Linux or Unix important questions and answers for interview

— ny_wk

This guide collects the Linux interview questions that hiring managers actually ask system administrators, each paired with a clear, corrected, production-accurate answer. Use it to prepare for L1/L2 sysadmin, DevOps, and support engineer interviews where Linux fundamentals, shell scripting, processes, filesystems, and services like FTP and mail are fair game.

Rather than dumping raw trivia, the answers below explain the why behind each command so you can reason through follow-up questions instead of memorizing. Several widely circulated answers contain mistakes (wrong port numbers, broken cron syntax, confused find flags) and those are corrected here.

Core command-line Linux interview questions

Most Linux interviews open with rapid-fire one-liners to confirm you live in a shell. Know these cold, including the small nuances that separate a junior from an experienced admin.

Identity, shell, and orientation

Which shell am I running? Use echo $SHELL for your login shell, or echo $0 for the shell interpreting the current session. On modern distros the default is usually /bin/bash (Debian/Ubuntu may use dash for /bin/sh).
Today's date? date. Add a format string such as date +%F for YYYY-MM-DD.
Current directory? pwd (print working directory).
My username? whoami prints the effective user; id shows UID, GID, and groups.
Who is logged in? who or w (the latter also shows what each user is doing); users lists just the names.

Files, text, and searching

Remove a file: rm file. Remove a directory and its contents recursively: rm -rf dir. The -r is recursive and -f forces without prompting, so treat rm -rf with respect.
Count words, lines, and characters: wc file (use wc -l for lines only).
Search for text in a file: grep "pattern" file.
Search across a directory: grep "pattern" * for the current level, or recurse subdirectories with grep -r "pattern" ..
Send mail from the shell: echo "body" | mail -s "Your subject" -c cc@example.com user@example.com. This requires a working MTA (such as Postfix) on the host.

Shell scripting Linux interview questions

Scripting questions reveal whether you can automate, not just type commands. Expect to write or read a small Bash script live, so the building blocks below are essential.

Arguments and special variables

$0 is the script name; $1, $2, ... are positional arguments.
$# is the number of arguments passed.
$@ is all arguments as separate words; $? is the exit status of the last command; $$ is the script's PID.

Conditionals, tests, and operators

A basic if block uses then and closes with fi:

Numeric comparison operators inside [ ]: -eq, -ne, -lt, -le, -gt, -ge.
File tests: -e exists, -f is a regular file, -d is a directory, -s is non-empty, -r readable, -w writable, -x executable.
Logical operators: ! is NOT; inside [ ] use -a for AND and -o for OR, though modern scripts prefer [[ ... && ... ]] and [[ ... || ... ]].

A multi-branch decision uses elif:

if [ "$x" -eq 1 ]; then echo one; elif [ "$x" -eq 2 ]; then echo two; else echo other; fi

Loops, case, input, and functions

for loop: for f in *.log; do echo "$f"; done
while loop: while [ "$n" -lt 5 ]; do n=$((n+1)); done
case statement: case "$opt" in start) echo go;; stop) echo halt;; *) echo unknown;; esac
Read keyboard input: read -p "Name: " name
Define a function: myfunc() { echo "hi $1"; return 0; }
Parse options with getopts: while getopts "n:x:" opt; do case $opt in n) num=$OPTARG;; x) ext=$OPTARG;; esac; done. The colon after a letter means that option takes an argument, available in $OPTARG.

Process management Linux interview questions

Understanding processes, PIDs, signals, and scheduling priority is a staple of any Linux sysadmin interview.

Listing and controlling processes

What is a PID? A process ID, a unique number the kernel assigns to each running process. PID 1 is init or systemd. The maximum is not fixed at 65535; it is set by /proc/sys/kernel/pid_max and defaults to 32768 on many 32-bit systems but commonly 4194304 on modern 64-bit Linux.
List processes: ps for your shell, ps aux or ps -ef for every process on the system; top or htop for a live view.
Stop a process: kill PID sends SIGTERM (15) for a graceful exit; kill -9 PID sends SIGKILL as a last resort.
Run in the background: append &, e.g. ./longjob.sh &. Bring it back with fg, list jobs with jobs, and detach from your terminal with nohup or disown.

Priority, nice, and process states

Process priority is controlled by the nice value, ranging from -20 (highest priority) to 19 (lowest). Start a low-priority job with nice -n 10 ./job and change a running one with renice. View nice values with ps -el (the NI column).

Common process states you may be asked to identify:

State	Meaning
R	Running or runnable
S	Interruptible sleep (waiting for an event)
D	Uninterruptible sleep, usually blocked on I/O (e.g. a disk or NFS wait)
Z	Zombie: finished but its exit status was not reaped by the parent
T	Stopped (by a signal or debugger)

Zombie processes hold only a process-table entry, not memory. You cannot kill a zombie directly; you must signal its parent so it reaps the child, or if the parent is gone the zombie is re-parented to init/systemd and cleaned up. Find them with ps -el | grep ' Z '. An uninterruptible sleep (D state) example is a process blocked on a slow disk or hung NFS mount, not init itself.

Filesystem and storage Linux interview questions

Storage questions probe how Linux organizes disks, inodes, and device files.

Inspecting disks and filesystems

Disk usage and free space: df -h for mounted filesystems, du -sh /path for a directory total.
List partitions: cat /proc/partitions, lsblk, or fdisk -l.
Filesystems the kernel supports: cat /proc/filesystems.
Mount an ISO image: mount -o loop -t iso9660 image.iso /mnt/iso.
Hard disk model and serial: lsblk -o NAME,MODEL,SERIAL or hdparm -I /dev/sda; rotational speed (RPM) is not exposed by software for most disks, you read it from the model number or datasheet, and cat /sys/block/sda/queue/rotational tells you only whether it is spinning (1) or an SSD (0).

Superblock, inodes, and device numbers

A superblock is the metadata record describing a filesystem: total size, block size, free and used block counts, the location and size of the inode tables, and block-group layout. Copies are kept at multiple offsets so a damaged primary superblock can be recovered with fsck -b.

Major and minor numbers identify device files. The major number selects the driver; the minor number distinguishes individual devices that driver manages. In ls -l /dev/sda1 the pair appears where file size normally would, e.g. 8, 1.

ext2, ext3, ext4 and journaling

The key distinction interviewers want: ext3 = ext2 + journaling, and ext4 extends ext3 with larger limits, extents, and faster fsck. Journaling records pending changes so the filesystem recovers quickly after a crash instead of running a full check.

Feature	ext3	ext4
Journaling	Yes	Yes
Max file size	2 TiB	16 TiB
Max volume size	32 TiB	1 EiB
Allocation	Block-based	Extents (faster, less fragmentation)

Note that the often-quoted "ext3 max file size 2 TiB" depends on block size; with 4 KiB blocks ext3 reaches 2 TiB, which is why ext4 was needed for modern storage.

NFS: soft vs hard mounts

A hard mount (the default) makes the client retry indefinitely if the NFS server is unreachable, preserving data integrity but risking a hung process. A soft mount gives up after a timeout and returns an I/O error, which avoids hangs but can corrupt in-flight writes. Make an NFS mount permanent by adding it to /etc/fstab:

192.168.0.1:/var/ftp/pub /mnt nfs defaults 0 0

Networking and services Linux interview questions

Expect questions on interfaces, routing, and at least one daemon, frequently vsftpd or the mail stack.

Interfaces and routing

Check interfaces: ip addr (modern) or ifconfig -a (legacy, from net-tools).
Set speed and duplex: ethtool -s eth0 speed 10 duplex full autoneg off. The old mii-tool still works on some NICs but is deprecated; prefer ethtool.
Turn a host into a router: enable forwarding at runtime with echo 1 > /proc/sys/net/ipv4/ip_forward, and make it persistent by adding net.ipv4.ip_forward = 1 to /etc/sysctl.conf then running sysctl -p.

FTP with vsftpd

vsftpd (Very Secure FTPD) is a common interview target. Note the correct ports: FTP uses TCP port 21 for control and TCP port 20 for active-mode data; TFTP uses UDP port 69. TFTP rides UDP and suits simple transfers like PXE booting, while FTP rides TCP for reliable bulk transfer.

Frequently asked vsftpd configuration directives (set in /etc/vsftpd/vsftpd.conf):

Jail users to home directories: chroot_local_user=YES.
Allow local accounts to log in: local_enable=YES.
Limit concurrent clients (standalone mode): max_clients=10 and per-IP max_per_ip=2.
Per-user settings: point user_config_dir at a directory of per-user config files.
Change the listen port: listen_port=2121.
Fix GMT timestamps: use_localtime=YES.
Bandwidth limits: anon_max_rate and local_max_rate (bytes/sec).
Restrict by IP: tcp_wrappers=YES with hosts.allow/deny rules.
Hide or deny files: hide_file and deny_file patterns.
Validate the config: run vsftpd and watch for syntax errors, or test in a non-production session.

vsftpd has supported IPv6 since version 1.2.0, and LDAP authentication is achieved through PAM modules rather than direct LDAP code in vsftpd.

The mail system: MUA, MSA, MTA, MDA, MRA

Email questions test whether you understand the agents in a mail pipeline. Memorize these roles:

Agent	Role	Examples
MUA	Mail User Agent: the client you read and compose in	Thunderbird, mutt, Outlook
MSA	Mail Submission Agent: accepts mail from MUAs, enforces policy (port 587)	Postfix submission
MTA	Mail Transfer Agent: relays mail server-to-server via SMTP (port 25)	Postfix, sendmail, exim
MDA	Mail Delivery Agent: drops mail into the local mailbox	procmail, dovecot-lda
MRA/MAA	Mail Retrieval/Access Agent: fetches mail for the user	POP3 (110), IMAP (143)

PUSH vs PULL: SMTP is a push protocol (the sender initiates delivery), while POP3 and IMAP are pull protocols (the client requests messages). HTTP is fundamentally request-response (pull) for the client. So: SMTP is push (true), POP3 is push (false), HTTP is push (false).

Practical troubleshooting Linux interview questions

Senior interviews lean into scenario questions. Here are corrected, working answers to popular ones.

find, logs, and conditional output

Files accessed in the last 30 days: find / -type f -atime -30. The -atime -30 means "accessed less than 30 days ago"; +30 would mean "more than 30 days ago." Use -mtime for modified and -ctime for inode-change time.
Failed SSH logins: on RHEL-family systems check /var/log/secure, on Debian/Ubuntu check /var/log/auth.log: grep "Failed password" /var/log/secure. On systemd hosts use journalctl -u sshd | grep Failed.
Show a message only when a command fails: cat /etc/shadow 2>/dev/null || echo "Failed to open file". The || runs the right side only when the left exits non-zero.
List open files: lsof (filter by process with lsof -p PID or by file with lsof /path).
Remote OS detection: nmap -O host for fingerprinting; if you have shell access, uname -a and cat /etc/os-release.

Scheduling with cron (corrected)

A circulated answer for "run a backup on the 4th Saturday of the month" is wrong. Standard cron cannot express "the Nth weekday" directly, so you combine a day-of-month range with a day-of-week match. Edit your crontab with crontab -e and add:

0 2 22-28 * 6 /path/to/backup.sh

The fields are minute, hour, day-of-month, month, day-of-week. 22-28 with 6 (Saturday) guarantees exactly the fourth Saturday, since only one Saturday falls in that 7-day window. For daily jobs, drop a script into /etc/cron.daily/ and make it executable with chmod +x.

Kernel mode vs user mode

The CPU runs in two privilege levels. In user mode, application code runs with restricted access and cannot touch kernel memory or hardware directly. When it needs a privileged operation it makes a system call, the CPU switches to kernel mode where trusted kernel code executes with full access, then control returns to user mode. Device drivers run in kernel mode, which is why a buggy driver can crash the whole system while a buggy app usually cannot.

initrd, kernel parameters, and ownership

initrd / initramfs: a temporary root filesystem loaded into RAM at boot containing the drivers and modules needed to mount the real root filesystem (for example storage and RAID drivers). Rebuild it with mkinitramfs (Debian) or dracut (RHEL).
Kernel parameters: tunables exposed under /proc/sys, viewed and set with sysctl and persisted in /etc/sysctl.conf or /etc/sysctl.d/. CPU info comes from cat /proc/cpuinfo and nproc.
root UID/GID: both are 0, which is what grants root its override of normal permission checks. A normal user cannot change a file's owner; only root can run chown user:group file.
Internal vs external commands: internal (builtin) commands like cd and echo live inside the shell and run without spawning a process; external commands are separate executables found via $PATH. Check with type cd.

Key Takeaways

Reason, don't memorize: understanding why a command behaves a certain way lets you answer follow-ups that pure recall cannot.
Know the corrected facts: FTP control is port 21 (data 20), TFTP is UDP 69, find -atime -30 means within the last 30 days, and PID_MAX is configurable, not capped at 65535.
Processes and signals matter: SIGTERM before SIGKILL, zombies are reaped via the parent, and D-state means uninterruptible I/O wait.
Filesystems build on each other: ext3 adds journaling to ext2, and ext4 adds extents and far larger limits.
Use modern tooling: prefer ip, ethtool, journalctl, and systemctl over their deprecated predecessors in real interviews.

Frequently Asked Questions

What is the best way to prepare for a Linux system administrator interview?

Build a small lab with a virtual machine or container, then practice the commands hands-on: process control, find, log analysis, fstab edits, and configuring a service like SSH or vsftpd. Pair each command with the concept behind it (signals, inodes, journaling) so you can handle scenario questions, not just definitions.

What is the difference between SIGTERM and SIGKILL?

kill PID sends SIGTERM (signal 15), asking a process to shut down cleanly so it can flush data and release resources. kill -9 PID sends SIGKILL, which the kernel enforces immediately and cannot be caught or ignored, so use it only when SIGTERM fails.

How do I find and remove a zombie process in Linux?

List zombies with ps -el | grep ' Z '. You cannot kill a zombie directly because it has already exited; instead signal its parent (shown as PPID) so it reaps the child, or restart the parent. If the parent dies, init/systemd adopts and clears the zombie automatically.

Is ext4 better than ext3 for a Linux server?

For most servers, yes. ext4 supports far larger files and volumes, uses extents to reduce fragmentation, and runs fsck much faster after a crash. ext3 remains a safe, well-understood choice for legacy systems, but new deployments should use ext4 or a modern filesystem like XFS.

If this breakdown helped you prep, subscribe to @explorenystream on YouTube for more Linux and sysadmin walkthroughs.