Linux File System Hunting
Introduction
Linux is a free, open-source operating system known for its flexibility, stability, and strong security and it's developed by Linus Torvalds in 1991.
It is widely used for personal computing, server environments, and enterprise systems because of its performance and customization capabilities.
Think of Linux like Harry Potter the wizard and commands are like spells.
With the help of those powerful commands you can access any thing withing your computer system.
This blog documents my investigation into the Linux filesystem to understand how the operating system actually works under the hood through its file system structure and related components like
networking configs
DNS settings
routing tables
logs
processes
permissions
system behavior.
But we are not going to discussed those basic commands here.
Like ls, cd, pwd, free, mv, rm, etc.
So, welcome to the magical world of Linux where powerful commands control everything.
Linux Under the Hood: A Filesystem Investigation
When i started to learn Linux through commands. I thought it's all about commands But Linux is not command driven it is filesystem driven.
Everything in Linux lives as a file, Yes, it is.
Files like devices, processes, services, logs, networking, users, even the kernel itself.
>So, save this information permanently in your brain.txt
( fancy word -> brain.txt = your memory )
The Linux Philosophy: “Everything is a File”
Linux treats nearly every component as part of the filesystem tree.
This design gives Linux its power, transparency, and the control.
By exploring directories like /etc, /proc, /dev, /boot, and /var, I realized that,
Linux doesn’t hide system behavior —> it exposes it.
Just like Harry Potter exposes that Voldemort returned (Goblet of Fire) and the existence of the Chamber of Secrets, clearing Hagrid’s name.
/etc — >The Brain of System Configuration
The /etc directory is the control room of Linux operating system.
This is where the system stores human editable configuration files that define how the OS behaves.
So, here is the command line
cd /etc
ls
Result:
If you are some one like me, who run this command first time
Then just like me, you also thought that,
"What is this colorful lines ?"
So, Inside /etc I discovered configurations for:
Users and passwords
Networking
DNS
Services
Environment variables
Security policies
This directory is essentially the personality of the system.
If Linux were a robot, /etc would be its brain.
So, let's run some command and found out together what inside.
User Management Secrets
- /etc/passwd -> This command contains user account details like username, UID, home directory, shell and it's readable by everyone.
Note: To see its contents, i use a "reader" command like
catbut you can also useless, ornanofollowed by the file path.
Command:
cat /etc/passwd
Result:
- /etc/shadow -> it stores the encrypted passwords and password policies and restricted it.
Command:
sudo cat /etc/shadow
Result:
So, here i add sudo in command because
I use virtual machine like excloud ti run those commands.
The Reason: On Linux systems,
/etc/shadowis one of the most sensitive files. It is owned by the root user and is generally not readable by standard users (like theubuntuuser i am currently logged in as).The Fix: I need to use
sudo(SuperUser DO) to temporarily gain the administrative privileges required to read it.
But Why this matters:
Because, Linux allows programs to read user info safely without exposing passwords.
This is one of the earliest examples of Linux’s security mindset.
DNS: How Linux Finds the Internet
I discovered that DNS configuration also lives in:
Command:
cat /etc/resolv.conf
Result:
This tiny file tells Linux which DNS server to ask when you visit websites.
Example:
nameserver 8.8.8.8
This means:
When you type google.com, Linux asks this server to translate the name into an IP address. Because our computer don't understand the names.
But why this matters:
Because without DNS, the internet becomes unusable it doesn't know where to send the DNS queries.
Linux exposes this core internet mechanism in a simple text file so, your computer can understand.
Host Identity: /etc/hosts
Before DNS even starts, Linux checks the identity of host first,
Command:
cat /etc/hosts
Result:
This file acts like a manual phonebook for the internet.>
You can map domain names to IP addresses locally.
This means you can:
Block websites
Redirect domains
Simulate servers locally
It’s like hacking the internet —> from your own machine.
Networking Internals
Linux networking settings live across the filesystem.
Command:
ls -l /etc/network
Result:
These define how your computer connects to networks.
Linux networking is file-driven, not GUI-driven.
Routing Tables via Files
I learned that Linux exposes kernel networking data inside.
So, when you run cat /proc/net/route, you are asking the system to show you the rules it uses to decide where network traffic should go.
Command:
cat /proc/net/route
Result:
Explanation Table:
Column | Meaning | Your Data Example |
Iface | The network interface being used. |
|
Destination | The destination network address (in hex). |
|
Gateway | The IP address of the router (in hex). |
|
Flags | The status of the route. |
|
Mask | The subnet mask. |
|
This file reveals how packets travel through networks.
Why this matters:
Because Linux lets you peek into the kernel’s live brain using files.
/var/log —> The System’s Diary
In the Linux filesystem hierarchy, /var/log is the standard directory where the system and various applications store their log files.
If something goes wrong with your server, a service won't start, or you suspect a security breach, this is the first place you should look. It provides a chronological record of events, errors, and status messages.
Commands:
ls /var/log
Result:
Inside /var/log I found logs for:
System boot
Authentication attempts
Kernel messages
Services and apps
This directory is the black box recorder of Linux.
If something breaks, logs tell the story.
This is why Linux servers are so reliable:
Nothing happens silently.
systemd — The Service Commander
Modern Linux uses systemd to manage services.
Service files live in:
/etc/systemd/system
Result:
Each service has a .service file that defines:
When it starts
What it runs
Dependencies
Linux services are not hidden background magic they are plain text instructions.
This transparency is powerful.
/proc —>The Living Kernel
The /proc directory shocked me the most.
It is not a real folder.
It is a virtual filesystem generated by the kernel in real time.
Command:
cd /proc
ls
Result:
Inside /proc I found:
Running processes
CPU info
Memory usage
Kernel parameters
Each running process has its own folder
This means:
You can inspect a running program while it runs.
Linux exposes its own heartbeat.
/dev — Hardware as Files
In Linux, hardware devices appear as files in /dev.
Command:
ls /dev
Result:
Examples:
Hard drives
USB devices
Terminals
This means programs interact with hardware by reading and writing files.
No special APIs required.
This is one of Linux’s most elegant design ideas.
/boot — The Birth of Linux
The /boot directory contains files needed to start Linux.
Command:
ls /boot
Result:
Here lives:
The Linux kernel
Bootloader configs
Initial RAM disk
This directory is the origin story of your operating system.
Without /boot, Linux cannot even wake up.
Environment Configuration
Global environment variables live in:
Command:
cat /etc/environment
cat /etc/profile
Result:
These files shape how programs run across the system.
This shows how Linux controls behavior globally using simple text.
What This Investigation Taught Me
So, Linux is radically transparent.
Instead of hiding system behavior behind GUIs and registries, Linux exposes everything as readable and editable files.
This design gives:
Control
Security
Debugging power
Reliability
Learning opportunities
Linux doesn’t hide complexity —> it teaches it.
Conclusion
Exploring the Linux filesystem changed how I see operating systems.
Linux is not a black box.
It is an open book.
Every configuration, process, device, and service leaves a trace in the filesystem.
By reading these files, we move from being users to becoming system investigators.
And that is the real power of Linux.
