The Linux directory structure – What lives where?

Just open up a terminal and have a browse through these directories to get an idea of where everything is.

To Change to a Directory use:
To LiSt what’s in it use:
To LiSt even the hidden files, ask for All:
ls -a

What directories are there and what do they contain?

/ – This is the root directory. Under windows, DOS, OS/2, and cousins, there’s a seperate root directory for each drive or partition. Linux and other Unix variants put everything in one directory tree, and this is at the base. There’s generally not much in here other than directories, although kernel images might be stored here too.

/boot – Some distros store kernel images and other miscellaneous files needed to boot here.

/tmp – Generally only temporary files needed at boot. Things that need temporary storage after boot generally use /var/tmp, but this isn’t universal by any means.

/mnt – This is where directories go for mounting various miscellaneous filesystems. Sometimes, /cdrom and /floppy are used for mounting cdrom and floppy devices, but I’m not sure how many distros other than Debian do this. /mnt is also sometimes called /mount.

/lib – Libraries needed at bootup. Libraries not needed at bootup but needed after the system is running should go in /usr/lib. Kernel modules generally go in /lib/modules/.

/dev – Device files go here. These are special files created by the Linux kernel that can be used by programs to control hardware devices. Note that network interfaces (eth0, ppp0, etc) don’t exist here.

/proc – This filesystem doesn’t actually exist on disk. It contains files that provide information about the state of the computer, including info on running processes, hardware states, and memory usage. Most of the files aren’t easily read by humans, though.

/var – Contains data changed when the system is running normally. /var/tmp, for example, should be used for storing temporary files. Various processes and daemons dump logs here, and some important subdirectores are:

/var/lock – Lock files. These are created by programs when accessing a specific resource. They don’t actually prevent access, so respecting a lock file is more of a politeness thing. Most programs do respect them, and thus you don’t have to worry about them unless you’re writing a program.

/var/log – Log files are generally written here. This directory may grow quite large, and so may require regular cleaning.

/var/run – Contains various bits of runtime information.

/var/lib – Contains various files needed while the system is running. One that will almost definitely be of interest to laptop users is /var/lib/pcmcia/stab, which contains some information about PCMCIA devices.

/var/spool – Mail, news, and printer queues get stored here.

/root – Home directory of the root user. Shouldn’t be much stored here at all, as you should be using normal, unprivilaged users for anything that doesn’t require root privilages.

/home – This contains the home directories of most of the users on the system. You can type cd to return to your home directory, and you can use ~/ as a shortcut to refer to your home directory. Personal config and data files for normal users go here.

/etc – Probably where you’ll spend most of your time as root, this is where most system-wide configuration files are stored. Files for specific users are almost always stored in the user’s home directory. The contents will vary depending on what you’ve got installed, but some subdirectories that are probably of interest are listed below.

/etc/X11 – This is where system-wide X11 configuration files are stored. XF86Config stores data used by the server to set up the environment. /etc/X11/fonts is where the fonts used by the server are stored, and window managers generally create subdirectories for their config files.

Boot related stuff for Debian:

/etc/init.d – Debian stores the actual scripts for starting daemons and services here. Not all of these are necessarily started at boot time, so don’t remove any unless you’re absolutely sure its safe. Most are created and removed by their associated packages, so you’ll rarely have to do anything here.

/etc/rcS.d – These are soft links to scripts in /etc/init.d that are run during startup no matter what runlevel the system’s booting into. The files start with an S followed by two digits – services are started in an order determined by these two digits. For example, S24foo is started before S42bar. The rest of the filename should be the name of the file in /etc/init.d the file is linked to.

/etc/rc0.d through /etc/rc6.d – These are soft links, just like in /etc/rcS.d, except they’re only executed when entering the specified runlevel. 0 is shutdown and 6 is reboot. Anything starting with a K shuts down a process, and anything starting with an S starts one. Other than that, they follow the same rules as /etc/rcS.d. By default, as far as I can tell, Debian boots into runlevel 2.

/bin and /sbin – Programs and system programs needed when the system is booting, respectively. Most are also useful after the system boots up, but they’re put here because they’re generally needed before any other programs.

/usr – Unix System Resources. This is the really big directory. Almost everything goes under here, unless I mentioned it above, so I’m going to go into quite a bit of detail about subdirectories and so on.

usr/X11 – These are files used by X11, and the files under them are structured like the /usr directory.

/usr/bin – Binary files (program executables) that aren’t needed during boot go here. This is probably where most of the programs you use during normal system operation reside.

/usr/sbin – These are system programs not needed during boot.

/usr/games – Game programs and (sometimes) data files and configuration stuff.

/usr/include – C and C++ header files. Probably not of much interest to you unless you’re into programming with C and/or C++.

/usr/lib – Library and shared library files not needed at bootup.

/usr/info – Data files needed by the GNU info program.

/usr/man – Data files needed by the man program.

/usr/src – Source code files. The linux kernel source is usually in /usr/src/linux.

/usr/doc – Documentation files go under here. There’s probably quite a lot here, and there are quite a few programs that just put copyright and changelog files here and document themselves through man or info. Of particular interest is the HOWTO directory where (probably) your distribution has placed a collection of HOWTOs from These aren’t quite as simplified as NHFs, but they’re still quite good.

(The perceptive will notice that most directories in /usr/doc are actually links to the real location of the documentation…)

/usr/local – This directory contains things that are specific to the local system. Really only takes on any meaning if /usr is being mounted from a remote machine, VIA smb or nfs or some other networking filesystem. In that case, /usr/local would be a partition on the local machine, and the machine’s user would put their programs there. This directory is usually structured like the /usr tree is.

/usr/shared – Shared files for programs go here. What a program puts here is, as far as I can tell, pretty much arbitrary, but sound files seem to be a fairly common thing to put here.

That’s all the major directories I could pick out of my filesystem. If I’ve made any mistakes, left anything out, or whatever E-Mail me at the above address and I’ll be glad to try and include it.

Start or Stop Iptables Firewall on Debian Linux

I have been given the task at work of configuring the firewalls for a client with a large network and various servers. The system has a lot of security implemented which requires specific control of users, subnetworks, and who has access rights to certain network and internet resources.

Configuring a single computer is relatively easy, and you can find many guides on the net, but I was curious to see that on some Ubuntu/Debian based forums and blogs, people were treating iptables as a service which it most certainly isn’t. There appears to be some confusion between Debian, Redhat, and derivatives (Ubuntu, Fedora, CentOS etc).

Difference between Redhat and Debian
Redhat, Fedora, CentOS do have a script in /etc/init.d which allows you to {save|stop} the iptables configuration, and I believe some people were mistakenly trying to apply it to Debian based systems. That’s not to say that you couldn’t create a Start/Stop script, but it doesn’t come as standard.

Iptables is a command, not a service
Iptables is a command to manipulate the netfilter kernel firewall. Just as modprobe will allow you to load a kernel module, but you can’t /etc/init.d/modprobe start, or service modprobe start. Iptables works the same. It issues, saves, removes commands.

To get Iptables:
sudo apt-get install iptables

Or see if it is already installed:
dpkg -l | grep iptables

How to Enable/Start/Configure Iptables (as root):
Create an empty firewall.rules file that can be manually configured by issuing commands via the terminal and then saving again.
iptables-save > /root/firewall.rules
iptables-restore < /root/firewall.rules

Now issue these commands as root sequentially:
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT

Save your config:
Once you have issued them, save them to firewall.rules with the same command you used to create the file.
iptables-save > /root/firewall.rules

Now you can check to see if the rules file is no longer empty:
vim /root/firewall.rules

Which should give you something like this:(A completely open Firewall)
# Generated by iptables-save v1.4.8 on Wed Oct 27 09:40:48 2010
:INPUT ACCEPT [79:11460]
:OUTPUT ACCEPT [59:9812]
# Completed on Wed Oct 27 09:40:48 2010
# Generated by iptables-save v1.4.8 on Wed Oct 27 09:40:48 2010
:OUTPUT ACCEPT [14:1382]
# Completed on Wed Oct 27 09:40:48 2010
# Generated by iptables-save v1.4.8 on Wed Oct 27 09:40:48 2010
:INPUT ACCEPT [30:6110]
:OUTPUT ACCEPT [24:4552]
# Completed on Wed Oct 27 09:40:48 2010

This is just a basic first step to setting up iptables manually. At work we have a template firewall script that runs from RC2.d at boot on our clients’ and our office servers, and is approximately 250 lines long.

Documentation on the web:

Asterisk 1.8 on Debian Squeeze

As we work a lot with Asterisk PBX systems at work, I decided to download and compile the latest version 1.8 on my Squeeze installation (which hopefully will become the new “stable” soon)

1. Create a temporary directory:
mkdir /home/rich/tmp

2. Change to tmp
cd /home/rich/tmp

3. Get the Asterisk 1.8 tarball from here:

4. Unpack it:
tar xvf asterisk-1.8-current.tar.gz

5. Get some dependencies that are need for Asterisk and Documentation:
sudo apt-get install libxml2-dev libncurses5-dev doxygen libgtk2.0-dev

6. Compile Asterisk 1.8
sudo make install

7. Install the documentation:
make progdocs

All went schwimmingly!

Time to have a play. 🙂

How to Gpg sign emails with Mutt

After having set up Mutt, I decided to try and find out where to add any pgp settings to use my gpg key signature on each email.

I Googled a bit and read various guides, and the quickest one I found was t copy a default gpg config file over and leave it as it is:

cp /usr/share/doc/mutt/examples/gpg.rc /home/rich/.mutt

Now, when I compose a new email, I hit “:wq” to write and quit, and now all I need to do is hit “p” and a new Pgp encryption menu appears with various options.

I choose “a” for “Sign As…”, then add the name of the Gpg key I wish to use. In this case it’s “rich scadding (richs-lxh). Then once I hit “y” send, I get asked for my Gpg password and everything is done.

So, to recap:
1. cp /usr/share/doc/mutt/examples/gpg.rc /home/rich/.mutt
2. Open Mutt and hit “m” to compose an email
3. Write and Quit
4. Hit “p” to sign the email
5. Choose option “a” for “Sign As….”
6. Add the name of the Gpg key you wish to sign with.
7. Hit “y” for Yes to send
8. Enter your Gpg password

How to Use Mutt Email Client with Gmail

Going back to terminal based apps:
I’ve just recently gone back to the old-school ways of using the terminal instead of gui apps, as at work we administer a lot of Debian based servers remotely via ssh. My desktop now has one terminal open, with around 5-6 “Screens” with Mutt(email), Irssi(IRC), TwitVim(Identica), Elinks(Web) and a couple of spares for terminal/ssh work and editing with Vim.

Mutt is easier than you think:

Installing Mutt
To install mutt on Crunchbang/Squeeze:

sudo apt-get install mutt

Next, in the terminal, create these directories that mutt needs to cache message headers and bodies, and store certificates:

mkdir -p ~/.mutt/cache/headers
mkdir ~/.mutt/cache/bodies
touch ~/.mutt/certificates

Now, create a basic Gmail-ready .muttrc
Choose your own text editor, I use Vim

vim .muttrc

And paste this basic gmail-ready config:
Once you have it pasted, edit the Gmail account details (everything you’ll need to alter is IN CAPITALS.) and save the file.
**Note** If you are in the UK you will need to use a slightly different config:HERE

**Edit** Darrin suggested that as your password is in plaintext, it may also be a good idea to encrypt your home directory as well for added security. (I’ll try to post a guide on single file encryption, directory encryption and entire drive/partition encryption at a later date) Thanks for the suggestion Derrin.

# Change the following six lines to match your Gmail account details
set imap_user = ""
set imap_pass = "PASSWORD"
set smtp_url = "smtp://"
set smtp_pass = "PASSWORD"
set from = ""
set realname = "YOUR NAME"

# Change the following line to a different editor you prefer.
set editor = "vim"

# Basic config, you can leave this as is
set folder = "imaps://"
set spoolfile = "+INBOX"
set imap_check_subscribed
set hostname =
set mail_check = 120
set timeout = 300
set imap_keepalive = 300
set postponed = "+[GMail]/Drafts"
set record = "+[GMail]/Sent Mail"
set header_cache=~/.mutt/cache/headers
set message_cachedir=~/.mutt/cache/bodies
set certificate_file=~/.mutt/certificates
set move = no
set include
set sort = 'threads'
set sort_aux = 'reverse-last-date-received'
set auto_tag = yes
ignore "Authentication-Results:"
ignore "DomainKey-Signature:"
ignore "DKIM-Signature:"
hdr_order Date From To Cc
alternative_order text/plain text/html *
auto_view text/html
bind editor complete-query
bind editor ^T complete
bind editor noop

# Gmail-style keyboard shortcuts
macro index,pager y "unset trash\n " "Gmail archive message"
macro index,pager d "set trash=\"imaps://[GMail]/Bin\"\n " "Gmail delete message"
macro index,pager gi "=INBOX" "Go to inbox"
macro index,pager ga "=[Gmail]/All Mail" "Go to all mail"
macro index,pager gs "=[Gmail]/Starred" "Go to starred messages"
macro index,pager gd "=[Gmail]/Drafts" "Go to drafts"

Start Using Mutt:
Run it from the terminal by simply typing mutt and hit “enter”. The first time you do this, you’ll be prompted to accept two SSL certificates from Google; press ‘a’ to always accept these certificates. You should now be greeted by your Gmail inbox.

Navigating, Reading and Sending Emails

Mutt is controlled from the keyboard and the following shortcuts will get you up and running:
For a more in depth list of commands and config features, either hit the “?” key in an open Mutt session or type “man mutt” in the terminal.

j to move down.
k to move up.
d to delete a message
y to archive one
gi to view your Inbox
ga to view All Mail
gd to view Drafts
gs to view Starred messages

And here are a few more that are particular to mutt:

t will mark a message
s will save one, or more
c lets you change to a different folder
/ lets you search the current folder

Sending Email with mutt
The basics look like this:

1. Type m (or r if you’re replying to a mail)
2. Enter the recipients email address; hit Return
3. Enter a subject; hit Return
4. Write your message.
5. Save it.
6. Type y, and your message will be sent.

Type q to quit mutt.