Linux Interview Questions and Answers for System Administrators

These are the most frequently asked Linux system administrator interview questions at enterprise companies. They cover everything from basic commands to RHCA-level topics.

Disk and Storage Questions

1. What is the difference between a physical disk and a logical volume?

A physical disk is hardware-level storage (e.g., /dev/sda). A logical volume is a flexible partition created by LVM that can span multiple physical disks and be resized without downtime.

2. How would you extend a filesystem that is running out of space?

# If on LVM:
# vgdisplay vgname          # check free space in VG
# lvextend -L +10G /dev/vgname/lvname
# resize2fs /dev/vgname/lvname    # ext4
# xfs_growfs /mountpoint          # xfs (online)

3. How do you recover from a corrupted /etc/fstab?

Boot in single user mode (emergency.target), mount root as read-write with mount -o remount,rw /, then edit /etc/fstab. Fix the bad entry and reboot normally.

4. A disk shows 100% usage but du shows only 60%. Why?

Deleted files still being held open by running processes consume space. Find them with lsof | grep deleted and restart the relevant service to release the space.

Process and Performance Questions

5. What does load average mean?

Load average (from uptime) shows the number of processes waiting for CPU over 1, 5 and 15 minutes. A load average higher than the number of CPU cores indicates the system is overloaded.

6. How do you find which process is using the most memory?

# ps aux --sort=-%mem | head -5
# top (then press M to sort by memory)

7. What is a zombie process and how do you remove it?

A zombie process has finished execution but its exit status hasn't been read by its parent. It can't be killed with kill -9. Kill the parent process to force cleanup of the zombie.

Networking Questions

8. A server can ping localhost but not 8.8.8.8. What could be wrong?

• No default gateway configured (ip route show)
• Firewall blocking outbound traffic
• NIC not connected or wrong IP
• DNS misconfiguration (check /etc/resolv.conf)

9. How do you check which process is listening on port 80?

# ss -tulnp | grep :80
# lsof -i :80
# netstat -tulnp | grep :80

10. What is the difference between TCP and UDP?

TCP is connection-oriented with guaranteed delivery and ordered packets (used by SSH, HTTP). UDP is connectionless with no guaranteed delivery, faster (used by DNS, NFS, NTP).

Security Questions

11. How do you lock a user account?

# usermod -L username         # lock
# usermod -U username         # unlock
# passwd -l username          # lock
# passwd -u username          # unlock

12. What is the difference between SUID, SGID and sticky bit?

• SUID: File runs as its owner (not the person running it) — used by passwd
• SGID: Files created in directory inherit group ownership
• Sticky bit: Only file owner can delete their files in shared directory (e.g., /tmp)

Troubleshooting Scenarios

13. System is continuously rebooting. How do you troubleshoot?

1. Connect via console port (DRAC/iLO)
2. Check /var/log/messages for kernel panic messages
3. Check crontab for any reboot scripts
4. Check RAM — failing RAM causes kernel panics
5. Check if swap is sufficient

14. A service won't start after a configuration change. What do you check?

# systemctl status servicename -l    # get full error
# journalctl -u servicename -n 50   # journal logs
# servicename -t                     # config syntax test (e.g., httpd -t)
# sealert -a /var/log/audit/audit.log  # SELinux issues

15. Disk full on production server. How do you handle it?

1. Find large files: du -sh /* | sort -rh | head -10
2. Find deleted-but-open files: lsof | grep deleted
3. Clear logs: truncate -s 0 /var/log/large.log
4. Add storage via LVM if available
5. Inform stakeholders of the issue and resolution