Your experience on this website will be improved by allowing Cookies.
It's the last day for these savings
Linux has become the backbone of modern IT infrastructure, powering everything from servers to mobile devices. As a result, Linux skills are in high demand across industries, especially for roles in system administration, DevOps, and software engineering.
In this article, we’ll explore some of the top must-ask Linux interview questions that will help you prepare and showcase your expertise. From basic commands to advanced shell scripting, these questions cover a wide range of topics essential for any Linux-based role. Let’s dive into the key areas interviewers focus on and how you can approach these questions with the best confidence.
Linux is an open-source, Unix-like operating system kernel. It is widely used on servers, desktops, and embedded systems due to its stability, security, and flexibility. Distributions (distros) like Ubuntu, CentOS, and Red Hat are built on Linux and provide a complete operating system.
Unix is a proprietary operating system originally developed by AT&T in the 1970s.
Linux is an open-source kernel inspired by Unix. Many Linux distributions (e.g., Ubuntu, Fedora) are Unix-like systems but not direct derivatives.
The main difference is that Linux is freely distributed and can be modified, whereas Unix versions are generally proprietary.
An inode is a data structure on a filesystem in Linux that stores information about a file or a directory except its name or its actual data. It contains metadata such as file permissions, ownership, file size, and pointers to the actual data blocks.
A process is an instance of a program in execution, while a thread is a lightweight unit of execution within a process.
Process:
A process has its own memory space, resources, and execution context.
Processes are relatively heavyweight and require more system resources to create and manage. Processes can communicate with each other using inter-process communication (IPC) mechanisms.
Thread:
A thread shares the memory space and resources of its parent process.
Threads are lightweight and require fewer system resources to create and manage. Threads within the same process can communicate directly with each other.
The Linux kernel is the core component of the Linux operating system. It's responsible for managing the system's hardware resources and interacting with applications.
The shell is a command-line interface (CLI) that allows users to interact with the Linux operating system. It provides a way to enter commands and receive output from the system. Think of it as the user's interface to the underlying kernel.
An inode (index node) and a dentry (directory entry) are two crucial concepts in the Linux file system. They work together to represent files and directories.
Inode:
- Contains metadata about a file or directory, such as its owner, permissions, size, creation time, and the location of its data blocks on disk.
- Each file or directory has a unique inode number.
- Inodes are stored in a separate structure called the inode table.
Dentry:
- Represents a directory entry that points to an inode.
- It contains the name of the file or directory and a pointer to its corresponding inode.
- Dentries are stored in memory and are used to quickly locate files and directories within a directory.
File permissions in Linux determine the actions that users can perform on files and directories, such as reading, writing, or executing them. These permissions help maintain security and control access to system resources.
Read (r): Permission to view or read the contents of a file.
Write (w): Permission to modify or delete the file.
Execute (x): Permission to run the file as a program or script.
In Linux, file permissions can be changed using the chmod (change mode) command. You can modify permissions in two main ways: symbolic and numeric mode.
Symbolic Mode
You specify which user (owner, group, or others) to change and the type of permission (read, write, execute).
Format: chmod [user][+/-][permission] filename
u = user (owner), g = group, o = others, a = all.
+ adds a permission, - removes it, and = sets the exact permission.
Numeric Mode
Permissions are represented numerically where:
4 = read (r), 2 = write (w), 1 = execute (x).
The three-digit number represents permissions for the owner, group, and others respectively
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are both transport layer protocols used in networking, but they have distinct characteristics and use cases.
Feature | TCP | UDP |
Connection-oriented | Yes | No |
Reliability | Reliable | Unreliable |
Order of delivery | Guaranteed | Not guaranteed |
Error checking | Yes | No |
Overhead | Higher | Lower |
Suitable for | File transfer, email, web browsing | Streaming media, online gaming, real-time communication |
IP Address (Internet Protocol Address):
- A unique numerical label assigned to each device connected to a computer network.
- Used to identify devices and enable communication between them on the network.
- Consists of four octets (groups of eight bits) separated by periods, e.g., 192.168.1.1.
- A 32-bit binary mask used to divide an IP address into two parts: the network address and the host address.
- The network address identifies the network segment to which a device belongs.
- The host address identifies a specific device within that network segment.
Example: For the IP address 192.168.1.100 and the subnet mask 255.255.255.0, the network address is 192.168.1.0 and the host address is 192.168.1.100.
Use the useradd, usermod, userdel, groupadd, groupmod, and groupdel commands.
A package manager in Linux is a software tool that automates the process of installing, updating, and removing software packages on a Linux system. It simplifies the task of managing software dependencies and ensures that all necessary components are installed correctly.
To troubleshoot network connectivity issues on Linux, you need to check your physical connections, IP configuration, routing tables, and DNS configuration. Then, use tools like ping, traceroute, and firewall testing to detect and resolve network issues.
Shell scripting is the process of writing scripts or programs using a shell, which is a command-line interpreter in Unix-based systems like Linux. These scripts consist of a series of commands that are executed by the shell to automate repetitive tasks, manage system operations, or perform complex workflows.
Shell scripts can manipulate files, start programs, and handle variables, loops, and conditions, making them powerful tools for system administrators, developers, and users to efficiently manage tasks as well as processes on the system. Common shells used for scripting include Bash, Zsh, and Sh.
Common shell scripting constructs include:
Variables: Used to store values.
Conditionals: Make decisions based on conditions (if-else, case).
Loops: Repeat actions multiple times (for, while, until).
Functions: Used to define reusable blocks of code.
Input/output redirection: Redirect the input or output of a command.
Piping: Connect the output of one command to the input of another.
Daemon and service are often used interchangeably, but there are subtle differences between them.
- A daemon is a background process that runs continuously, often without user interaction.
- It is typically responsible for specific system tasks or services.
- Examples of daemons include:
sshd (SSH daemon)
httpd (HTTP daemon)
mysqld (MySQL daemon)
Service:
- A service is a more general term that can refer to any application or process that provides a function to the system.
- A service can be a daemon, but not all daemons are services.
- Services can be managed using systemd or other service management tools.
Virtualization is a technology that creates multiple virtual machines (VMs) on a single physical machine by abstracting its hardware resources. This enables the running of multiple operating systems (OS) and applications on the same physical hardware, each isolated in its own environment as if they were running on separate physical machines.
Containers are a lightweight form of virtualization that runs applications and their dependencies in isolated environments, but instead of virtualizing the hardware, they virtualize the operating system kernel. Containers share the host OS kernel but run isolated processes, ensuring each container has its own file system, libraries, and dependencies.
To check disk usage, you can use the df command. Another useful command is du, which gives disk usage information about directories and files.
grep (Global Regular Expression Print) is used to search for specific patterns within files. For example, to find the word "error" in a log file:
grep 'error' /var/log/syslog
You can also use regular expressions with grep for more complex searches.
The ps command is used to display running processes. For a detailed list of all processes:
ps aux
Alternatively, you can use the top or htop commands to interactively monitor processes, CPU, and memory usage.
A symbolic link (symlink) is a type of file that points to another file or directory. It acts as a shortcut. You can create a symlink using the ln command with the -s option:
ln -s target_file link_name
This creates a symbolic link named link_name that points to target_file.
Hard Link: A direct reference to the inode of the original file. Both the original and hard links share the same inode number, and even if the original file is deleted, the hard link will still have the data.
Soft Link (Symbolic Link): A pointer to the original file path. If the original file is deleted, the symlink becomes invalid (a broken link).
The chmod command is used to change file permissions. Permissions can be set using symbolic or numeric notation. For example, to give read, write, and execute permissions to the owner, and read and execute permissions to the group and others:
chmod 755 filename
sudo: Allows a permitted user to execute a command as the superuser (root) or another user, based on configuration. It is typically used for running single commands with elevated privileges.
su: Switches the current user to another user, typically root, and opens a new shell session under that user’s privileges.
You can check memory usage with the free command:
free -h
Additionally, you can use the top or htop commands to view real-time memory usage.
crontab is a scheduler used to run commands or scripts at specified times or intervals. You can edit the crontab file using:
crontab -e
To schedule a job, you define the minute, hour, day, month, and weekday fields followed by the command to execute.
Example: Run a backup script at midnight every day:
0 0 * * * /path/to/backup.sh
You can kill a process using the kill command with the process ID (PID):
kill PID
To forcefully kill a process:
kill -9 PID
Linux employs a complex and efficient memory management scheme to handle the system's memory resources, ensuring isolation, protection, and performance optimization for processes.
Memory is allocated using the buddy system, which divides memory into blocks of different sizes and pairs them when needed, reducing fragmentation. For objects of similar sizes, Linux uses slab and slub allocators to optimize memory reuse.
The system also employs demand paging, loading pages into memory only when necessary, which conserves memory and reduces startup times. When physical memory is insufficient, the system uses swap space on disk to move inactive pages out of RAM, though this reduces processing speed.
Virtual Memory Areas (VMAs) are tightly managed to control access permissions and protect memory. Notably, memory is divided into user space and kernel space, ensuring safety and stability for the operating system.
Linux also supports memory management for multi-processor systems with Non-Uniform Memory Access (NUMA), optimizing memory allocation based on the proximity of CPUs and memory.
Finally, when the system's memory runs critically low, Linux can use the OOM killer to terminate processes that consume excessive memory, keeping the system stable. This scheme helps Linux maintain a balance between performance and system protection, ensuring that memory is used efficiently and securely.
A system call is a mechanism that provides the user-level program to interact with the operating system (OS) kernel. It acts as an interface between the application software and the hardware. System calls play an important role because user programs generally do not have direct access to the system's resources, like memory or I/O devices, for security and stability reasons. Instead, they rely on the kernel, which runs with higher privileges, to manage and allocate these resources on their behalf.
Key functions of the init process:
Boot process: The init process is the first process to be executed after the kernel has been loaded. It initializes the system by starting essential services and processes.
Process management: init manages the lifecycle of other processes on the system. It can start, stop, and restart processes as needed.
Runlevel management: init switches between different system runlevels, such as single-user mode, multi-user mode, or emergency mode.
Daemon management: init starts and stops daemons (background processes) that provide system services.
Use ip (modern) or ifconfig (deprecated) to configure interfaces manually.
Use /etc/network/interfaces (Debian) or /etc/sysconfig/network-scripts/ (Red Hat) for persistent configuration.
Use Netplan or NetworkManager (nmcli, nmtui) for more complex network setups and easier management on modern Linux systems.
Linux systems, while secure, can face common vulnerabilities:
Privilege Escalation: Exploiting system flaws to gain unauthorized root access (e.g., Dirty COW).
Weak Access Controls: Misconfigured permissions exposing sensitive files or services.
Buffer Overflows: Exploiting memory issues to run malicious code.
Unpatched Software: Using outdated software with known vulnerabilities (e.g., Heartbleed).
Insecure SSH Configurations: Weak SSH settings, like allowing root login or weak passwords.
Denial of Service (DoS): Overloading services, making them unavailable.
Misconfigured Firewalls: Leaving unnecessary ports open, increasing the attack surface.
Weak Authentication: Poor password policies or missing multi-factor authentication (MFA).
Insecure File Transfers: Using unencrypted protocols like FTP.
SQL Injection: Exploiting web applications to manipulate databases.
Rootkits: Malicious software hiding to grant unauthorized root access.
Weak Cryptography: Using outdated or insecure encryption methods.
Hardening a Linux system includes several steps to improve its security and minimize vulnerabilities.
Regularly updating the system and installing software for security flaws are patched.
Configuring firewalls like iptables or UFW restricts network access while disabling unnecessary services reduces the system’s attack surface.
Secure SSH configurations, such as disabling root login and using key-based authentication to prevent unauthorized remote access.
Enforce strong user authentication, implement encryption for sensitive data, and enable security modules like SELinux or AppArmor for additional protection.
Regularly auditing system logs, setting up intrusion detection systems like Fail2Ban, and performing periodic security scans using tools like Lynis for detecting potential security issues.
Setting proper file permissions, limiting user privileges, and using secure file transfer methods help safeguard data as well as prevent unauthorized access.
SELinux (Security-Enhanced Linux) is a security module integrated into the Linux kernel that enforces mandatory access control (MAC) policies. Unlike traditional discretionary access control (DAC) systems, where users can control permissions on files they own, SELinux adds a stricter layer of security, preventing even root users or compromised applications from performing unauthorized actions.
How SELinux works:
Labeling: SELinux assigns security labels to all subjects and objects in the system. These labels can be simple or complex, depending on the desired level of granularity.
Policy Enforcement: The SELinux kernel module enforces a set of rules, known as the security policy, that define which subjects are allowed to access which objects.
Evaluation: When a subject attempts to access an object, SELinux evaluates the labels of both the subject and the object to determine if the access is allowed.
Access Control: If access is allowed according to the policy, the operation proceeds. If the access is denied, SELinux blocks the operation and logs an audit event.
ext2 is a basic and reliable file system, suitable for older systems.
ext3 introduced journaling for improved reliability.
ext4 is the most modern and feature-rich file system, offering better performance and scalability.
The /proc filesystem provides:
Real-time access to process and system information.
An interface for kernel introspection and monitoring.
A method for adjusting kernel parameters dynamically.
The key differences between IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) are based on their addressing schemes, features, and capabilities, primarily driven by the need to accommodate a growing number of internet-connected devices.
Feature | IPv4 | IPv6 |
Address Length | 32-bit | 128-bit |
Address Format | Decimal (e.g., 192.168.1.1) | Hexadecimal (e.g., 2001:db8::) |
Address Space | ~4.3 billion addresses | ~340 undecillion addresses |
Configuration | DHCP, manual (static) | SLAAC, DHCPv6 |
Security | Optional IPSec | Mandatory IPSec |
Header Size | Complex (20-60 bytes) | Simplified (40 bytes) |
Fragmentation | By hosts and routers | Only by hosts |
Broadcast | Supports broadcasting | No broadcasting (multicast only) |
NAT | Commonly used | Not needed |
Compatibility | In use, supported widely | Not backward compatible |
Question 40. Explain the concept of NAT (Network Address Translation).
Network Address Translation (NAT) is a technique used in networking to modify IP address information in packet headers as they pass through a router or firewall. NAT is commonly used to allow multiple devices on a private network (using private IP addresses) to share a single public IP address when accessing external networks, such as the Internet. It conserves the limited pool of public IPv4 addresses, enhances security, and simplifies internal network management.
A firewall in Linux acts as a security barrier, controlling network traffic to and from a system.
Blocking unwanted traffic: Firewalls can block traffic from specific IP addresses, networks, or ports to prevent unauthorized access.
Allowing authorized traffic: Firewalls allow traffic from specific sources or ports, so only legitimate traffic can reach the system.
Packet filtering: Firewalls can filter packets based on various criteria, such as source and destination IP addresses, protocols, and port numbers.
Stateful inspection: Firewalls track the state of network connections, allowing them to distinguish between legitimate and malicious traffic.
SSH (Secure Shell) is a cryptographic network protocol used to securely access and manage remote systems over an unsecured network. Users can log into a remote machine and execute commands, transfer files, or manage network services securely by encrypting the communication between the client and the server.
Common uses of SSH:
Remote administration: Accessing and managing remote Linux systems.
File transfer: Transferring files securely between systems using the scp or sftp commands.
Tunneling: Creating secure tunnels for other protocols, such as accessing web applications behind a firewall.
Port forwarding: Forwarding ports on a remote system to a local machine.
General-purpose monitoring tools:
top: A classic command-line tool that displays real-time information about system processes, CPU usage, memory usage, and more.
htop: A more interactive version of the top with a colorful interface and additional features.
vmstat: Displays system statistics, including memory usage, disk I/O, and CPU activity.
iostat: Provides statistics about block device I/O.
mpstat: Displays CPU utilization statistics.
sar: System Activity Reporter, a versatile tool that can collect and report various system statistics.
Disk Usage: Use tools like df, du, lsblk, and ncdu to check how much space is used on the filesystem and identify which directories are consuming the most space.
Disk Performance: Use iostat, iotop, dstat, and vmstat to monitor disk I/O performance in real-time, and smartctl to check for hardware issues.
RAID (Redundant Array of Independent Disks) is a data storage technology that combines multiple physical disk drives into a single logical unit to improve data redundancy, performance, or both. RAID can be implemented either in hardware (via a RAID controller) or in software (through the operating system).
In Linux, there are several types of backups, each suited to different needs based on the level of data protection, the amount of data to back up, and the frequency of backups.
Full Backup: Backs up all data, easy to restore but uses a lot of space and time.
Incremental Backup: Only backs up data that changed since the last backup, minimizing storage but increasing restoration complexity.
Differential Backup: Backs up changes since the last full backup, balancing between full and incremental backups.
Mirror Backup: Maintains an exact copy of the source data, with no change history.
Snapshot Backup: Captures the state of a file system at a specific point in time with minimal overhead, but often on the same disk.
Mastering Linux to pursue a career in IT, whether in system administration, DevOps, or software development. The questions we’ve covered in this article represent the foundational and advanced concepts that interviewers often explore to assess your proficiency.
Remember, the key to success in a Linux interview is not just memorizing commands but demonstrating your ability to solve problems, think critically, and apply your knowledge in practical situations. Stay curious, keep learning, and with the right preparation, you'll be able to showcase your skills confidently and land that Linux-focused role you’ve been aiming for.
To explore more deeply what is related to Linux in particular and information technology in general, you can register for Skilltrans courses. We have a variety of courses to equip you with knowledge.
Meet Hoang Duyen, an experienced SEO Specialist with a proven track record in driving organic growth and boosting online visibility. She has honed her skills in keyword research, on-page optimization, and technical SEO. Her expertise lies in crafting data-driven strategies that not only improve search engine rankings but also deliver tangible results for businesses.