/devlogs are stored in
/var/loguser data resides in
/homeboot process files exist in
/bootnetworking and permissions are file-driven
These findings demonstrated that Linux is highly transparent, flexible, and powerful. The philosophy that everything in Linux is treated as a file makes it easier to inspect, configure, and control the system.
This exploration helped me move beyond basic commands and truly understand why Linux is widely used by developers and system administrators.
