What to prepare for Linux Administrator Job Interview?

— ny_wk

This Linux administrator interview guide organizes the topics hiring managers actually test — the boot process, LVM, RAID, package management, user administration, networking services, and troubleshooting — into clear sections with representative questions and corrected, accurate answers. Use it to prepare confidently for a Linux system administrator interview at any level, from junior support to senior infrastructure roles.

A strong candidate does not just memorize commands. You need to explain why something works, recover a system when it does not, and reason about disks, services, and security. The sections below mirror how a real Linux administrator interview flows: foundations first, then storage, then services, then the hard troubleshooting questions that separate seniors from juniors.

Core concepts every Linux administrator interview covers

Before the deep questions, interviewers confirm you know the building blocks. Be ready to define each of these crisply.

• The kernel is the core of the operating system. It manages CPU scheduling, memory, processes, device I/O, and exposes services to user programs through system calls. In Linux the on-disk compressed kernel is named vmlinuz (the uncompressed image is vmlinux).
• An inode is a data structure that stores a file's metadata — owner, group, permissions, size, timestamps, and the pointers to its data blocks — but not the filename. View inode numbers with ls -i and full details with ls -l.
• The /proc and /sys filesystems are virtual, held in RAM, not on disk. /proc exposes kernel and per-process information as pseudo-files.
• Run-time tunables live in /proc/sys and are set persistently in /etc/sysctl.conf or /etc/sysctl.d/. The bootloader and kernel images live in /boot.

Why is Linux popular?

Linux is a free, open-source, Unix-like operating system originally created by Linus Torvalds in 1991. It is popular because it is free to download and customize, exceptionally stable and scalable, secure by design, and backed by an enormous ecosystem of utilities and libraries. It powers the majority of the world's web servers, cloud instances, and embedded devices.

The Linux boot process — a top interview question

Being able to describe the boot process end to end is one of the most reliable signals of a competent Linux administrator. On a modern system the sequence is:

1. Firmware (BIOS or UEFI) runs the POST (power-on self-test), initializes hardware, and locates a bootable device.
2. Bootloader. On legacy BIOS, firmware reads the MBR (first sector of the disk), which chains to the bootloader. On UEFI, firmware reads the EFI System Partition directly. The standard Linux bootloader today is GRUB 2 (older systems used GRUB Legacy or LILO).
3. Kernel + initramfs. GRUB loads the kernel (vmlinuz) and the initramfs/initrd — a temporary in-memory root filesystem that contains the drivers needed to mount the real root device.
4. init / systemd. The kernel starts PID 1, the parent of all processes. On modern distributions this is systemd; older SysV systems ran /sbin/init, which executed /etc/rc.d/rc.sysinit and run-level scripts.
5. Targets / run-levels. systemd brings the system up to a target (the modern replacement for run-levels), starting services until the login prompt or graphical session appears.

Inspect boot messages with dmesg (the kernel ring buffer) and, on systemd, journalctl -b.

Run-levels and systemd targets

SysV run-levels (0–6) mapped to system states; systemd replaces them with targets. Know the mapping:

On legacy systems the default run-level was set in /etc/inittab. On systemd use systemctl set-default multi-user.target and switch live with systemctl isolate. Enable a service at boot with systemctl enable (the modern replacement for chkconfig).

Storage, partitions, and LVM

Storage questions are heavily weighted because real Linux administrators spend much of their time managing disks. LVM in particular is flagged as critical in nearly every job description.

Partitioning basics

The universal partitioning tool present in every distribution is fdisk (with parted/gdisk for GPT disks larger than 2 TB). A minimal install needs at least two partitions: a root (/) filesystem and swap, though production servers separate /var, /var/spool, /tmp, and /home so a runaway log or mail spool cannot fill the root filesystem.

To mount a partition automatically at boot, add an entry to /etc/fstab with the device (prefer a UUID over /dev/sda1), mount point, filesystem type, options, and dump/pass fields, for example:

1. Create the filesystem: mkfs.ext4 /dev/sdb1
2. Add to fstab: UUID=... /data ext4 defaults 0 2
3. Test without rebooting: mount -a

ext2 vs ext3 vs ext4

The historic difference asked in interviews is between ext2 and ext3: ext3 adds journaling, so after a crash the filesystem can replay the journal instead of running a slow full fsck. ext4 (the modern default on many systems) adds extents, larger volume and file size limits, delayed allocation, and better performance. On current servers you will also meet XFS (default on RHEL) and Btrfs/ZFS.

Note: fsck must never run on a mounted read-write filesystem. To check the root partition you boot into rescue mode or remount it read-only first (mount -o remount,ro /).

LVM (Logical Volume Manager)

LVM abstracts physical disks so you can resize storage without repartitioning. The hierarchy is Physical Volume (PV) → Volume Group (VG) → Logical Volume (LV). The killer feature: you can grow an LV online. The correct way to enlarge storage today is not to delete and recreate a partition — that destroys data — but to extend the volume:

1. Initialize a new disk as a PV: pvcreate /dev/sdc
2. Add it to the volume group: vgextend vg_data /dev/sdc
3. Extend the logical volume and grow the filesystem in one step: lvextend -r -L +20G /dev/vg_data/lv_app

This is the single most important storage workflow to demonstrate in a senior Linux administrator interview.

RAID levels

Know what each common RAID level trades off:

Software RAID on Linux is managed with mdadm. Choose the level by balancing capacity, performance, and how many simultaneous disk failures you must survive.

Package management questions

Expect to compare the low-level and high-level tools on RPM-based systems:

• rpm installs a single package but does not resolve dependencies automatically — it errors if a required package is missing. Query installed packages with rpm -qa (e.g. rpm -qa | grep nfs).
• yum (and its successor dnf) sits on top of RPM, talks to configured repositories, and resolves and installs dependencies automatically: dnf install httpd.
• On Debian/Ubuntu the equivalents are dpkg (low-level) and apt (dependency-resolving).

For unattended, identical-machine deployments, the standard answer is a Kickstart install driven by a ks.cfg file, served over the network via a PXE boot server with the installation tree shared over NFS, HTTP, or FTP. The Red Hat installer program is Anaconda.

User, group, and permission management

This is a guaranteed topic. Be precise about what each command does — several common interview answers found online are wrong.

• /etc/passwd defines every user account with seven colon-separated fields in this order: username : password placeholder (x) : UID : GID : comment(GECOS) : home directory : login shell.
• useradd -m bob creates the account and (with -m) the home directory copied from /etc/skel, but it does not set a password — the account stays locked until you run passwd bob. To reset another user's password: passwd boba.
• Shadow passwords move the hashed password out of world-readable /etc/passwd into root-only /etc/shadow. Enable with pwconv; it replaces the password field in /etc/passwd with x. The password field must not be blank when converting.
• To lock an account, prefix the hash in /etc/shadow with ! (or use passwd -l user); an * or ! means “no valid password,” so the user cannot log in with a password.
• Check disk quotas per user with repquota; set them with edquota after enabling the usrquota/grpquota mount options.

Hard links vs soft (symbolic) links

A widely repeated interview answer gets this backwards, so be careful. A hard link is a second directory entry pointing to the same inode; it works only within the same filesystem and, by default, only for files (not directories). A symbolic (soft) link is a small file containing a path; it can point to files or directories and can cross filesystems, but breaks if the target is removed. Create a symlink with ln -s /data /home/bob/datalink — you cannot hard-link a directory, and there is no -F option for this.

Networking services and remote administration

Senior roles probe your hands-on experience configuring core services. Know what each does and its default port (look up /etc/services for the full list):

Telnet vs SSH

SSH (port 22) encrypts the entire session, so credentials and data cannot be read off the wire; Telnet (port 23) sends everything in plaintext. Always use SSH — Telnet and plain FTP are prohibited in any security-conscious environment.

Name-based vs IP-based virtual hosting

With IP-based virtual hosting each site has its own IP address on the server. With name-based virtual hosting many sites share one IP, and the web server selects the correct site from the HTTP Host header — this requires multiple DNS records pointing at the same IP. Name-based hosting is the norm today.

Practical networking tasks

• Add a second IP to one NIC: on older systems you copied ifcfg-eth0 to ifcfg-eth0:0; on modern systems use NetworkManager (nmcli connection modify eth0 +ipv4.addresses 192.168.1.51/24) or ip addr add.
• Reload Samba shares without dropping connections: on systemd use systemctl reload smb (older systems used service smb restart).
• Investigate DNS records: use nslookup or the preferred modern tools dig and host to query A, MX, and NS records.
• Firewalling: classic iptables rules are now usually managed through firewalld or nftables; host-based access control via TCP wrappers (/etc/hosts.allow, /etc/hosts.deny) is legacy but still worth knowing.

Process management, jobs, and scheduling

• List and monitor processes: ps aux for a snapshot, top (or htop) for a live, dynamically updated view.
• Priority: start a job at a lower priority with nice; change a running process's priority with renice (or interactively inside top).
• Background a job: press Ctrl+Z to suspend, then bg to resume it in the background; jobs lists them and fg brings one forward.
• cron vs at: cron runs jobs on a recurring schedule (via crontab), while at runs a command once at a specified future time.
• Exit status: the special variable $? holds the exit code of the last command (0 = success). Check it with echo $?.

Backup, logging, and recovery

Plan a backup strategy around four questions: what to back up, how often, how long it takes, and which media you will use. Core tooling:

• tar creates archives: tar czf backup.tar.gz /home (the z flag adds gzip compression). List contents with tar tvf backup.tar.gz and restore a single file with tar xf backup.tar.gz path/to/file.
• cpio archives a file list: find /home | cpio -o > backup.cpio.
• Compressed logs: read a gzipped log without decompressing it using zcat (or zless/zgrep).
• Log rotation is automated by logrotate. The main system log is traditionally /var/log/messages (and /var/log/syslog on Debian); on systemd, query the binary journal with journalctl. The legacy logging daemon was syslogd; modern systems use rsyslog or systemd-journald.

Troubleshooting questions — where seniors stand out

Open-ended troubleshooting is the heart of an experienced Linux administrator interview. Walk through your reasoning out loud.

“/var is full — what do you do?”

Do not blindly delete logs. First find the culprit: du -sh /var/* | sort -h and df -h. Truncate or rotate oversized active logs (logrotate --force), clear stale package caches, and check for files still held open by a process after deletion with lsof | grep deleted. The durable fix is to put /var on its own LVM volume and extend it with lvextend -r — not to recreate a partition.

“The server won't boot / kernel panic.”

A kernel panic on boot is commonly caused by a bad /etc/fstab entry, a missing root device, a broken initramfs, or a faulty kernel update. Boot into an earlier kernel or rescue mode from the GRUB menu, read the panic message, fix fstab or rebuild the initramfs (dracut --force), and reinstall or roll back the kernel. Always keep a known-good kernel in the GRUB list.

“A command behaves unexpectedly — which binary is running?”

Use which or, better, type -a command to see every match in your PATH (and whether it is a shell alias or function). To learn what an unknown command does, use whatis for a one-line summary or man for full documentation; application docs live under /usr/share/doc (historically /usr/doc).

“Recover a deleted file.”

The honest, correct answer: stop writing to that filesystem immediately to avoid overwriting the freed blocks. If a process still has the file open, recover it from /proc/<pid>/fd/. For ext filesystems, extundelete or debugfs (lsdel) may recover it from an unmounted device. The real lesson interviewers want: reliable backups are the only dependable recovery method.

Basic shell scripting and everyday commands

You will be asked to read or write small scripts and to recall handy one-liners. A few that come up repeatedly:

• View the end of files: tail -n 15 dog cat horse shows the last 15 lines of each (tail -15 also works on GNU systems).
• Stream editing: sed 's/old/new/g' input > output replaces all occurrences; g means global (every match on a line).
• Identify your shell: echo $SHELL.
• Run commands serially: separate them with ; (or && to stop on first failure).
• Switch to another user: su - (or sudo -i) to become root without logging out; type exit to return.
• Recent history: history 5 shows your last five commands; kernel version via uname -r.
• Make scripts available to all users: add the script's directory to PATH for everyone by editing a profile in /etc/profile.d/ (cleaner than editing /etc/profile directly).

Behavioral and experience questions

Technical depth is necessary but not sufficient. Prepare honest, specific answers to:

• “Why should we hire you?” Tie your strengths to the role: reliability, uptime ownership, automation, and clear communication. Give a concrete example.
• “Describe your daily activities.” Monitoring and alerting, patching, backups and restore tests, capacity and performance tuning, incident response, and documentation.
• “Tell me about a critical issue you solved.” Use the situation → action → result structure: what broke, how you diagnosed it, the fix, and what you changed to prevent a recurrence.

Key Takeaways

• Master the boot process (firmware → GRUB → kernel + initramfs → systemd → target) — it is the most common opening question in a Linux administrator interview.
• Demonstrate LVM: extend storage online with lvextend -r rather than recreating partitions, and know the RAID levels cold.
• Be precise about users and links: useradd never sets a password, and a hard link shares an inode while a soft link (ln -s) stores a path and can span filesystems and directories.
• Default to secure, modern tools: SSH over Telnet, systemd over SysV, dnf/apt for dependency resolution, journalctl alongside /var/log.
• For troubleshooting, show your reasoning — diagnose before you delete, and treat backups as the real recovery plan.

Frequently Asked Questions

What should a fresher prepare for a Linux administrator interview?

Focus on fundamentals: the boot process, run-levels/targets, file permissions, the /etc/passwd and /etc/shadow structure, basic networking and SSH, package management with dnf/apt, and writing simple shell scripts. Practice on a real virtual machine so you can demonstrate commands, not just recite them.

What is the difference between rpm and yum?

rpm installs or queries a single package but does not resolve dependencies, so it fails when a required package is missing. yum (and its successor dnf) works on top of RPM, pulls packages from configured repositories, and automatically installs all dependencies.

How do I explain LVM in an interview?

Say LVM layers Physical Volumes into Volume Groups, from which you carve flexible Logical Volumes. Its advantage is that you can grow, shrink, snapshot, and move storage online without repartitioning — ideal for production servers that must stay up while disks change.

Is knowing systemd more important than SysV init?

Yes for current roles. Nearly all modern distributions use systemd, so be fluent with systemctl, targets, and journalctl. Knowing the older SysV run-levels and /etc/inittab is still useful for legacy systems and for explaining how things evolved.

For more Linux, sysadmin, and cloud career walkthroughs, subscribe to @explorenystream on YouTube.