Linux Interview Questions and Answers

— ny_wk

These Linux interview questions and answers cover the core system administration and UNIX internals that hiring managers actually probe: the file system and inodes, process management, user and permission administration, shells, and everyday command-line tools. Each answer is corrected, expanded, and grounded in how modern Linux distributions behave so you can speak with confidence in a technical screen.

Rather than a wall of disconnected trivia, the material below is organized into clear topic sections. Work through them in order, say each answer out loud, and reproduce the commands on a real machine. That practice is what separates a memorized response from a credible one.

Linux File System and Inodes

The file system is the most common opening topic in Linux interview questions because everything in UNIX is built on it. Expect questions about how devices, files, and directories are represented internally.

How are devices represented in Linux/UNIX?

Every device is exposed as a special file under the /dev directory, so devices and ordinary files are named and accessed through the same interface. There are three relevant kinds:

• Regular file — ordinary data stored on disk.
• Block special file — a device that transfers data in fixed-size blocks, such as a hard disk or SSD.
• Character special file — a device that transfers a stream of bytes sequentially, such as a keyboard, serial port, or terminal.

Run ls -l /dev and the first character of each line tells you the type: b for block, c for character.

What is an inode?

An inode (index node) is the on-disk structure that stores a file's metadata — everything except the file name and the data itself. Each inode holds:

• File type and access permissions (the mode)
• Owner user ID (UID) and group ID (GID)
• File size in bytes
• Timestamps: last access (atime), last modification (mtime), last status change (ctime)
• Link count (how many names point at this inode)
• Pointers to the data blocks that hold the file's contents

Directories are themselves files and also have inodes. View an inode number with ls -i and inspect detailed metadata with stat filename.

How does an inode map to the data blocks of a file?

A classic inode uses a mix of direct and indirect pointers so that small files are fast and large files are still possible:

• The first pointers are direct — they point straight at data blocks, so a small file is read in a single lookup.
• A single indirect pointer references a block that holds more block pointers.
• A double indirect pointer references a block of single-indirect blocks.
• A triple indirect pointer adds another level, enabling very large files.

Note: the exact number of pointers and the block size depend on the file system. On modern ext4 the default block size is typically 4 KB, and ext4 also uses extents (contiguous ranges) rather than per-block pointers for efficiency. The classic "13 addresses, 8 KB block" figure from old textbooks describes legacy UNIX, not today's defaults.

How is a directory represented?

A directory is a special file containing a list of name-to-inode-number pairs. Only the kernel writes to a directory; processes may read it. When a directory is created the kernel adds two entries automatically: . (the directory itself) and .. (its parent). The system call is mkdir(pathname, mode), exposed on the command line as mkdir.

What are hard links and symbolic links?

This is a frequent trap in Linux interview questions, so be precise:

• A hard link is an additional name pointing to the same inode. All hard links are equal; the data persists until the link count reaches zero. Hard links cannot span file systems and, by default, cannot be created for directories. Command: ln target linkname.
• A symbolic (soft) link is a small file that stores the path of another file. It can cross file systems and can point to directories, but it breaks if the target is removed. Command: ln -s target linkname.

To link to a directory you use a symbolic link (ln -s) — there is no portable -F option that lets ln hard-link a directory, so reject any answer that claims otherwise.

What is a FIFO (named pipe)?

A FIFO, or named pipe, is a special file used for inter-process communication. Data flows first-in-first-out: one process (the producer) writes, another (the consumer) reads, and once data is read it is gone. Create one with mkfifo mypipe (the underlying system call is mknod with a FIFO type). Unlike an anonymous pipe, a FIFO has a name on disk, so unrelated processes can connect to it.

UNIX System Calls and I/O

Knowing the syscall layer signals real depth. These appear often in advanced Linux interview questions and answers for experienced engineers.

What are the core system calls for file I/O?

The difference between fcntl and ioctl is scope: fcntl manipulates generic file-descriptor properties, while ioctl issues device-specific control commands.

How do you change file access permissions?

Every file carries an owner UID, a group GID, and a 9-bit mode written as rwxrwxrwx for user, group, and others. Each permission is a bit value: read = 4, write = 2, execute = 1. Add them per class to build the octal mode.

1. To set rw-rw-r-- (read/write for owner and group, read for others): chmod 664 myfile.
2. To set rwxr--r-- (full for owner, read for group and others): chmod 744 myfile.
3. Symbolic form also works: chmod u=rwx,go=r myfile.

From a C program the system call is chmod(path, mode) with an octal mode such as 0644.

What do mount and unmount do?

The privileged mount call attaches a file system onto an existing directory (the mount point), grafting one directory tree onto another. umount detaches it. On the command line: mount /dev/sdb1 /mnt attaches the device at /mnt; umount /mnt releases it.

One correction worth knowing: a CD/DVD device is something like /dev/sr0; you mount that device onto a directory such as /mnt/cdrom or /media/cdrom — the device node itself is not the mount point. Modern desktops automount removable media automatically via udev/udisks.

Linux Process Management

Process internals are the heart of senior Linux interview questions and answers. Be ready to explain forking, states, and zombies precisely.

What IDs are associated with a process?

• PID — the unique process ID (getpid()).
• PPID — the parent's PID (getppid()).
• UID — the real user ID of the owner (getuid()).
• EUID — the effective user ID, which actually governs access checks (geteuid()). Set-UID programs run with an EUID different from the invoking user.

What does fork() do, and what does this code print?

fork() creates a new child process that is a near-duplicate of the parent. It returns twice: the child's PID to the parent, and 0 to the child (or -1 on failure). Consider:

1. fork(); printf("Hello World!"); prints Hello World! twice — once per process, because both run the code after the fork.
2. Three sequential forks, then one printf, produce 2^3 = 8 lines, since each fork doubles the number of processes. The general rule is 2^n for n consecutive forks.

Tip: in real code, output may interleave and buffering can change what you see, so always fflush or add a newline when reasoning about fork output.

What system calls manage processes?

What happens, step by step, when you run a command like ls?

1. The shell calls fork() to create a child process.
2. The child calls an exec() variant to load the ls program, replacing the shell's code and data with those of ls.
3. ls runs and prints the directory contents.
4. The parent shell, meanwhile, calls wait() to collect the child's exit status and then shows the next prompt.

What is a zombie process?

A zombie is a process that has finished executing but whose entry still lingers in the process table because the parent has not yet called wait() to read its exit status. In ps output it shows a Z (or defunct) in the status field. Zombies consume no CPU or memory beyond the table entry; the fix is for the parent to reap them, or for the parent to die so init/systemd adopts and reaps the child.

What are the process states?

• Running / Runnable — executing on a CPU or ready to run.
• Waiting (Sleeping) — blocked on an event or resource, either interruptible or uninterruptible.
• Stopped — suspended, usually by a signal such as SIGSTOP (for example, after Ctrl+Z).
• Zombie — finished but not yet reaped.

What is a daemon?

A daemon is a long-running background process detached from any terminal that waits for and services requests. Historically init (PID 1) bootstrapped the system, inetd launched on-demand network services, and cron ran scheduled jobs. On most current distributions, systemd is PID 1 and manages services, while cron (or systemd timers) handles scheduling and sshd handles remote logins.

How can a parent and child communicate?

They can use any standard inter-process communication mechanism — pipes, sockets, message queues, and shared memory — plus relationship-specific channels. The simplest is that the parent retrieves the child's exit status via wait(); pipes set up before the fork are also commonly inherited by the child.

How do you get and set environment variables in code?

Read one with getenv("NAME") and set one with setenv("NAME", "value", overwrite) or putenv("NAME=value"). From the shell, export NAME=value sets it and echo $NAME prints it.

User, Group, and Permission Administration

Account management is the bread and butter of sysadmin work and a guaranteed section in any Linux interview questions and answers set.

What file defines all users, and what are its fields?

The /etc/passwd file lists every account that can log in. Each line has seven colon-separated fields in this order:

1. username
2. password placeholder (an x when shadow passwords are in use)
3. UID
4. GID
5. comment / GECOS
6. home directory
7. login shell

Note the modern reality: with shadow passwords enabled, the second field is x and the actual hash lives in /etc/shadow. Older study guides that omit the password field are out of date.

Why might useradd -m bobm still not let the user log in?

Because useradd does not set a password. You must run passwd bobm to assign one before the account can authenticate. The -m flag only ensures the home directory is created.

How do you reset another user's password?

As root, run passwd username — for example passwd boba. Running passwd with no argument changes your own password.

How do you implement shadow passwords?

Run pwconv. It creates /etc/shadow, moves the password hashes there, and replaces the password field in /etc/passwd with x. Conversion requires that no account has an empty password field beforehand. To reverse it, use pwconv's counterpart pwunconv.

How do you prevent a user from logging in?

Lock the account so authentication fails. Putting an asterisk (*) or an exclamation mark in the password field disables password login; the cleaner modern way is passwd -l username to lock and passwd -u username to unlock. (The classic answer's spelling "asterick" is simply a typo for asterisk.)

How do you remove the password set on a group?

Use gpasswd -r groupname. The gpasswd command administers /etc/gshadow; -r removes the group password.

How do you check disk quotas?

Run repquota for a report of each user's allocated and used space against their quotas (for example, repquota -a for all file systems with quotas enabled).

Which task is NOT required when creating a user by hand?

You do not need to link the home directory to a shell. The chosen login shell simply has to exist on the system and be named in the seventh field of /etc/passwd.

How do you become root briefly without logging out?

Use su (or su - for a full login environment) and supply the root password; type exit when done. On most distributions sudo command is preferred because it uses your own password and logs every action.

Everyday Linux Commands and Tools

Rapid-fire command questions test whether you actually live in a terminal. Here are corrected, ready-to-quote answers.

• Show the last 15 lines of several files: tail -n 15 dog cat horse.
• Read a compressed log without decompressing it: zcat file.gz (use zless to page through it).
• Find which binary will run for a command: which command (or type command, which also reveals aliases and functions).
• One-line description of a command: whatis command.
• Show a live, updating list of processes: top (or htop).
• Extract one file from a tar archive: tar xf MyBackup.tar memo.ben.
• List the contents of a tar archive with structure: tar tvf MyBackup.tar.
• Create a compressed tar archive: tar czf backup.tar.gz /home (the z adds gzip compression).
• Split a large file into 1,000-line pieces: split phonenos (the default chunk is 1,000 lines).
• Run multiple commands serially on one line: separate them with a semicolon, cmd1; cmd2; cmd3.
• Identify your current shell: echo $SHELL.
• Temporarily use vi-style command-line editing: set -o vi (reverts on next login).
• Review boot messages: dmesg (or journalctl -b on systemd systems).
• Delete a directory: rmdir (empty only) or rm -rf (recursive).
• Suspend the foreground job to the background: press Ctrl+Z.

What is a shell?

A shell is the command interpreter that sits between the user and the kernel. It reads commands, expands them, and either issues system calls or forks a process to run the requested program, then returns the results. Common shells include bash (the default on most distributions), sh, zsh, ksh, and csh.

What does cat dog &> cat do?

The &> operator redirects both standard output and standard error to the named file. So cat dog &> cat sends everything — the contents of dog and any error messages — into the file cat, and your screen shows nothing.

Listing files: a couple of corrections

Two source claims are inaccurate and worth fixing:

• To list *.mem files in reverse alphabetical order, use ls -r /home/ben/memos/*.mem. The plain -r reverses the default name sort.
• For time-based ordering you must combine flags: ls -t sorts by modification time (newest first), and ls -tr reverses that. A bare -c alone does not sort — it selects the ctime field and is meaningful only together with -t or -l.
• To show hidden files and recurse into subdirectories: ls -aR /home/username.

What does the first character of ls -l output mean?

It is the file type: - regular file, d directory, l symbolic link, b block device, c character device, p FIFO, and s socket.

Backups, logs, and partitions

• Back up home directories with cpio: find /home | cpio -o > backup.cpio.
• Automate log rotation: logrotate, driven by /etc/logrotate.conf.
• Track system events: historically the syslogd daemon wrote to log files; modern systems use rsyslog or the systemd journal (journalctl).
• Main system log path: traditionally /var/log/messages (Debian/Ubuntu use /var/log/syslog).
• Run fsck on root: the root partition must be mounted read-only (or checked at boot), because you cannot safely fsck a read-write mounted file system.
• Minimum partitions to install Linux: two — one for / and one for swap (swap can also be a file, but two is the classic answer).
• Partitioning tool in every distribution: fdisk (with parted/gdisk for GPT disks).

Networking, Servers, and X Configuration

Round out your prep with the service-level facts that show up in Linux interview questions and answers for experienced candidates.

• Assign IP addresses during install / on a network: a DHCP server.
• Serve installation files over the network: an NFS server (SMB/Samba, FTP, and HTTP serve files too, but the classic netboot answer is NFS).
• Secure the central password store: the shadow password package, which relocates hashes to /etc/shadow.
• Choose your X window manager per account: edit ~/.xinitrc (legacy startx flow; modern desktops use a display manager and a .desktop session).
• Lower a CPU-hungry job's priority: nice to launch it niced, or renice to adjust a running one.
• Application docs after install: historically /usr/doc/<app>; on current systems look in /usr/share/doc/<app>.
• Client-side script among JavaScript, Java, ASP, C++: JavaScript — it runs in the browser, while ASP is server-side and Java/C++ are general-purpose languages.

Key Takeaways

• The inode is metadata, not the name: it stores ownership, permissions, timestamps, size, and data-block pointers, while the file name lives in the directory entry.
• fork() returns twice and n forks yield 2^n processes — the child receives 0, the parent receives the child's PID.
• A zombie is harmless but signals a missing wait(): the parent must reap children, or systemd will adopt and clean them up.
• useradd never sets a password — always follow with passwd, and remember /etc/passwd has seven colon-separated fields.
• Know the precise commands: chmod 644 for permissions, pwconv for shadow passwords, ln -s for symlinks, and tar czf for compressed archives.

Frequently Asked Questions

What is the difference between a hard link and a soft link in Linux?

A hard link is another name pointing to the same inode and shares the file's data; it cannot cross file systems or link directories. A soft (symbolic) link is a separate file that stores the path to its target, can cross file systems, can point to directories, and breaks if the target is deleted.

What are the main process states in Linux?

Running/runnable (on or ready for a CPU), waiting/sleeping (blocked on an event or resource), stopped (suspended by a signal such as Ctrl+Z), and zombie (finished but not yet reaped by its parent).

What are the seven fields of the /etc/passwd file?

Username, password placeholder (x with shadow), UID, GID, comment/GECOS, home directory, and login shell — each separated by a colon, even when a field is empty.

How do you set permissions to rw-rw-r-- on a file?

Run chmod 664 filename. The octal 664 maps to read+write (6) for owner and group and read (4) for others, since read=4, write=2, execute=1.

For more hands-on Linux, sysadmin, and DevOps walkthroughs, subscribe to @explorenystream on YouTube.