SurgeTechKnow • Technology Journal
Mobile & Android

Top 50 Linux Interview Questions and Answers: Complete Beginner-to-Administrator Guide

28 min read • Published Jul 17, 2026
Updated Jul 17, 2026 • SurgeTechKnow Editorial Desk
Top 50 Linux Interview Questions and Answers: Complete Beginner-to-Administrator Guide

The interview may begin with a simple command such as lsThen suddenly move to permissions, systemd, full filesystems, failed SSH access, or a production server with a high load average.

That change in difficulty is deliberate. Linux interviewers rarely test whether you memorised fifty commands. They want to know whether you understand how the operating system fits together and whether you can investigate a real problem without damaging the server.

From working with networking, web applications, servers, Python projects, and troubleshooting environments, I have learned that Linux confidence comes from understanding patterns. Files have owners and permissions. Processes have identities and resources. Services produce logs. Networks can be tested one layer at a time. Storage problems leave evidence.

This guide is written for beginners, ICT graduates, support technicians, junior system administrators, DevOps learners, cloud candidates, cybersecurity students, and anyone preparing for a practical Linux interview.

Quick Navigation

Select a section to jump directly to it.

What Linux Interviewers Are Really Testing

  • Linux architecture and filesystem layout
  • Safe command use rather than syntax alone
  • Permissions, identity,y and privilege awareness
  • Process, service,ce and log troubleshooting
  • Networking and storage fundamentals
  • Ability to explain evidence, risk,isk and escalation

Linux Fundamentals

1. What is Linux?

Linux is an open-source Unix-like operating system kernel. In everyday use, people often use “Linux” to mean a complete operating system built around that kernel, such as Ubuntu, Debian, Fedora, Rocky Linux, openSUSE, or Arch Linux. A strong interview answer distinguishes the kernel from the distribution and mentions Linux's use on servers, cloud platforms, networking devices, embedded systems, supercomputers, and developer workstations.

2. What is a Linux distribution?

A Linux distribution combines the Linux kernel with utilities, package management, libraries, an installer, and often a desktop environment. Distributions differ in package format, release model, administration tools, support lifecycle, and target audience. Debian and Ubuntu commonly use APT and DEB packages, while Fedora, Rocky Linux, and Red Hat Enterprise Linux use DNF or YUM with RPM packages.

3. What is the difference between Linux and Unix?

Unix refers to a family of operating systems whose history goes back to Bell Labs and, in some cases, systems certified against the Single UNIX Specification. Linux was created independently as a Unix-like kernel. Both share concepts such as permissions, processes, shells, pipes, hierarchical filesystems, and devices represented through files.

4. What is the Linux kernel?

The kernel is the privileged core of the operating system. It manages CPU scheduling, memory, device drivers, filesystems, networking, security boundaries, and communication between hardware and user-space programs. Applications normally request kernel services through system calls.

5. What is a shell?

A shell is a command interpreter and scripting environment. It reads commands, expands variables and wildcards, starts programs, connects commands with pipes, and supports automation. Bash is common, but Linux systems may also use sh, dash, zsh, fish, or other shells.

6. What is the difference between a terminal and a shell?

A terminal is the interface through which a user interacts with a command-line session. The shell is the program interpreting commands in the terminal. A graphical terminal emulator displays the session, while Bash or another shell processes commands.

7. What is the Linux filesystem hierarchy?

Linux uses one directory tree beginning at /. Important paths include /etc for configuration, /home for users, /root for the root user, /var for changing data such as logs, /usr for programs and shared data, /tmp for temporary files, /dev for device nodes, /proc for process and kernel information, /sys for device and kernel interfaces, and /boot for boot files.

8. What is /proc?

/proc is a virtual filesystem exposing process and kernel information. Files such as /proc/cpuinfo, /proc/meminfo, and /proc/<PID>/status provide system and process details. The data is generated by the kernel rather than stored like ordinary disk files.

9. What are absolute and relative paths?

An absolute path starts from the root directory, such as /var/log/syslog. A relative path is interpreted from the current working directory, such as logs/app.log. A single dot means the current directory, while two dots mean the parent directory.

10. How do you find help for a Linux command?

Use the man command for manual pages, the --help command for a concise summary, the info command for GNU documentation, and the apropos keyword to search manual descriptions. Type, which can show how a command name resolves.

Commands, Files, and Text Processing

11. What do pwd, ls, cd, cp, mv, and rm do?

pwd prints the current directory. ls lists files. cd changes directory. cp copies files or directories. mv moves or renames them. rm removes files, while rm -r removes directory trees. Mention safety: confirm paths and avoid careless recursive deletion with elevated privileges.

12. How do grep, sed, and awk differ?

grep searches text for matching patterns. sed is a stream editor used for substitutions and line-based transformations. awk is a field-oriented text-processing language suited to extracting columns, calculations, conditions, and reports.

13. What is a pipe in Linux?

A pipe, written as |, sends the standard output of one process to the standard input of another. For example, ps aux | grep nginx filters a process listing. Standard error is not included unless redirected.

14. Explain standard input, output, and error.

Processes commonly begin with file descriptors 0, 1, and 2: standard input, standard output, and standard error. The shell redirects them with operators such as >, >>, <, 2>, and 2>&1.

15. What is the difference between > and >>?

The > operator writes output to a file and normally truncates existing content. The >> operator appends output. Both create the file if possible. Administrators should be careful because incorrect use of > can erase important data.

16. How do find and locate differ?

Find walks directory trees and evaluates files using conditions such as name, type, owner, size, or modification time. Locate searches a prebuilt database and is faster, but results may be stale until the database is updated.

17. What are hard links and symbolic links?

A hard link is another directory entry referencing the same inode and file data. It normally cannot cross filesystems. A symbolic link is a separate file containing a path to another object; it can cross filesystems and can become broken if the target moves.

18. What is an inode?

An inode stores filesystem metadata such as file type, permissions, ownership, timestamps, size, and pointers to data blocks. The filename is stored in a directory entry that maps the name to the inode.

19. How do tar and gzip differ?

tar creates or extracts an archive containing multiple files and metadata. gzip compresses a data stream or file. They are often combined, as in tar -czf backup.tar.gz directory.

Users, Groups, and Permissions

20. What does chmod do?

chmod changes file mode bits. Symbolic notation uses u, g, and o with r, w, and x. Numeric notation uses values such as 755 or 640. For directories, execute controls traversal, read controls listing names, and write controls creating or removing entries subject to other rules.

21. Explain permissions such as 755 and 644.

755 means the owner has read, write, and execute permissions, while group and others have read and execute. 644 means the owner can read and write, while group and others can read. Context matters; do not apply modes blindly.

22. What do chown and chgrp do?

chown changes file ownership and can also change the group, for example, chown user: group file. chgrp changes only the group. Ownership changes should be deliberate because services may depend on specific users and groups.

23. What is umask?

umask removes permission bits from the default mode requested when new files and directories are created. A common umask of 022 commonly leads to files created as 644 and directories as 755 when applications request the usual base modes.

24. What are SUID, SGID, and the sticky bit?

SUID on an executable can make it run with the file owner’s effective identity. SGID can make an executable use the file group, and on directories,ies it commonly causes new files to inherit the directory’s group. The sticky bit on a shared directory such as /tmp restricts deletion of other users’ files.

25. What is the root user?

Root is the traditional superuser with user ID 0. It can bypass many normal permission checks, so routine work should use an unprivileged account and elevate only when necessary.

You May Also Like to Read About

26. What is sudo?

sudo allows authorised users to run commands as another user, commonly root, according to policy. Configuration should be edited with visudo. Grant the minimum commands necessary instead of unrestricted privilege.

27. How do you create and manage users?

Commands vary by distribution but commonly include useradd or adduser, passwd, usermod, and userdel. Groups are managed with groupadd, groupmod, and groupdel. Account configuration appears in /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow.

Processes, Services, and Performance

28. What is a process?

A process is a running instance of a program with its own process ID, memory mappings, open file descriptors, credentials, and execution state. Threads share resources within a process while providing separate execution paths.

29. What is the difference between a process and a service?

A process is any running program instance. A service is a long-running function managed for the system, such as SSH, a web server, or a database. On systemd systems, services are represented by unit files and controlled with systemctl.

30. What are PID and PPID?

PID is the process identifier. PPID is the parent process identifier. ps, pstree, top, and /proc help inspect process relationships. PID 1 is the init system, commonly systemd.

31. How do ps, top, and htop difPSr?

PS provides a snapshot of selected processes. Top offers an updated view of CPU, memory, load, and processes. htop is an interactive alternative but may not be installed. For automation, ps and /proc are often more predictable.

32. How do kill, pkill, and killall work?

kill sends a signal to a process ID. pkill selects processes by name or other attributes. killall targets processes by name, but behaviour differs across operating systems. Try SIGTERM before SIGKILL so the process can clean up.

33. What are foreground and background jobs?

A foreground job occupies the terminal. Appending & starts a command in the background. jobs lists shell jobs, fg brings one forward, bg resumes a stopped job, and Ctrl+Z usually suspends the foreground job.

34. What is systemd?

systemd is a system and service manager used by many Linux distributions. As PID 1, it starts and supervises user-space services and manages units representing services, sockets, timers, mounts, devices, and other resources.

35. How do you manage a service with systemctl?

Use systemctl status service to inspect it, start and stop to control the current state, restart or reload when appropriate, and enable or disable to control startup at boot. systemctl enable --now service both enables and starts it.

36. How do you inspect logs with journalctl?

journalctl queries logs collected by systemd-journald. Useful examples include journalctl -u sshd for a unit, journalctl -b for the current boot, journalctl -p err for errors, and journalctl --since today for a time range.

37. What is load average?

Load average estimates the average number of tasks running or waiting for CPU and, on Linux, tasks in uninterruptible sleep. The values represent about 1, 5, and 15 minutes. Interpretation depends on CPU count and whether pressure comes from computation or I/O.

38. How do you check memory use?

Use free -h for a summary, top or ps for processes, vmstat for activity, and /proc/meminfo for details. Linux uses free memory for caches, so the available value is often more useful than the raw free value.

39. What is sa wap?

Swap is disk-backed space used for memory pages when the kernel decides to move them out of RAM. It can prevent abrupt failure under pressure but is far slower than physical memory. Heavy swap activity may indicate insufficient RAM or a memory leak.

Storage and Networking

40. What is a mount point?

A mount point is a directory where a filesystem is attached to the Linux directory tree. mount shows or attaches filesystems, umount detaches them, lsblk lists block devices, and findmnt displays mount relationships.

41. What is /etc/fstab?

/etc/fstab describes filesystems that may be mounted automatically. Entries include the device or UUID, mount point, filesystem type, options, dump field, and filesystem-check order. Test changes with mount -a before rebooting.

42. How do df and du differ?

df reports filesystem-level space usage. du calculates space used by visible files and directories. They can disagree when a process holds a deleted file open, mount points hide data, or permissions prevent du from reading paths.

43. What is LVM?

Logical Volume Manager adds an abstraction layer above disks or partitions. Physical volumes form volume groups, and logical volumes are allocated from those groups. LVM can simplify resizing, snapshots, and storage management.

44. How do you check open ports?

Use ss -lntup where permissions allow to list listening TCP and UDP sockets and associated processes. A listening port is not automatically reachable from outside; firewalls, addresses, routes, containers, and provider rules also matter.

45. How do you troubleshoot network connectivity?

Check link state and addressing with iIPlink and IP address. Confirm routes with ip route, test the gateway, test a known IP, then test DNS with getent hosts, dig, or resolvectl. Use ping, traceroute, tracepath, ss, and curl according to the question being tested.

46. What is SSH?

Secure Shell provides encrypted remote login, command execution, tunnelling, and file transfer. Good practice includes key-based authentication, protected private keys, limited users, current software, logging, and disabling direct root login where appropriate.

Shell Scripting and Troubleshooting Scenarios

47. What is a package manager?

A package manager installs, removes, verifies, and updates software while resolving dependencies. Debian-family systems commonly use APT and dpkg; Red Hat-family systems use DNF or YUM and RPM. Repositories should be trusted and signed.

48. What is a Bash script?

A Bash script is a text file containing shell commands and control structures. It commonly starts with a shebang such as #!/usr/bin/env bash. Good scripts quote variables, check exit statuses, validate input, handle errors, and avoid unnecessary privilege.

49. What does $? represent?

$? contains the exit status of the most recently completed foreground pipeline or command. Zero conventionally indicates success, while nonzero values indicate failure or another condition.

50. How would you troubleshoot a slow server?

Start with impact and timing. Check load average, CPU, memory, swap, disk space, inode use, I/O wait, process consumption, network errors, logs, recent changes, and service health. Compare with a baseline and avoid killing processes before collecting evidence.

How to Answer Linux Scenario Questions

  1. Clarify impact: Ask which users, services, hosts, and business functions are affected.
  2. Collect evidence: Check status, logs, resource use, recent changes, and timestamps.
  3. Form a hypothesis: Explain what each command is intended to prove.
  4. Make one safe change: Prefer reversible actions and preserve evidence.
  5. Verify: Test the service from the user’s perspective.
  6. Document: Record cause, commands, configuration changes, results, and prevention.

Commands That Require Extra Care

Be cautious with recursive deletion, permission changes, filesystem repair, firewall rules, package removal, process termination, disk formatting, and service restarts on production systems. Confirm the target, understand the impact, preserve evidence, and follow change procedures.

Final Takeaway

A strong Linux candidate does not need to remember every option. They need to know where to find reliable documentation, how to collect evidence, how permissions and processes work, and how to make changes without creating a second incident.

Practise the commands, but also practise explaining why you chose them. That explanation often separates memorised answers from real Linux competence.

About the author

Caleb Muga is the founder of SurgeTechKnow, an ICT professional and software developer with BBIT, CCNA training, cybersecurity awareness and OPSWAT file-security training. Articles are written to simplify practical technology, cybersecurity, networking and ICT support topics for real users.

Read the full SurgeTechKnow profile →