Linux Basics

— ny_wk

Linux system admin interview questions almost always start with the boot process, then drill into storage (LVM, RAID, multipath), networking, services, and recovery. This guide organizes the core Red Hat (RHEL) topics into clear sections with representative questions and corrected, accurate answers so you can explain why each command works, not just recite it.

The examples below cover both legacy RHEL 5/6 (MBR, GRUB Legacy, SysV init, up2date) that you may still meet in older estates, and the modern RHEL 7/8/9 equivalents (GPT, GRUB2, systemd, dnf, firewalld). Where the old syntax is end-of-life, the modern replacement is called out so your answers stay current.

The Linux Boot Process (the #1 Linux system admin interview question)

Being able to walk an interviewer through power-on to login prompt is the single most common screening question. The clean, accurate sequence is:

1. Firmware (BIOS/UEFI): The power supply asserts a Power Good signal, the CPU jumps to the firmware entry point, and POST (Power-On Self-Test) checks the hardware. Firmware then reads the configured boot order and hands off to the boot device.
2. Boot loader (GRUB2): On BIOS/MBR systems the first 512-byte sector holds the MBR (446 bytes of boot code, 64 bytes partition table, 2 bytes 0x55AA signature) which chains to GRUB2. On UEFI systems the firmware reads the EFI System Partition and loads grubx64.efi directly. GRUB2 presents the menu and loads the selected kernel and initramfs.
3. Kernel: The kernel decompresses, initializes hardware, and mounts the initramfs as a temporary root so the drivers needed to reach the real root filesystem are available.
4. initramfs: Switches to the real root filesystem (pivot_root) and starts the init system as PID 1.
5. init system (systemd): systemd brings the machine to its default target, starting services until you reach the login prompt.

Modern correction: Older notes describe initrd, GRUB Legacy stages 1/1.5/2, and /sbin/init reading /etc/inittab. On RHEL 7+ those are replaced by initramfs, GRUB2, and systemd. Mentioning both versions shows depth.

Runlevels vs systemd Targets

Interviewers love to test whether you understand that runlevels are gone. The mapping is worth memorizing:

Q: How do you set the default boot mode?
Legacy: edit the initdefault line in /etc/inittab. Modern: systemctl set-default multi-user.target. Switch live with systemctl isolate graphical.target.

Q: How do you enable a service at boot and start it now?
Legacy: chkconfig httpd on; service httpd start. Modern: systemctl enable --now httpd. Check status with systemctl status httpd and list everything with systemctl list-unit-files.

GRUB, Recovery, and Resetting the Root Password

Boot-level recovery is a favorite Linux system admin interview question because it proves you understand the early boot chain.

Q: You forgot the root password. How do you reset it (RHEL 7/8/9)?

1. At the GRUB2 menu press e to edit the kernel entry.
2. Find the line starting with linux and append rd.break (or init=/bin/bash), then press Ctrl+X to boot.
3. Remount the real root read-write: mount -o remount,rw /sysroot.
4. Switch into it: chroot /sysroot.
5. Set the password: passwd root.
6. Force a SELinux relabel so the changed shadow file is contexted correctly: touch /.autorelabel.
7. Exit twice and reboot. Skipping the relabel step is the classic mistake that leaves you locked out again.

Q: How do you reinstall GRUB after it gets wiped?
Boot rescue media, mount the system, chroot in, then run grub2-install /dev/sda followed by grub2-mkconfig -o /boot/grub2/grub.cfg (legacy used grub-install plus an interactive grub> setup). Always regenerate the config so the menu matches installed kernels.

LVM Commands Every Linux Admin Must Know

Logical Volume Manager (LVM) lets you resize storage without downtime, which is why LVM commands dominate practical RHEL interviews. The hierarchy is Physical Volume (PV) → Volume Group (VG) → Logical Volume (LV).

1. Initialize disks as PVs: pvcreate /dev/sdb /dev/sdc
2. Create a volume group: vgcreate vgdata /dev/sdb /dev/sdc
3. Create a 200 MB logical volume: lvcreate -L 200M -n lvweb vgdata
4. Make a filesystem: mkfs.xfs /dev/vgdata/lvweb (use mkfs.ext4 if you need ext4)
5. Mount and persist in /etc/fstab, then verify with df -hT

Q: How do you grow a logical volume online?
Extend the LV and the filesystem in one step: lvextend -L +500M -r /dev/vgdata/lvweb. The -r flag resizes the filesystem for you. Behind the scenes that calls xfs_growfs for XFS or resize2fs for ext4.

Q: Can you shrink an XFS filesystem?
No. XFS cannot be shrunk — a common trap question. Only ext-family filesystems shrink, and you must unmount, run e2fsck -f, then resize2fs before lvreduce. If you reduce the LV first you will corrupt data.

Q: A volume group ran out of space — now what?
Add a new disk as a PV and extend the VG: pvcreate /dev/sdd then vgextend vgdata /dev/sdd. To evacuate a disk before removal use pvmove /dev/sdd, then vgreduce vgdata /dev/sdd and pvremove /dev/sdd.

Handy inspection commands: pvs, vgs, lvs -a -o +devices (shows which LV sits on which disk), and lvdisplay -m for segment mapping.

Software RAID with mdadm

Q: How do you build a RAID 5 array on a running machine?

1. Create partitions of type fd (Linux raid autodetect) with fdisk or parted.
2. Create the array: mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1. Note the correct flag is --raid-devices, not --raid-disk.
3. Inspect it: mdadm --detail /dev/md0 and watch rebuild progress in cat /proc/mdstat.
4. Format and mount: mkfs.xfs /dev/md0.
5. Persist the array definition: mdadm --detail --scan >> /etc/mdadm.conf so it reassembles on boot.

Q: How do you simulate and replace a failed disk?
Fail it with mdadm /dev/md0 --fail /dev/sdb1, remove it with mdadm /dev/md0 --remove /dev/sdb1, then add a replacement with mdadm /dev/md0 --add /dev/sde1. RAID 5 keeps serving data from parity while the new disk rebuilds.

Multipath and LUN Detection (SAN Storage)

On SAN-attached servers a single LUN is visible through several paths; device-mapper-multipath merges them into one resilient device.

Q: How do you scan for a newly presented LUN without rebooting?
Re-scan each SCSI host: echo "- - -" > /sys/class/scsi_host/host0/scan (repeat per host), or for Fibre Channel issue a loop initialization: echo 1 > /sys/class/fc_host/host0/issue_lip. The cleanest method is the helper script rescan-scsi-bus.sh. Then run multipath -ll and diff the before/after output to identify the new device.

Q: How do you enable multipath and give devices friendly names?
Install device-mapper-multipath, run mpathconf --enable --with_multipathd y, then systemctl enable --now multipathd. Add WWID-to-alias entries in a multipaths { } block in /etc/multipath.conf so a LUN shows as, say, data-d1 instead of a long WWID. Useful checks: multipath -ll (full topology), multipath -f mpathX (flush one map), and find the WWN with cat /sys/class/fc_host/host0/port_name.

Networking, Bonding, and Services

Q: What does NIC bonding do, and which mode gives both speed and redundancy?
Bonding aggregates multiple NICs into one logical interface. The key modes: mode 0 (balance-rr) load-balances round-robin; mode 1 (active-backup) is pure failover; mode 4 (802.3ad/LACP) gives link aggregation and redundancy when the switch supports LACP — usually the right production answer. Verify with cat /proc/net/bonding/bond0. On RHEL 7+ configure bonds with nmcli rather than hand-editing ifcfg files.

Q: How is the firewall managed on modern RHEL?
Legacy RHEL used raw iptables rules (e.g. iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT). RHEL 7+ uses firewalld: firewall-cmd --permanent --add-service=ssh then firewall-cmd --reload. RHEL 8/9 use nftables as the backend. Know all three layers.

Q: How do you set up passwordless SSH?
Generate a key pair with ssh-keygen -t ed25519 (or rsa on older boxes), then push the public key with ssh-copy-id user@remote-host. That appends it to ~/.ssh/authorized_keys with correct permissions — safer than copying by hand.

SELinux, Packages, and Patching

Q: How do you check and change SELinux mode?
Check with sestatus or getenforce. Temporarily set permissive with setenforce 0 (enforcing is setenforce 1). For a permanent change edit SELINUX= in /etc/selinux/config. Fix file contexts with restorecon -Rv /path and toggle booleans persistently with setsebool -P httpd_can_network_connect on.

Q: How do you manage packages?
Install/remove/query a single RPM: rpm -ivh pkg.rpm, rpm -e pkg, rpm -qa | grep pkg. For dependency-aware management use dnf on RHEL 8/9 (yum on RHEL 7): dnf install httpd, dnf update, dnf history. The legacy up2date tool is gone — patching today goes through dnf and Red Hat Satellite/subscription-manager.

Q: How do you create a local repository?
Copy the packages to a directory, run createrepo /path/to/repo, then drop a .repo file in /etc/yum.repos.d/ pointing baseurl=file:///path/to/repo with gpgcheck=0 for an internal mirror. Refresh with dnf clean all && dnf repolist.

Performance Monitoring and Troubleshooting

Expect a scenario like “the server is slow — what do you check?” Walk through layers methodically:

• CPU & load: top, uptime (1/5/15-minute load averages), mpstat -P ALL, and historical data with sar.
• Memory: free -h and cat /proc/meminfo; watch swap with vmstat 2.
• Disk I/O: iostat -xz 2 for per-device latency and utilization.
• Network: ss -tunap (the modern replacement for netstat) for sockets and listening ports.
• Processes & open files: ps aux, pstree, and lsof to find what holds a file or port.

Q: A mount point won’t unmount — “target is busy.” How do you find the culprit?
List the processes using it with fuser -vm /mountpoint or lsof +D /mountpoint, then either stop them gracefully or, as a last resort, fuser -km /mountpoint to kill them. Killing blindly can lose unsaved work, so identify first.

Q: Where do you look for logs?
On systemd systems use journalctl -xe (and journalctl -b for the current boot). Traditional files still exist: /var/log/messages (general), /var/log/secure (auth), and /var/log/maillog (mail).

Scheduling with cron

Q: Explain the cron time fields.
A crontab line is minute(0-59) hour(0-23) day-of-month(1-31) month(1-12) day-of-week(0-7, where 0 and 7 are Sunday) command. So 0 2 * * 1 /usr/local/bin/backup.sh runs at 02:00 every Monday. Edit with crontab -e, list with crontab -l, and inspect another user’s jobs with crontab -u alice -l. Restrict access via /etc/cron.deny and /etc/cron.allow. On modern systems systemd timers are an increasingly common alternative — worth mentioning.

Users, Groups, and Special Permissions

Q: Explain SUID, SGID, and the sticky bit.

• SUID (4): a program runs with the file owner’s privileges. Classic example: /usr/bin/passwd. Set with chmod u+s file.
• SGID (2): on a directory, new files inherit the directory’s group — essential for shared/collaborative folders. Set with chmod g+s dir.
• Sticky bit (1): on a shared directory like /tmp, only a file’s owner (or root) can delete it. Set with chmod +t dir (numeric 1777).

Q: How do you lock an account and set an expiry date?
Lock with usermod -L user or passwd -l user (unlock with -U/-u). Set account expiry with chage -E 2026-12-31 user and audit aging with chage -l user. Use ACLs for finer-grained access: setfacl -m u:john:rwx /data and review with getfacl /data.

Kernel Tuning

Q: How do you change a kernel parameter persistently?
Set it live with sysctl -w net.ipv4.ip_forward=1, then make it survive reboots by adding net.ipv4.ip_forward = 1 to a file under /etc/sysctl.d/ (or /etc/sysctl.conf) and applying with sysctl -p. Common tunables include vm.swappiness, net.ipv4.ip_local_port_range, and dropping caches with echo 3 > /proc/sys/vm/drop_caches (a debugging aid, not a routine fix).

Key Takeaways

• Master the boot chain — firmware → GRUB2 → kernel → initramfs → systemd — and know the legacy equivalents it replaced.
• For storage, the LVM stack (PV → VG → LV) plus mdadm RAID and multipath cover the bulk of practical Linux system admin interview questions.
• Remember the hard rules: XFS cannot shrink, always resize the filesystem before reducing an LV, and touch /.autorelabel after a chroot password reset.
• Use modern tooling in your answers: systemctl, dnf, firewalld/nftables, ss, and journalctl instead of their deprecated predecessors.
• Troubleshoot in layers — CPU, memory, disk I/O, network, then processes — and identify the offending process before you kill anything.

Frequently Asked Questions

What are the most important Linux system admin interview questions?

The boot process, runlevels/systemd targets, LVM resizing, RAID and multipath storage, SELinux modes, firewall configuration, and root-password recovery come up in almost every RHEL interview. Being able to explain the reasoning behind each command matters more than memorizing flags.

What is the difference between SysV init and systemd?

SysV init (PID 1) ran shell scripts from /etc/rc.d sequentially based on a runlevel set in /etc/inittab. systemd replaces it with parallelized, dependency-aware units and targets, managed by systemctl, with integrated logging via journalctl. RHEL 7 onward uses systemd.

Can you reduce an LVM logical volume safely?

Only for shrinkable filesystems like ext4 — unmount, run e2fsck -f, shrink with resize2fs, then lvreduce. XFS cannot be shrunk at all, so for an XFS volume you must back up, recreate it smaller, and restore.

How do you reset a forgotten root password in RHEL?

Edit the GRUB2 entry, append rd.break, boot, then mount -o remount,rw /sysroot, chroot /sysroot, passwd root, touch /.autorelabel, and reboot. The autorelabel step is essential so SELinux re-contexts the changed files.

For more Linux, DevOps, and certification walkthroughs, subscribe on YouTube @explorenystream.