Questions and Answers - Linix / Unix

— ny_wk

Linux/Unix interview questions almost always start with the command line: listing files, managing processes, viewing logs, permissions, redirection, and links. This guide organizes the most-asked Linux and Unix interview questions into clear topic sections with corrected, accurate answers you can actually use on the job, not a copy-paste dump.

Whether you are preparing for a junior system administrator role or brushing up before a senior screening, mastering these core Linux commands matters more than memorizing trivia. Interviewers want to see that you understand why a command behaves the way it does, not just that you can recite a flag. Each answer below explains the concept so you can adapt it under pressure.

Files and directories: the most-asked Linux commands

This is where almost every Unix interview begins. Be ready to list, view, copy, move, and remove files, and to explain the flags you use.

How do you list files in a directory?

Use ls to list directory contents. For a detailed (long) listing that shows permissions, owner, size, and modification time, use ls -l. Add -h for human-readable sizes: ls -lh.

How do you list hidden files too?

Hidden files in Unix begin with a dot (.). Use ls -a to show them, or combine flags with ls -la for a full long listing including hidden entries.

How do you list a directory and all subdirectories, with full detail, sorted by time?

Use ls -lRt. Here -l gives the long format, -R recurses into subdirectories, and -t sorts by modification time (newest first). Add -r to reverse the order. (A common source error pairs -c with sorting by modification time, but -c actually sorts by the inode change time, ctime, not mtime.)

How do you view the contents of a file?

You have several tools, each suited to a different need:

• cat file dumps the whole file to the screen, best for short files.
• less file is an interactive pager; scroll with arrows, search with /, quit with q. It is the modern, preferred pager.
• more file is the older pager; press space to page down.
• head file shows the first 10 lines; tail file shows the last 10.

Note on legacy tools: pg appeared in older System V Unix and is gone from modern Linux. Always reach for less today.

How do you view the end of a large log file?

Use tail. To see the last 20 lines: tail -n 20 file.log. To watch a log update in real time while a service runs: tail -f file.log. The -f (follow) flag is one of the single most useful things a sysadmin does daily, so expect it in interviews.

How do you edit a file?

The classic answer is vi (or its successor vim), the screen editor available on virtually every Unix system. nano is friendlier for beginners. Knowing at least the basics of vi is expected because it is always present, even on minimal servers.

How do you copy a file into a directory?

Use cp source destination. To copy a file into the current directory, the dot means here: cp /tmp/report.txt .. To copy a directory and its contents, add -r (recursive): cp -r /tmp/data ..

How do you remove a directory that contains files?

Use rm -rf directory_name, where -r recurses and -f forces without prompting. Treat this command with respect: there is no undo, and rm -rf / can wipe a system. Always double-check the path before pressing Enter.

What are the two ways to rename a file?

First, use mv oldname newname. The mv command both moves and renames, since renaming is just moving within the same directory. Second, copy the file to a new name with cp old new and then delete the original. The mv approach is cleaner.

Processes: monitoring and controlling Linux commands

Process management is a guaranteed topic in any Linux/Unix interview, especially for admin roles.

How do you find all running processes?

Use ps -ef for a full-format listing of every process on the system, or the BSD-style ps aux. The -e flag selects all processes and -f gives full detail including the parent PID and start time.

How do you find processes for a particular user?

Use ps -fu username (for example ps -fu pat). The -u flag filters by effective user, and -f gives full format. The BSD equivalent is ps -U pat -u pat u.

What does the top command display?

top gives a live, continuously updating view of system activity: CPU and memory usage, load average, and the most resource-intensive processes. Press q to quit, k to kill a process, and M or P to sort by memory or CPU. The modern, friendlier alternative is htop.

How do you kill a process?

Use kill PID to send the default SIGTERM (graceful shutdown). If a process ignores that, escalate with kill -9 PID, which sends SIGKILL and cannot be caught or ignored. Use -9 only as a last resort, because the process gets no chance to clean up. To kill every process matching a name, use killall firefox or pkill firefox.

How do you run a job in the background and bring it back?

Append & to start a command in the background: ./long_job.sh &. Use jobs to list background jobs, bg %1 to resume a stopped job in the background, and fg %1 to bring job 1 to the foreground. You can suspend a running foreground job with Ctrl+Z.

How can you tell which shell you are running?

The reliable way is echo $SHELL for your login shell, or echo $0 for the current interactive shell. You can also inspect ps -p $$. (An old interview trick used echo $RANDOM to distinguish Bourne, C, and Korn shells, but that is unreliable today since bash also supports $RANDOM.)

Permissions, links, and the filesystem

Explain read, write, and execute permissions on a directory.

Directory permissions behave differently from file permissions:

• Read (r) lets you list the directory's contents.
• Write (w) lets you create, rename, and delete files inside it.
• Execute (x) lets you enter the directory (cd into it) and access files within by name.

What controls default permissions on new files?

The umask value. It is a mask subtracted from the base permissions, so a umask of 022 produces 644 for files and 755 for directories. Run umask to view it and umask 027 to set a stricter default.

Read a long listing line: what does it mean?

Given -rw-r--r-- 1 dotpc dotpc 102 Jul 18 2003 file.buf:

• The first character is the file type: - regular file, d directory, l symbolic link.
• The next nine characters are three permission triplets: owner, group, others.
• Then the link count, owner, group, size in bytes, modification date, and name.

So drwxr-xr-x is a directory the owner can fully access and others can read and enter, and lrwxrwxrwx ... client -> client-2.9.5 is a symbolic link pointing at client-2.9.5.

What is the difference between a hard link and a soft (symbolic) link?

This is a classic. A hard link is a second directory entry pointing to the same inode (the same physical data). The file is only deleted when its last hard link is removed. Hard links must live on the same filesystem and cannot point to directories. A symbolic link is a small file that stores a path to another file; it can cross filesystems and point to directories, but it breaks if the target is moved or deleted.

Create a symbolic link with ln -s /path/to/target linkname and a hard link with ln target linkname (no -s). A key advantage of links over copies: a permission change on the original is instantly reflected everywhere, since there is only one underlying file.

What is a filesystem, and what are inodes?

A filesystem is the structure the operating system uses to organize files on storage. It is built from inodes (metadata records that hold a file's permissions, owner, size, timestamps, and pointers to its data blocks) and a superblock (which describes the filesystem as a whole). Notably, an inode does not store the filename; the name lives in the directory entry that points to the inode.

How do you check disk and directory space usage?

Use df -h to see free and used space per mounted filesystem in human-readable units. Use du -sh /path to summarize the total size of a directory (-s summarize, -h human-readable). To list each user's home directory size: du -sh /home/*.

How do you see all mounted filesystems?

Run mount with no arguments, or df -h, or read cat /proc/mounts. On modern systems findmnt gives a clean tree view.

What are the main file types in Unix?

Seven types: regular files, directories, symbolic links, named pipes (FIFOs), sockets, character devices, and block devices. (Hard links are not a separate type, they are just additional names for a regular file, which corrects a common list that counts links as eight types.)

Searching, filtering, and text-processing Linux commands

What is grep and what does it do?

grep searches input for lines matching a pattern. To find a config setting: grep time my_new.cfg. Case-insensitive search uses grep -i, and recursive search through a tree uses grep -r pattern .. The name stands for Global Regular Expression Print (from the old ed editor command g/re/p), not General Regular Expression Parser as some sources claim.

How do you find a file by name on the system?

Two approaches. locate filename is fast because it queries a prebuilt database (update it with updatedb). find searches live: find / -name filename 2>/dev/null. Use find when you need accuracy or complex criteria.

Find all files accessed in the last 30 days.

Use find / -type f -atime -30 > recent.txt. Here -type f restricts to regular files and -atime -30 matches files accessed fewer than 30 days ago. The results are redirected into recent.txt.

How do you replace a string throughout a file?

Use stream editor sed: sed -i 's/2001/2002/g' file.txt. The -i edits the file in place and g replaces all occurrences on each line. In vi, the equivalent is :%s/old/new/g. (Older notes wrongly suggest grep for replacement, but grep only searches; sed substitutes.)

How do you cut out the first column of a text file?

Use awk '{print $1}' file.txt to print the first whitespace-separated field, or cut -f1 file.txt for tab-delimited data.

How do you compare two files?

Use diff file1 file2, or diff -u file1 file2 for the readable unified format that shows context. For two config files: diff -u /etc/app1.conf /etc/app2.conf.

Redirection, pipes, and chaining commands

Redirection metacharacters come up constantly. Know them cold.

What is the difference between > and >>?

> overwrites the target file silently (or creates it), so existing contents are lost. >> appends to the end of an existing file (or creates it). Use append when you want to preserve a growing log.

Write commands for common redirection tasks.

• Append efg.txt to abc.txt: cat efg.txt >> abc.txt
• Feed a data file into a program as input: program < testdata
• View a file with a pager: more xyz.txt (or less xyz.txt)
• Page a long directory listing: ls -l | more

Note that piping into a pager with | is correct; redirecting a listing to a file named after a command (as some old answers show) does not pipe to that command.

How do you run two commands in sequence?

Separate them with ; to run the second regardless of the first's outcome. Use && to run the second only if the first succeeds, and || to run the second only if the first fails. Example: make && ./run runs only if the build works.

Explain this pipeline counting distinct users.

( date ; ps -ef | awk '{print $1}' | sort | uniq | wc -l ) >> activity.log. The date prints the timestamp, ps -ef lists all processes, awk extracts the user (first column), sort orders them so uniq can collapse duplicates, and wc -l counts the unique users. The whole result is appended to activity.log. (sort | uniq together can be shortened to sort -u.)

Archiving, transfer, and remote access

What does the tar command do?

tar bundles a directory tree into one archive file, ideal for backup or transfer. Create a gzip-compressed archive: tar -czvf backup.tar.gz /path (c create, z gzip, v verbose, f file). Extract it with tar -xzvf backup.tar.gz (x extract).

How do you copy a file to another machine on the network?

Use secure copy: scp localfile user@host:/remote/path. For example, scp /etc/app.conf alex@10.0.10.169:/tmp/. For larger or repeated transfers, rsync -avz is more efficient because it copies only changes.

How do you log in to a remote Unix machine?

Use ssh user@hostname. SSH encrypts the session and is the standard. The older telnet sends credentials in plain text and must never be used on untrusted networks; mention SSH as the secure replacement.

How do you view network configuration and statistics?

On modern Linux use the ip suite: ip addr for interfaces and ip route for routing. The legacy ifconfig still appears on older systems but is deprecated. Use ss -tulpn (the modern replacement for netstat) to see listening sockets and ports.

Getting help and navigation

How do you get help on a command?

Use man command for the full manual page (for example man who). info command gives extended GNU documentation, and most tools accept command --help for a quick summary.

What is the difference between the home directory and the working directory?

The home directory is where you land at login (referenced by ~ or $HOME). The working directory is wherever you currently are, shown by pwd; it changes as you cd around.

Absolute vs relative paths.

An absolute path starts from root, like /business/acctg/payable/april. A relative path is taken from your current directory. If you are in /business/acctg, the relative path to that file is payable/april. Use .. to go up one level and cd - to jump back to the previous directory.

What do shell wildcards (globbing) match?

• * matches any number of characters: ls *.txt
• ? matches exactly one character: ls help.?
• .. refers to the parent directory; ls A* lists files starting with A.

So to move file0.txt through file3.txt in one shot, mv file?.txt newdir/ beats four separate mv commands.

Common pitfalls to avoid

• Overusing kill -9. Always try a plain kill (SIGTERM) first so the process can clean up; reach for SIGKILL only when it hangs.
• Confusing > and >>. A single > silently destroys the target file's contents.
• Trusting locate blindly. Its database can be stale; run updatedb or use find for current results.
• Forgetting -r on cp for directories. Without it, copying a folder fails.
• Citing deprecated tools. Prefer ip over ifconfig and ss over netstat in modern interviews.

How to verify your answers

Practice in a real shell rather than memorizing. Spin up a free virtual machine or use WSL on Windows, then confirm each command's behavior:

1. Run man <command> and read the actual flag descriptions; this is the source of truth.
2. Test destructive commands like rm and > inside a throwaway directory first.
3. Check exit status with echo $? after a command to confirm success (0) or failure (non-zero).
4. Use type command or which command to see exactly which binary or built-in you are invoking.

Key Takeaways

• Master file and process basics first: ls, cp, mv, rm, ps, kill, and top dominate Linux/Unix interviews.
• Understand why a flag exists, like the difference between SIGTERM (kill) and SIGKILL (kill -9).
• Know the link model: hard links share an inode on one filesystem; symbolic links store a path and can cross filesystems.
• Get redirection right: > overwrites, >> appends, | pipes, and && chains on success.
• Prefer modern, secure tools: ssh over telnet, ip over ifconfig, ss over netstat, and sed for substitution.

Frequently Asked Questions

What are the most important Linux commands for an interview?

Focus on ls, cd, cp, mv, rm, cat, less, tail, grep, find, ps, kill, top, chmod, df, du, tar, and ssh. Together they cover files, processes, search, disk, and remote access, the areas interviewers probe first.

What is the difference between a hard link and a symbolic link?

A hard link is another name for the same inode and data, must stay on the same filesystem, and keeps the file alive until the last link is removed. A symbolic link is a tiny pointer file holding a path; it can cross filesystems and link directories but breaks if the target moves.

What does kill -9 do and when should I use it?

kill -9 sends SIGKILL, which the kernel enforces immediately and a process cannot catch or ignore. Use it only when a normal kill (SIGTERM) fails to stop a hung process, since SIGKILL gives the program no chance to save data or release resources.

How do I view a log file that is updating in real time?

Use tail -f /var/log/yourapp.log. The -f (follow) flag streams new lines as they are written, which is essential when watching a service start or debugging live errors. Press Ctrl+C to stop.

If this command-line walkthrough helped, subscribe to @explorenystream on YouTube for more hands-on Linux and sysadmin tutorials.