This post has some practical and real-world Linux administration interview questions and answers. I will be adding more questions and answers to this post. If you want to contribute, please add details in comments.
Question : /etc/shadow file maintains the encrypted passwords for users in Linux systems. This file has permissions 000, which means that no one except root will able to read or write anything to this file.
When a tries to change his password using “passwd” command, how does the encrypted password gets updated to the /etc/shadow file, when the user has no read/write privilege to /etc/shadow file ? How ?
This is possible because the /usr/bin/passwd command has setuid flag on. setuid (“set user ID upon execution”) is Unix access rights flags that allow users to run an executable with the permissions of the executable’s owner or group respectively and to change behavior in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task.
In this case, the normal user gets elevated privilege (as root) when executing passwd command because of the setuid flag. That is the reason the user is able to edit /etc/shadow and update the password when running /usr/bin/passwd command.
Question : What is setuid and setgid ? And, what is the usage of them?
setuid (“set user ID upon execution”) and setgid (“set group id upon execution”) Unix access rights flags that allow users to run an executable with the permissions of the executable’s owner or group respectively and to change behavior in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task.
Please see the answer for the previous question on the usage of setuid.
Question : How do you list all the open files opened by various running processes?
Use lsof command, which will list all open files used by the system’s running processes.
Question : How do you find the count of open file descriptors and file names used by a process ?
Find the pid of the process and grep through the ouput of lsof. Example, I want to see all the files used by “cron” process.
[[email protected] opt]# ps -ef | grep cron
root 867 1 0 Feb06 ? 00:00:00 /usr/sbin/crond -n
root 9413 8590 0 19:45 pts/0 00:00:00 grep –color=auto cron
[[email protected] opt]# lsof | grep -w 867
crond 867 root cwd DIR 253,0 283 96 /
crond 867 root rtd DIR 253,0 283 96 /
crond 867 root txt REG 253,0 65960 8758051 /usr/sbin/crond
crond 867 root mem REG 253,0 56784 8422899 /usr/lib64/libnss_files-2.25.so
crond 867 root mem REG 253,0 112847792 4195242 /usr/lib/locale/locale-archive
crond 867 root mem REG 253,0 153960 8422901 /usr/lib64/libpthread-2.25.so
crond 867 root mem REG 253,0 19352 8509283 /usr/lib64/libcap-ng.so.0.0.0
Question : List the steps to add a swap file to a server and enable it at boot time.
Question : How do you change password expiry settings for a user?
Using chage command, refer https://www.cloudibee.com/change-password-expiry-in-linux/ for examples.
Question : What is an A record, an NS record, a PTR record, a CNAME record, an MX record?
Question : Explain the steps to setup password-less ssh for a user.
Question : What is the command to identify process-id that is listening on a specific port?
netstat -ntp lists all the listening tcp ports with its process id associated. Here for example, I am searching for port 22 and you can see “sshd” process and its process-id listed.
Question : Write a simple bash script to load/stress the CPU of the server
Question : How do you remove all the log files that are not modified in the last 2 weeks?
Use find command and pipe the output to xargs command to remove the file. Here –mtime +14, instructs find command to list only files that were modified 14 days back.
[[email protected] opt]# find /-name “*.log” -mtime +14 -print | xargs rm –f
Question : How to list all the log files that are greater than 100M.
Use find command with -size argument to find the list of files with +/- specified size.
[[email protected] /]# find / -name “*.log” -size +100M -print
Question : How do you list all the files present in an installed rpm package?
The rpm -ql option lists the files that were installed as part of rpm.
[[email protected] ssh]# rpm -ql ntp-4.2.8p10-1.fc26.x86_64
Question : You are not able to login to the system with the root password. What are the various options to reset the root password ?
Question : How do you ensure that ssh doesn’t disconnect in 5 minutes of ssh session idle time?
It’s quite annoying if your ssh session gets terminated after a short idle time , like 5 minutes. Tweaking ssh settings can help in remediating this problem with ssh idle timeout.
Check the ssh server configuration /etc/ssh/sshd_config file on your ssh server.
This shows that ClientAliveInterval is set to 300, which means that the ssh session gets disconnected after 5 minutes of no activity. Set this ClientAliveInterval value to a maximum number based on your need. Remember that if you update sshd_config, you need to restart sshd service on your server.
Question : What is hugepages ?
Memory is managed in blocks known as pages. The default page size is 4096 Bytes in the x86 architecture. CPUs have a built-in memory management unit that contains a list of these pages, with each page referenced through a page table entry.
Hugepages is a mechanism that allows the Linux kernel to utilize the multiple page size capabilities of modern hardware architectures.Hugepages allows large amounts of memory to be utilized with a reduced overhead. Read more details and commands for hugepages at https://www.cloudibee.com/linux-hugepages/
Question : How do you change default kernel in grub2?
Question : How do you configure static routing in Linux ?
This is one of the frequently asked questions in interview.
Static routes will be added usually through “route add” or “ip route” command. However, “route add” command configures routing on the runtime and doesn’t persist the configuration after a reboot. To make it persistent across reboots, you have to add it to /etc/sysconfig/network-scripts/route-<interface-file> . For example, static routes for the eth0 interface would be stored in the
See the steps to set persistent static routes at https://www.cloudibee.com/static-route-linux/
Question : How do you find the current working directory of a running process?