Unix/Linux Basic interview questions

— ny_wk

Unix/Linux system admin interview questions almost always start with the basics: file permissions, processes, text processing with awk and sed, shell scripting, networking, and storage. This guide turns the most commonly asked questions into clear, corrected answers you can actually use in an interview, with working commands and the modern context that older question banks miss.

The questions below are organised by topic so you can revise systematically instead of memorising a random list. Where the classic "model answer" floating around the web is wrong or outdated, it is fixed and explained, because giving a confidently wrong answer in an interview is worse than admitting you are unsure.

File system and permissions: core Unix/Linux interview questions

Permissions and links are the single most reliable topic in any sysadmin screen. Expect to be asked to read an ls -l line, not just recite theory.

What do read, write, and execute mean on a directory?

On a directory the bits behave differently than on a regular file:

• read (r) lets you list the names inside the directory (ls).
• write (w) lets you create, rename, and delete entries inside it (note: deleting a file depends on the directory's write bit, not the file's).
• execute (x) lets you enter the directory and access files by name (cd, or opening dir/file).

A common gotcha: you can have r without x, which lets you list names but not stat the entries, so a long listing shows errors.

What is the difference between a hard link and a soft (symbolic) link?

Create them with ln target hardlink and ln -s target softlink. The first character of an ls -l line shows the file type: - regular, d directory, l symlink, c/b character/block device.

A classic trick question: "ln /data /home/bob/datalink fails. Which option fixes it?"

Older question banks answer "use -F." That is wrong. The command fails because you cannot create a hard link to a directory. The correct fix is a symbolic link: ln -s /data /home/bob/datalink. There is no portable -F flag that grants ordinary users hard links to directories, and modern Linux ln rejects it outright. If you are ever asked this, the right answer is "make it symbolic."

What controls the default permissions of newly created files?

umask. It is a mask subtracted from the base permissions (666 for files, 777 for directories). A umask of 022 yields 644 files and 755 directories. Set it in your shell init file to make it persistent.

Why prefer a link over copying a file?

The real advantage is a single source of truth, not just disk savings. Change the permissions or content of the original and every link sees it immediately, so there is nothing to keep in sync.

Processes, jobs, and signals

What is a PID, and what is its range?

A PID is the unique process identifier the kernel assigns to each running process. The old answer "0 to 65535" is outdated. On modern Linux the default ceiling is 32768, configurable via /proc/sys/kernel/pid_max, and on 64-bit systems it can be raised to about 4,194,304. PID 1 is init (today usually systemd); PID 0 is the kernel scheduler, not a normal process.

How do you inspect and manage processes?

• List processes: ps -ef or ps aux.
• Live, dynamic view: top (or the friendlier htop).
• Stop a process: kill PID (sends SIGTERM); force it with kill -9 PID (SIGKILL) only as a last resort.
• Run in the background: append &, e.g. ./long-job.sh &. Bring it back with fg, suspend with Ctrl+Z, list jobs with jobs.

kill 0 signals every process in the current process group, which is the shell and its children, so be careful with it.

What is a daemon, and what daemon tracks system events?

A daemon is a background service with no controlling terminal, usually started at boot and often ending in d (for example sshd, crond). System logging is handled by rsyslogd or systemd-journald on current distributions; the historical name was syslogd. Read the journal with journalctl.

What happens to an orphaned child process?

When a parent dies without reaping its child, the child is re-parented to PID 1, which calls wait() and cleans it up. The genuinely bad case is a zombie: a finished child whose parent never reaps it, leaving an entry in the process table until the parent exits.

Text processing: awk, sed, grep interview questions

These appear constantly because they prove you can manipulate data on the command line. Memorise a handful of idioms.

How do you print specific columns with awk?

Print the 1st and 5th fields of /etc/passwd (colon-delimited) separated by a tab:

1. awk -F: '{print $1 "\t" $5}' /etc/passwd
2. Sum the values in column 1: awk '{total += $1} END {print "total is", total}' file
3. Reorder and sort by a column: awk '{print $4, $3, $2}' file | sort -k3 (use sort -k, not the obsolete sort +2).

How do you do search-and-replace and clean-up with sed?

• Strip trailing whitespace from every line: sed -E 's/[[:space:]]+$//' infile > outfile.
• Convert DOS line endings to Unix: prefer the dedicated tool dos2unix infile, or sed 's/\r$//' infile > outfile.
• Delete lines up to and including a pattern: sed '1,/REGEX/d' file.

What is the difference between grep, egrep, and find?

grep searches inside files for text; find searches the directory tree for files by name, time, size, or type. egrep is grep -E, which enables extended regular expressions (so +, ?, and | work without backslashes). Recurse with grep -r pattern ..

Find files accessed in the last 30 days

find / -type f -atime -30 > recent.files. Here -atime -30 means "accessed less than 30 days ago." Note that many systems mount with relatime or noatime, so access times may not update reliably; prefer -mtime (modification time) when accuracy matters.

Shell scripting interview questions

Expect to write small scripts on a whiteboard. Know the operators cold.

What are the key shell scripting constructs?

• Positional parameters: $0 is the script name, $1 $2 ... the arguments, $# the count, $@ all of them.
• Numeric comparison in test/[ ]: -eq -ne -lt -le -gt -ge.
• File tests: -f (regular file), -d (directory), -s (non-empty), -r -w -x (readable/writable/executable).
• Logic: ! not, and inside [ ] use -a/-o, though modern scripts prefer &&/|| between [[ ]] tests.

Write a basic loop and conditional

A safe, portable structure looks like this:

1. For loop: for f in *.log; do echo "$f"; done
2. While loop: while read -r line; do echo "$line"; done < input.txt
3. If/elif: if [ "$x" -gt 10 ]; then echo big; elif [ "$x" -gt 0 ]; then echo small; else echo zero; fi
4. Read input: read -r name
5. Function: greet() { echo "hi $1"; return 0; }

Always quote your variables ("$var") to survive spaces, and parse options with getopts, e.g. while getopts "n:x:" opt; do ... done.

What does this pipeline produce?

(date; ps -ef | awk '{print $1}' | sort | uniq | wc -l) >> Activity.log appends the current date and time plus the number of distinct users who have processes running. The sort is required because uniq only collapses adjacent duplicates, and >> appends rather than overwrites.

Networking and services: Linux admin interview questions

What is the difference between TCP and UDP?

TCP is connection-oriented, ordered, and reliable (handshake, acknowledgements, retransmission) and suits web, SSH, and email. UDP is connectionless and best-effort with lower overhead, ideal for DNS lookups, streaming, and VoIP where speed beats guaranteed delivery.

How do you see which process holds a TCP port?

Modern tool: ss -tlnp (the successor to netstat). Or sudo lsof -i :80. The older netstat -tlnp still works where it is installed.

What is DNS, and what does nslookup do?

DNS resolves human-readable names to IP addresses. nslookup name queries a DNS server for those records; dig name is the more detailed, scriptable alternative. An MX record tells mail servers where to deliver email for a domain.

How do you control whether a service starts at boot?

On current Red Hat, CentOS Stream, Fedora, Debian, and Ubuntu the answer is systemd: systemctl enable --now sshd to start now and at boot, systemctl disable sshd to stop it starting. The legacy answer (chkconfig or service) applies only to old SysV-init systems and should be flagged as deprecated.

Which package provides a given file?

On RPM-based systems: rpm -qf /path/to/file, or for a file you do not yet have installed, dnf provides /usr/lib64/libnss_ldap.so. On Debian/Ubuntu: dpkg -S /path or apt-file search.

Storage, backup, and boot

How do you check disk usage and free space?

• Free space per file system: df -h.
• Space used by a directory tree: du -sh /var/log.
• Top ten largest items in a directory: du -sk * | sort -nr | head.

What do iostat, vmstat, and netstat report?

iostat shows CPU and disk/IO throughput; vmstat reports virtual memory, paging, and process/CPU activity; netstat (or ss) reports network connections and interface statistics. They are the classic first-look triage trio.

Explain RAID levels.

Putting swap on RAID 1 protects against a disk failure crashing the system but doubles the write cost; many shops accept that cost on production servers.

How do you recover a system when the root password is lost?

Boot into single-user or emergency mode and reset the password. On modern GRUB2/systemd systems: edit the kernel line at the GRUB menu, append rd.break (or init=/bin/bash), remount root read-write, run passwd, and on SELinux systems touch /.autorelabel before rebooting. The graceful way to reach single-user mode on a running box is systemctl rescue (historically init s or init 1).

What is LILO, and what replaced it?

LILO (Linux Loader) was an early boot loader that loaded the kernel from the MBR. It is obsolete; modern systems use GRUB2, and UEFI machines boot via the EFI System Partition. Mention LILO only to show historical awareness, then pivot to GRUB2.

Libraries and the Apache web server

Static vs dynamic libraries?

A static library (.a) is copied into the executable at link time, producing a larger but self-contained binary. A shared/dynamic library (.so) is loaded at run time, so it is smaller on disk and can be updated independently. Build a static archive with ar rcs libfoo.a *.o; build a shared object with gcc -fPIC -c *.c then gcc -shared -o libfoo.so *.o. Inspect dependencies with ldd binary, list symbols with nm, load one at run time with dlopen(), and refresh the linker cache with ldconfig. LD_LIBRARY_PATH lists extra directories searched before the standard ones.

Common Apache (httpd) questions

• Test the config before reloading: apachectl configtest (or httpd -t).
• Graceful restart (finish in-flight requests, then reload): apachectl graceful.
• Stop it: apachectl stop, or via systemd systemctl stop httpd.
• Why one httpd runs as root and the rest as an unprivileged user: only root can bind to privileged ports below 1024 (port 80). The root master process binds the socket, then worker children drop privileges, so visitors never get root rights.

The legacy srm.conf and access.conf split, and the ServerType directive, are long deprecated; everything now lives in httpd.conf (or files under conf.d/) with a Listen 80 directive. If both deny from all and allow from all appear in old-style access control, deny takes precedence, but modern Apache 2.4 uses Require directives instead.

How to use these Unix/Linux interview questions effectively

Do not memorise answers verbatim. Interviewers probe with follow-ups ("why?", "what if it fails?"), so practise on a real machine or a small virtual machine. Run each command, break it, and read the error. Being able to say "I would check journalctl and ss -tlnp first" demonstrates a troubleshooting mindset that matters far more than reciting flags.

Key Takeaways

• Permissions and links are the highest-yield topic: know directory r/w/x semantics and use ln -s for directory links, never a hard link.
• Update stale facts: PIDs go well beyond 65535, logging is now journald/rsyslogd, and services are managed with systemctl.
• Master a few awk/sed/grep idioms and the sort | uniq ordering rule; they appear in almost every interview.
• Prefer modern tools in your answers: ss over netstat, dig over nslookup, GRUB2 over LILO, dos2unix over hand-rolled sed.
• Practise on a live system so you can answer the inevitable "why" and "what if it breaks" follow-ups with confidence.

Frequently Asked Questions

What are the most important Linux topics for a system admin interview?

File permissions and links, process and job control, shell scripting, systemd service management, networking (TCP/UDP, DNS, ports), storage and RAID/LVM, package management, and log troubleshooting with journalctl. Knowing the boot process and how to reset a lost root password is also commonly tested.

What is the difference between a soft link and a hard link in Linux?

A hard link is another name for the same inode and data, must live on the same file system, and cannot point to a directory. A soft (symbolic) link is a small file containing a path, can cross file systems, can point to directories, and breaks if the target is deleted.

How do I find which process is using a port in Linux?

Use sudo ss -tlnp to list listening TCP sockets with their owning process, or sudo lsof -i :PORT for a specific port. The older netstat -tlnp does the same on systems that still ship it.

Is netstat still used in modern Linux interviews?

You should recognise netstat and explain it, but say that ss is its modern replacement and is faster on busy systems. Showing you know the current tool while understanding the legacy one is exactly what interviewers want.

For more hands-on Linux and sysadmin walkthroughs, subscribe to YouTube @explorenystream.