Table of Contents

Top 20 Linux Interview Questions and Answers

By Updated on Aug 25, 2025
Linux Interview questions and Answers
Table of contents

So you’ve got a Linux interview coming up. Most guides out there are just a huge list of Linux commands and definitions. Let’s be real, interviewers don’t just want to know if you can memorize a man page. They want to know if you can actually think like an admin and solve real problems.

This guide is broken down just like a real technical interview. We’ll start with the absolute basics that you can’t fail. Then we’ll move into system and process management, cover networking essentials, and finish with the scenario-based troubleshooting questions that separate a junior from a senior candidate.

Free Course

Free Linux Course for Beginners

Comprehend Linux basics with this beginner's free Linux tutorial. Get familiar with Linux operating system and understand its history, benefits, architecture, components, and basic commands.

61.9K+ Learners
4.47/5
Free Linux Course

Core Concepts & The Filesystem

These are fundamental. Mess these up and the interview is over.

1. What is the Linux Kernel?

It’s the core of the operating system. It manages the hardware, memory, and CPU. Everything else, like the shell and applications, talks to the kernel to get things done. It’s the bridge between software and hardware. Don’t say it’s the “whole OS,” because it’s not.

2. Explain the Linux Filesystem Hierarchy Standard (FHS).

It’s the standard directory structure. Knowing what goes where is critical for finding files and troubleshooting. Key directories you must know:

  • /bin: Essential user command binaries (ls, cp, etc.).
  • /sbin: Essential system binaries, for root (fdisk, shutdown).
  • /etc: All system-wide configuration files. You’ll live in this directory.
  • /var: Variable files. Logs (/var/log), mail, and spools are here.
  • /usr: User programs and data. This is where most user-level software gets installed.
  • /home: User home directories.
  • /root: The root user’s home directory.
  • /proc: A virtual filesystem with information about system processes. It doesn’t take up disk space.
  • /dev: Device files (disks, terminals, etc.).
  • /tmp: Temporary files. Often cleared on reboot.

3. What is an inode?

An inode stores metadata about a file: permissions, owner, group, size, timestamps, and the location of the file’s data blocks on the disk. Every file and directory has an inode. The filename itself is just a pointer to the inode. This is a classic question to test your fundamental understanding.

Hard Link: A hard link is another name for the same inode. You can’t create a hard link for a directory, and you can’t link to a file on a different filesystem. If you delete the original file, the hard link still works because the inode and data are only removed when all links to them are gone.

Symbolic Link (Symlink): A symlink is a pointer to another file by name. It’s a separate file with its own inode. It can link to directories and span across different filesystems. If you delete the original file, the symlink becomes a broken link.

Process Management

You need to know how to manage what’s running on the system.

5. How do you check running processes?

  • ps aux: Shows all running processes from all users in BSD format.
  • ps -ef: Shows all running processes in System V format. A common follow-up is to explain the difference in output format.
  • top / htop: Shows a real-time, interactive list of processes, ordered by CPU usage by default. htop is top but better.

6. What’s the difference between a process and a thread?

A process is an instance of a running program. It has its own memory space. A thread is the smallest unit of execution within a process. Multiple threads can exist within a single process and they share the same memory space. This makes threads lighter than processes.

7. How do you find and kill a process?

First, find the Process ID (PID) using ps or pgrep.

ps aux | grep nginx
pgrep nginx

Then, use kill to send a signal to it.

kill <PID>

: Sends the default TERM signal (15), which asks the process to shut down cleanly.

kill -9 <PID>

or

kill -SIGKILL <PID>

: Sends the KILL signal (9), which forces the kernel to terminate the process immediately. This is a last resort; the process gets no chance to clean up.

8. What is a zombie process?

A zombie process is a process that has completed execution, but its entry still remains in the process table. This happens when the parent process hasn’t “reaped” the child process by reading its exit status. They don’t consume system resources besides a tiny bit of memory for the process table entry. You can’t kill a zombie process directly; you have to kill its parent process.

File Permissions and Ownership

This is non-negotiable. You must know this inside and out.

9. How do you change file permissions in Linux?

You use the chmod command. There are two ways:

  • Symbolic: chmod u+x file (adds execute permission for the user), chmod g-w file (removes write for group), chmod o=r file (sets others to read-only).
  • Octal (Numeric): Permissions are represented by numbers: read (4), write (2), execute (1). You add them up for each category (user, group, other).
    chmod 755 file
    : User gets read/write/execute (4+2+1=7), group and others get read/execute (4+0+1=5). This is common for directories.chmod 644 file
    : User gets read/write (4+2=6), group and others get read-only (4). Common for regular files.

10. How do you change the owner and group of a file?

You use chown to change the owner and chgrp to change the group. You can do both with chown.

chown user file

: Changes the owner of file to user.

chgrp group file

: Changes the group of file to group.

chown user:group file

: Changes both the owner and the group at the same time.

Networking

Every Linux system is on a network. You must know the basics.

11. How do you check the IP address and network interfaces?

  • ip addr or ip a: The modern command to show network interfaces and IP addresses.
  • ifconfig: The older, now deprecated command. Still found on many systems.

12. How do you check for open ports and listening services?

  • netstat -tuln: Shows active TCP (t) and UDP (u) listening (l) ports with numeric addresses (n).
  • ss -tuln: The modern replacement for netstat. It’s faster.

13. What’s the difference between TCP and UDP?

TCP (Transmission Control Protocol): Connection-oriented. It establishes a connection before sending data and guarantees that packets are delivered in order and without errors. It performs a “three-way handshake” (SYN, SYN-ACK, ACK) to start a connection. Used for HTTP, SSH, FTP.

UDP (User Datagram Protocol): Connectionless. It sends packets without establishing a connection. It’s faster but doesn’t guarantee delivery or order. Used for DNS, video streaming, online gaming where speed is more important than perfect reliability.

14. Explain how DNS resolution works.

When you type a domain name (e.g., google.com), the system needs to find its IP address.

  • It first checks the local /etc/hosts file.
  • If not found, it queries the DNS server(s) listed in /etc/resolv.conf.
  • The resolver asks a root DNS server, which points to a Top-Level Domain (TLD) server (for .com).
  • The TLD server points to the authoritative name server for the specific domain.
  • That authoritative server returns the IP address. The result is cached locally to speed up future requests.

Shell Scripting & Command Line Fu

They will test your ability to work on the command line.

15. What are grep, awk, and sed used for?

  • grep: Searches for patterns in text. grep 'error' /var/log/syslog finds all lines containing “error” in the syslog.
  • sed: A stream editor. Used for performing text transformations like find-and-replace on a stream of text. sed 's/foo/bar/g' file.txt replaces all instances of “foo” with “bar”.
  • awk: A pattern-scanning and processing language. It’s more powerful than sed and is great for processing structured text files, like logs or CSVs. awk '{print $1, $3}' log.txt prints the first and third columns of a log file.

16. How would you find all files in /var/log modified in the last 24 hours?

Use the find command.

find /var/log -mtime 0 -type f
  • -mtime 0: Specifies a modification time of the last 24 hours.
  • -type f: Specifies to only find files.

17. Explain the difference between && and ; in a command.

  • command1 ; command2: Sequential execution. command2 runs after command1 finishes, regardless of whether command1 was successful or not.
  • command1 && command2: Conditional execution. command2 runs only if command1 completes successfully (returns a zero exit status).

Scenario-Based and Troubleshooting Questions

This is where they separate the people who have actually done the work from those who just read about it.

18. A user reports they cannot log in via SSH. How do you troubleshoot?

Think methodically, from the user’s machine to the server.

  • Client-Side: Is the user using the correct username, IP address, and key? Can they ping the server? Is their own firewall blocking port 22?
  • Network: Is there a firewall between the user and the server blocking port 22?
  • Server-Side:
    • Is the SSH service (sshd) running? Check with systemctl status sshd or ps aux | grep sshd.
    • Is the server’s firewall (like iptables or firewalld) blocking port 22? Check the rules.
    • Check the SSH logs in /var/log/auth.log or a similar location for error messages. This usually tells you exactly what’s wrong (e.g., “Permission denied,” “Authentication refused”).
    • Check the SSH configuration file (/etc/ssh/sshd_config). Is PasswordAuthentication disabled when it shouldn’t be? Is the user’s account locked or password expired?

19. A web server is running slow. What are the first things you check?

This is a classic open-ended question to test your thought process.

  • Check System Resources: Use top or htop to check CPU and memory usage. Is a specific process maxing out the CPU? Is the system out of memory and swapping heavily?
  • Check Disk I/O: Use iostat or iotop. Is the disk bottlenecked?
  • Check Network: Use netstat or ss to see the number of connections. Is there a flood of traffic?
  • Check the Logs: Look at the web server’s access and error logs (/var/log/nginx/ or /var/log/apache2/). Are there a lot of errors or requests to a slow part of the application? Check the system logs (/var/log/syslog or journalctl) for any hardware or kernel-level errors.

20. You run rm some_large_file but df -h doesn’t show the disk space being freed. Why?

The most common reason is that another process still has the file open. Even though the file’s link in the directory is gone, the inode and data blocks are not deleted until every process that has it open closes it.

Use lsof | grep '(deleted)' to find processes holding open file handles to deleted files. Restarting that process will release the file handle and free the disk space.

Also Read:

Avatar photo
Great Learning Editorial Team
The Great Learning Editorial Staff includes a dynamic team of subject matter experts, instructors, and education professionals who combine their deep industry knowledge with innovative teaching methods. Their mission is to provide learners with the skills and insights needed to excel in their careers, whether through upskilling, reskilling, or transitioning into new fields.
Recommended for you
Scroll to Top