<- Back to Interview Prep

Linux Interview Q&A

30 practical Linux interview questions with concise, revision-friendly answers.

Section 1: Basic Level (Q1 - Q15)

Q1. What is the difference between a process and a thread in Linux?

  • A process is an independent program with its own memory space and resources.
  • A thread is a lightweight execution unit inside a process that shares memory and resources with other threads in the same process.
  • Processes are isolated; threads are faster to communicate but need synchronization to avoid race conditions.

Q2. What is a zombie process? How do you remove it?

  • A zombie process has finished execution but still has an entry in the process table because the parent has not collected its exit status.
  • You cannot kill a zombie directly.
  • Find the parent with: ps -ef | grep defunct
  • Terminate or restart the parent process/service to clean up the zombie.

Q3. What is the difference between soft link and hard link?

  • Hard link points directly to the inode and works only within the same filesystem.
  • Soft link (symbolic link) points to a path and can work across filesystems.
  • Hard link remains valid even if original filename is removed; soft link breaks if target is deleted.
  • Commands: ln file hardlink, ln -s file softlink

Q4. Explain the Linux boot process step by step.

  • 1) BIOS/UEFI does hardware initialization and POST.
  • 2) Bootloader (usually GRUB) loads the kernel.
  • 3) Kernel initializes hardware and mounts the root filesystem.
  • 4) initramfs/initrd supports early boot tasks.
  • 5) systemd/init (PID 1) starts and manages services.
  • 6) System reaches a target state (multi-user/graphical).
  • 7) Login prompt or display manager appears.

Q5. What is the difference between /etc/passwd and /etc/shadow?

  • /etc/passwd is world-readable and stores user account metadata like UID, GID, home, and shell.
  • /etc/shadow is root-readable and stores password hashes plus password aging and expiry policy fields.
  • The password field in /etc/passwd is usually x as a placeholder.

Q6. What is umask and how does it work?

  • umask controls default permission bits removed from newly created files and directories.
  • Default max permissions: files 666, directories 777.
  • Example umask 022 gives files 644 and directories 755.
  • Use umask to view and umask 027 to set.

Q7. What is LVM and what are its advantages?

  • LVM (Logical Volume Manager) abstracts storage and provides flexible volume management.
  • Main units: PV (Physical Volume), VG (Volume Group), LV (Logical Volume).
  • Advantages: online resizing, snapshots, spanning across disks, and easier storage expansion.

Q8. How does SSH key-based authentication work?

  • Generate key pair with ssh-keygen.
  • Copy public key to server authorized_keys.
  • Server challenges client, client proves identity with private key.
  • Server verifies and grants access without password exchange.

Q9. What is the difference between systemctl and service commands?

  • service is legacy SysVinit style command for scripts in /etc/init.d.
  • systemctl is the modern systemd command for managing unit files and system state.
  • systemctl also supports enable, disable, mask, and target management.

Q10. How do you troubleshoot a server that is not responding?

  • Check network reachability: ping, then SSH.
  • Check load and resources: uptime/top, free -h, df -h.
  • Check services and logs: systemctl status, journalctl -xe, syslog.
  • Check network sockets and heavy processes: ss -tulnp, ps aux --sort=-%cpu.
  • If remote access fails, use out-of-band console (IPMI/iDRAC/cloud serial console).

Q11. What is the /proc filesystem?

  • /proc is a virtual filesystem that exposes live kernel and process data.
  • Useful paths include /proc/cpuinfo, /proc/meminfo, /proc/uptime, /proc/loadavg, and /proc/<PID>.
  • System tools like top, ps, and free read this data.

Q12. What are runlevels and systemd targets?

  • Runlevels are SysVinit modes (for example 0 halt, 1 rescue, 3 multi-user, 5 GUI, 6 reboot).
  • Systemd targets are the modern equivalent (poweroff.target, rescue.target, multi-user.target, graphical.target, reboot.target).
  • Use systemctl isolate to switch target and systemctl set-default to set boot target.

Q13. What is the difference between TCP and UDP? Where is each used?

  • TCP is connection-oriented, reliable, ordered, and has higher overhead.
  • UDP is connectionless, faster, and does not guarantee delivery or ordering.
  • Common TCP uses: SSH, HTTP/HTTPS, FTP, SMTP. Common UDP uses: DNS, DHCP, VoIP, streaming, NTP.

Q14. How do you schedule a cron job? Explain cron syntax.

  • Edit with crontab -e.
  • Syntax: MIN HOUR DOM MON DOW COMMAND
  • Examples: 0 2 * * * /backup.sh, */5 * * * * /check.sh, 0 9 * * 1 /weekly.sh.

Q15. What is SELinux and what are its modes?

  • SELinux is a mandatory access control layer in Linux.
  • Modes: Enforcing (active), Permissive (log only), Disabled (off).
  • Commands: getenforce, setenforce 0, setenforce 1; permanent config in /etc/selinux/config.

Section 2: Difficult Level (Q16 - Q30)

Q1. What happens when you type a command in Linux terminal?

  • Shell reads and parses input, checks aliases/builtins, then searches PATH.
  • Shell forks a child process and child calls exec to run the binary.
  • Process runs and returns exit status to the shell, which prints next prompt.

Q2. Explain inode exhaustion. How do you troubleshoot it?

  • Every file consumes an inode. If inodes run out, file creation fails even with free disk space.
  • Symptoms often show as No space left on device.
  • Check with df -i and identify high file-count directories; remove unnecessary small files.

Q3. What is a race condition in shell scripting? How do you prevent it?

  • Race condition occurs when shared resources are accessed concurrently and timing changes outcomes.
  • Use file locks (for example flock), atomic operations, and avoid unsafe shared state.

Q4. How does the Linux kernel handle memory management?

  • Uses virtual memory, paging, and page tables to map virtual to physical addresses.
  • Uses swap when RAM is low and OOM killer when memory is critically exhausted.
  • Includes allocators like buddy system and slab allocator, and uses cache aggressively.
  • Inspect with /proc/meminfo, free -h, vmstat.

Q5. What is iptables? Write a rule to block incoming traffic on port 80.

  • iptables configures Linux netfilter firewall chains and rules.
  • Block HTTP ingress: iptables -A INPUT -p tcp --dport 80 -j DROP
  • List rules with iptables -L -n -v.

Q6. Explain the difference between kill, kill -9, and killall.

  • kill PID sends SIGTERM for graceful shutdown.
  • kill -9 PID sends SIGKILL for forceful termination.
  • killall name terminates all processes matching a name (optionally with signal).

Q7. What is RAID? Explain RAID 0, 1, 5, and 10.

  • RAID combines disks for performance and/or redundancy.
  • RAID 0: striping, fastest, no redundancy.
  • RAID 1: mirroring, good redundancy, 50% usable storage.
  • RAID 5: striping plus parity, survives one disk failure.
  • RAID 10: mirrored stripes, high performance and fault tolerance.

Q8. How do you analyze and reduce high load average on a Linux server?

  • Compare load average with CPU core count.
  • Check CPU, memory, and I/O bottlenecks using top, ps, vmstat, iostat, iotop.
  • Identify blocked tasks/log anomalies and tune processes or scale resources.

Q9. What is the difference between NFS and SMB/CIFS?

  • NFS is common and efficient in Linux/Unix environments.
  • SMB/CIFS is native for Windows interoperability and managed on Linux via Samba.
  • Use NFS for Linux-to-Linux shares; SMB for mixed Windows/Linux ecosystems.

Q10. How do you secure an SSH server?

  • Disable root login and password auth when possible.
  • Allow only required users, reduce auth attempts, disallow empty passwords.
  • Restrict access by firewall and trusted IPs.
  • Restart sshd after config updates.

Q11. Explain how file descriptor redirection works in Linux.

  • Default descriptors: 0 stdin, 1 stdout, 2 stderr.
  • Examples: > overwrite stdout, >> append stdout, 2> stderr file, 2>&1 merge stderr into stdout, | pipe output.
  • Example: ./script.sh > out.log 2>&1

Q12. What is the OOM Killer and how does it decide which process to kill?

  • OOM killer frees memory during critical exhaustion to protect system stability.
  • Selection depends on oom_score and factors like memory usage and oom_score_adj tuning.
  • Inspect with /proc/<PID>/oom_score and system logs (dmesg/journalctl).

Q13. What is strace and how do you use it for debugging?

  • strace traces system calls and signals for a process.
  • Use strace command, attach with strace -p PID, follow forks with -f, summarize with -c.
  • Useful for permission issues, missing files/libs, and app hangs.

Q14. Explain how Linux handles DNS resolution step by step.

  • Resolver follows /etc/nsswitch.conf order, usually files then dns.
  • Checks /etc/hosts first, then DNS servers in /etc/resolv.conf.
  • Resolver returns A/AAAA records and may cache by TTL.
  • Debug with dig, nslookup, host, and dig +trace.

Q15. How would you set up log rotation and why is it important?

  • Log rotation prevents logs from exhausting disk by rotating, compressing, and pruning old files.
  • Managed via logrotate config in /etc/logrotate.conf and /etc/logrotate.d/.
  • Use settings like daily, rotate count, compress, create permissions, and postrotate reload hooks.
  • Test with logrotate -d and force with logrotate -f.