Top 100 Linux Interview Questions

— ny_wk

Linux interview questions for system administrators almost always cluster around a handful of core skills: managing users and groups, tuning the Bash shell, controlling jobs and processes, scheduling tasks with cron and at, configuring logging, and running backups. This guide organizes the most common questions by topic and gives you the corrected, accurate answers a real interviewer expects to hear.

Instead of memorizing answer letters, the goal here is to understand why each answer is right. That is what gets you through a live technical screen, a Linux+ or LPIC-1 certification exam, or a hands-on practical test. Every command below is verified against modern Linux distributions, and where the original question banks contain errors, the mistakes are fixed.

User and Group Management (Linux Interview Questions)

User administration is the single most tested area in Linux interview questions. You need to know the layout of /etc/passwd, /etc/shadow, and /etc/group, plus the useradd, usermod, and userdel tool family.

How is the /etc/passwd file structured?

Each line has seven colon-separated fields in this exact order:

1. username — the login name
2. password placeholder — an x meaning the real hash lives in /etc/shadow
3. UID — numeric user ID
4. GID — primary group ID
5. GECOS — comment field (full name, etc.)
6. home directory
7. login shell

So the correct field order is username, UID, GID, comment, home directory, shell. When every password field shows x, it means the system is using shadow passwords — the encrypted hashes are stored in the root-only /etc/shadow file, not in world-readable /etc/passwd.

Why can a manually added user fail to log in?

A classic trap: someone edits /etc/passwd by hand and types a plaintext password into the second field, like bobm:baddog:501:501:.... That account will refuse logins. You cannot place a plaintext password in /etc/passwd. The field must contain x (pointing to the shadow hash), and you set the actual password with:

1. passwd bobm

Equally, if you leave the password field blank when shadow passwords are enabled, some PAM configurations block the login. The reliable answer is always: never write passwords directly — assign them with the passwd command, which writes a proper hash to /etc/shadow.

What does useradd do automatically, and what does it not?

When you run useradd, it assigns a UID and GID, defines the home directory path, and sets a default shell from /etc/default/useradd. What it does not do by default is set a password — the account stays locked until you run passwd. On many distributions it also will not create the home directory unless you add -m:

1. useradd -m bobm — create the account and its home directory
2. passwd bobm — assign a password so the user can log in

So if a freshly created user cannot log in after useradd -m bobm, the missing step is the password. To seed new home directories with template files (such as a custom .bashrc), drop them in /etc/skel and create the user with useradd -m; the -k flag lets you point at an alternate skeleton directory (useradd -mk /path/skel bobm).

How do you rename, delete, and lock users?

• Rename a login: usermod -l mknight mstone — the syntax is usermod -l NEW OLD.
• Delete a user and home directory: userdel -r bob. Plain userdel bob removes the account but leaves the home directory behind.
• Lock an account: place an exclamation mark (or asterisk) at the start of the shadow password field — usermod -L bob does this for you by prefixing the hash with !.

What about /etc/group and group commands?

The /etc/group file has four fields: groupname:password:GID:member-list. To create a group with members, the correct hand-edited line is sales:x:44:bob,mary,joe (note the password placeholder), or simply run groupadd sales followed by gpasswd -M bob,mary,joe sales.

Key gotchas interviewers love:

• If you change a group's GID by editing /etc/group but a user has that old GID as their primary group in /etc/passwd, that user may be unable to log in until their passwd entry is corrected.
• Before deleting a group with groupdel, (A) confirm no user lists it as their primary group in /etc/passwd, and (D) verify no file or directory is owned by that group — otherwise you orphan ownership.
• To remove a group password, use gpasswd -r groupname.
• System groups such as kmem exist for a reason (device/memory access); do not delete them even if they own no files.

Bash Shell, Environment, and the Command Line

The second big block of Linux interview questions covers the shell itself — what interprets your commands, where environment settings live, and how line editing works.

What is the shell and which config files matter?

The shell (Bash, by default on most distributions) is the program that interprets what you type and passes it to the kernel. To find which shell you are in, run echo $SHELL or echo $0.

To put a personal ~/scripts directory on your search path permanently, edit ~/.profile (or ~/.bash_profile) and add export PATH="$HOME/scripts:$PATH". The HOME environment variable determines your working directory immediately after a successful login.

How does command-line editing work?

Bash uses the Readline library for line editing, which defaults to Emacs-style key bindings. A few interview favorites:

• Move backward one word: Esc then b (or Alt+b), then Delete/Backspace to fix a stray character — no need to retype the whole line.
• Switch the line editor to vi mode temporarily: set -o vi. Make it permanent by adding set -o vi to ~/.bashrc (or set editing-mode vi in ~/.inputrc).
• Run several commands on one line: separate them with a semicolon, e.g. cmd1 ; cmd2 ; cmd3, then press Enter once.
• Syntax errors like "command not found" come from the shell, which parses your input before any program runs.

Variables, aliases, and PATH problems

A name you assign a value to is a variable. When a newly installed program returns "Command not found," the usual fix is to add its directory to your PATH (or invoke it by full path). The interactive prompt rm behavior — asking for confirmation on every delete — is almost always because rm has been aliased to rm -i; check with alias rm or type rm.

How do you control Bash history?

The file ~/.bash_history keeps growing back because Bash rewrites it on logout. To cap it:

• HISTFILESIZE — maximum lines kept in the history file on disk.
• HISTSIZE — maximum commands kept in the current session's memory.

Set HISTFILESIZE to a smaller number (in ~/.bashrc) to shrink the saved file. To show the last five commands, run history 5; the equivalent with the fix command is fc -l -5. To rerun an earlier command quickly, use a history expansion such as !find (most recent command starting with "find") or fc -s find. Command substitution prints the value of a command, so echo $(pwd) displays the present working directory.

Process and Job Control

Interviewers test whether you can run, suspend, background, and kill work. These are bread-and-butter Linux interview questions for any on-call role.

Listing and monitoring processes

• ps -ef — lists all running processes on the system in full format. Add --forest for a tree view (ps -ef --forest).
• top (or htop) — a dynamic, refreshing view of running processes; you can renice a process from inside top.
• nice and renice — set or change a process's scheduling priority. nice -n 10 cmd starts low-priority; renice -n 5 -p PID adjusts a running one.

Backgrounding, suspending, and foregrounding jobs

1. Append & to run a command in the background: find / -name filename & — this lets you keep using the shell while the search runs.
2. Press Ctrl+Z to suspend the current job and place it in the background (stopped state).
3. jobs lists background/stopped jobs with their job numbers.
4. Bring a job to the foreground with fg %N, e.g. fg %2 for job 2.
5. Resume a stopped job in the background with bg %N.

When you start a pipeline in the background, Bash prints something like [4] 3499 — that means job number 4, and 3499 is the PID of the last command in the pipeline. If you cannot log out because a background job is still running, terminate it with kill %N (the job number) or kill PID, then log out.

Scheduling: cron and at (Top Linux Interview Questions)

Task scheduling is one of the highest-frequency topics in Linux interview questions, so know both the one-shot scheduler (at) and the recurring scheduler (cron) cold.

What is the cron time syntax?

A crontab line has five time fields followed by the command, in this order:

1. minute (0–59)
2. hour (0–23)
3. day of month (1–31)
4. month (1–12)
5. day of week (0–7, where 0 and 7 are Sunday)

So to run MyScript every day at 11:45 PM, the line is 45 23 * * * MyScript. And 15 * * * 1,3,5 myscript runs at 15 minutes past every hour, every Monday, Wednesday, and Friday.

Managing cron and at jobs

The two utilities used to schedule jobs at a specific time are at and crontab. The daemon that must be running for cron jobs to fire is crond (often shown as cron or managed via systemctl status crond); the at queue is handled by atd.

Controlling who may schedule jobs

Access is governed by allow/deny files:

• cron: if /etc/cron.allow exists, only the listed users may use cron. To restrict scheduling to administrators, create /etc/cron.allow containing only the admin usernames.
• at: the same logic uses /etc/at.allow and /etc/at.deny. To block everyone (except root) from using at, create an empty /etc/at.allow file — an empty allow file means no listed users, so no non-root user qualifies.

Logging and Log Rotation

Knowing where Linux writes logs and how to rotate them rounds out the core Linux interview questions for a sysadmin role.

Which daemon logs events, and where?

The classic logging daemon is syslogd (on modern systemd distributions, rsyslogd and the journald journal). Its main configuration file is /etc/syslog.conf (or /etc/rsyslog.conf), and the principal system log is typically /var/log/messages (or /var/log/syslog on Debian/Ubuntu). The file that defines message severity levels is /usr/include/sys/syslog.h, and facilities/priorities are configured per line in the syslog config.

After editing the syslog configuration, reload it without a reboot by sending the daemon a hangup signal:

1. kill -HUP $(cat /var/run/syslogd.pid)

On systemd systems the equivalent is systemctl restart rsyslog.

Writing selective syslog rules

Syslog rules are facility.priority destination. Precision matters:

• Log only critical messages: *.=crit /var/log/critmessages — the = means "this exact level," not "this level and above."
• Log all mail messages except info: mail.*;mail.!=info /var/log/mailmessages — != excludes that one level.

Which log holds what?

To review boot-time messages, use dmesg (kernel ring buffer) or journalctl -b on systemd systems.

How do you rotate logs?

Automated rotation is handled by logrotate, configured in /etc/logrotate.conf with per-service drop-ins under /etc/logrotate.d/. When planning rotation you consider log size, frequency, retention, and available disk space — but not the timestamp of individual messages. To rotate most logs weekly but /var/log/wtmp monthly, set a global weekly option and override it with a local per-file block for wtmp. If you are running out of disk space, the cleanest fix is to reduce the retention count (e.g. keep four weeks instead of eight).

Backups with tar, cpio, and Compression

Backup strategy and the tar command appear in nearly every batch of Linux interview questions.

Backup strategy fundamentals

When you plan backups you weigh frequency, duration, media, and — critically — restore time and how often the data actually changes. Backup types:

• Full — everything, every time.
• Differential — everything changed since the last full backup.
• Incremental — only what changed since the last backup of any kind.
• Partial — a single partition or selected paths.

The most important time to practice a restore is on a regular schedule — verifying the data is recoverable before a real crash, not during one. An untested backup is not a backup.

tar command essentials

To archive every user's home directory:

1. tar cf usersbkup.tar /home/* — create, file output. Add v for verbose and z for gzip compression: tar czvf usersbkup.tar.gz /home/.
2. List archive contents: tar tf MyBackup.tar (the t option).
3. Extract: tar xf MyBackup.tar.

A common error is mis-ordering the arguments relative to the modifiers. In tar cvfb /dev/tape 20 /home, the f and b flags expect their values (the device file and the blocking factor) in the same order as the flags — and you must still name what to back up.

cpio and compression utilities

• Restore one file from a cpio archive: cpio -idv memo.ben < backup.cpio (extract, create dirs, verbose).
• gzip compresses one file at a time, so pair it with tar to bundle directories first (tar czf).
• To read a compressed log without decompressing it permanently, use zcat, zless, or zgrep.

Administrative Access and Password Policy

Finally, expect Linux interview questions about gaining root access safely and enforcing password rules.

• Switch to root mid-session without logging out: run su - (or sudo -i), do the work, then type exit to return to your own account.
• Reset a user's password: as root, run passwd boba.
• Bulk password changes: use chpasswd fed a file of username:newpassword lines — chpasswd < passwords.txt.
• Enforce 90-day expiry: chage -M 90 username sets the maximum password age.
• The first account created during installation is root (UID 0). The starting UID for normal users is defined in /etc/login.defs via UID_MIN.
• Invalid usernames generally cannot contain spaces or be capitalized with dots arbitrarily; Theresa Hadden is invalid because of the space.

Key Takeaways

• Never store plaintext passwords in /etc/passwd — the x points to /etc/shadow, and you set passwords with passwd or chpasswd.
• Know the file layouts cold: seven fields in /etc/passwd, four in /etc/group, and the five-field cron time order (minute, hour, day-of-month, month, day-of-week).
• Job control hinges on three moves: & to background, Ctrl+Z to suspend, and fg %N/bg %N to resume.
• Logging and rotation live in /etc/rsyslog.conf and logrotate; reload syslog with a HUP signal, not a reboot.
• Always test restores on a schedule — tar for portable archives, chage for password aging, sudo -i for safe root access.

Frequently Asked Questions

What are the most common Linux interview questions for beginners?

The most common beginner topics are the /etc/passwd and /etc/shadow structure, basic user creation with useradd -m and passwd, file permissions, navigating with the shell, and reading logs in /var/log. Mastering user management and the cron time syntax covers a large share of entry-level screens.

How do I prepare for a Linux system administrator interview?

Practice on a real Linux virtual machine rather than memorizing answers. Create and delete users, schedule cron and at jobs, background and kill processes, configure rsyslog, and run a full tar backup and restore. Being able to demonstrate commands live is far more convincing than reciting multiple-choice answers.

What is the difference between cron and at?

cron runs recurring jobs on a fixed schedule defined by five time fields, managed with crontab and the crond daemon. at runs a job once at a specified future time, managed with atq, atrm, and the atd daemon. Use cron for nightly backups; use at for a single delayed task.

Where are passwords stored in Linux?

Encrypted password hashes are stored in /etc/shadow, which is readable only by root. The world-readable /etc/passwd file shows an x in the password field as a pointer to the shadow file. This separation is the foundation of shadow-password security.

If this breakdown helped you prep, subscribe to @explorenystream on YouTube for more Linux and system administration walkthroughs.