Skip to main content
HashnodeTechnical Blogs

Command Palette

Search for a command to run...

Linux Under the Hood: A Filesystem Investigation

Updated
4 min read
Linux Under the Hood: A Filesystem Investigation
S
Shriyansh Agarwal

Most beginners interact with Linux through commands, but the real power of Linux lies deeper in its filesystem. During my exploration, I focused on understanding how Linux exposes its internal workings through structured directories.

Instead of memorizing commands, I tried to answer:

Where does Linux actually store its logic?

Here are some of the most meaningful discoveries I made.

/boot - The Starting Point of the System

What it does: /boot stores all the files required during the system startup process.

Why it exists:
Before the operating system fully loads, the system needs access to:

  • The Linux kernel

  • Bootloader files (like GRUB)

What problem it solves:
It provides a minimal, reliable environment to start the OS.

Insight:
I realized that Linux startup is staged:

  1. Firmware runs

  2. Bootloader loads

  3. Kernel starts

👉 /boot is where this transition begins. It’s not used during normal operation, only at startup.

/etc - The Control Center of Linux

What it does:
/etc contains system-wide configuration files.

Why it exists:
Linux separates configuration from execution. Programs don’t hardcode behavior, they read from config files.

What problem it solves:
Allows easy customization without modifying program code.

Insight:
Almost every major system behavior is controlled here:

  • Networking

  • Users

  • Services

👉 Instead of a GUI settings panel, Linux uses editable text files as its control system.

/etc/passwd vs /etc/shadow - A Security Evolution

What they do:

  • /etc/passwd → stores user information (username, UID, home directory)

  • /etc/shadow → stores encrypted passwords

Why they exist:
User authentication requires both identity and credentials.

What problem they solve:
Secure storage of user data.

Insight (very important):
Originally, passwords were stored in /etc/passwd.
But this file is readable by all users.

So Linux split it:

  • Public info → /etc/passwd

  • Sensitive data → /etc/shadow

👉 The name “shadow” comes from the idea that password data is hidden in the “shadow” of the main file.

This shows how Linux evolved to improve security without breaking compatibility.

/var/log - The System’s Memory

What it does:
Stores logs generated by different parts of the system.

Why it exists:
Systems need a way to record events, errors, and activities.

What problem it solves:
Helps in debugging, monitoring, and auditing.

Insight:
Logs are organized by category:

  • System logs

  • Authentication logs

  • Kernel logs

👉 Instead of guessing what went wrong, you can trace system behavior over time.

It made me realize:

Logs are not just records—they are the history of the system’s decisions.

systemd — Managing System Services

Where it exists:

  • /etc/systemd/

  • /lib/systemd/

What it does:
Controls system services (programs that run in the background).

Why it exists:
Modern systems need structured service management and dependency handling.

What problem it solves:
Ensures services start in the correct order and restart if they fail.

Examples of services:

  • Networking service

  • SSH service

  • Logging service

Insight:
Each service is defined as a unit file.

These files describe:

  • How a service starts

  • What it depends on

  • When it should run

👉 Linux boot is essentially a chain of services being activated.

/bin — Essential Tools Available at All Times

What it does:
/bin stores essential user command binaries like ls, cp, mv, cat, and bash.

Why it exists:
These tools are required for basic system operation, even in minimal or recovery environments.

What problem it solves:
Ensures that critical commands are always available—even if other parts of the system (like /usr) are not mounted.

Insight:
I initially thought /bin just stores “random commands,” but it’s actually very intentional:

  • Only essential binaries are placed here

  • These commands are required during boot or system repair

👉 This means Linux is designed to always give you a survival toolkit, even in a broken system.

Extra observation:
On modern systems, /bin is often linked to /usr/bin, showing how Linux is evolving while maintaining backward compatibility.

Final Reflection

Through this exploration, one idea became very clear:

Linux is not hiding its internals—it is exposing them through the filesystem.

  • Boot process → /boot

  • Configuration → /etc

  • Users → /etc/passwd, /etc/shadow

  • Logs → /var/log

  • Services → systemd

  • Tools → /bin

This design makes Linux:

  • Transparent

  • Flexible

  • Debuggable

What I Learned

Before this, I thought Linux was about commands.
Now I see it as a structured system where everything important is stored as files.

And once you understand where things live,
you start understanding how the system actually works.

#security#systemd#process#etc#diagnostics#networking#sysadmin#system-administration#filesystem#linux

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Technical Blogs

27 posts