Linux Interview Questions and Answers

Some Linux Commands and Tips:

1. What is chattr command

chattr is a command line utility used to change the attributes of a file in Linux systems to secure a file from accidental deletions or modification of important files or folders, even though you are logged in as root.

Syntax: chattr [operator] [flags] <filename>

If set atime record is not updated
If set changes are updated synchronously on the disk
If set can only be open in append mode for writing
i means immutable. no renaming, no symbolic link creation,not executable, not writable. only super user can unset this
If set, all of its information updated to the ext3 journal before being updated to the file itself
if set, no tail-merging
if set, its no more candidate for backup when the dump process is run
undelete. if set, if the file is deleted,its data are saved
+ operator sets the flag
- operator unsets the flag
= operator keeps the current flag

2. SUID/GUID bit vs Sticky bit

SUID- Set User IDentification

For example, thought of how a normal(non-root) user can change his own password when he doesn't have write permission to the shadow file? to check this verify the permission of /usr/bin/passwd command.

# ls -lrt /usr/bin/passwd
-r-sr-sr-x   1 root     sys        31396 Jan 20  2014 /usr/bin/passwd

# chmod u+s file1
View the permissions using the ls -l command:
# ls -l file1
-rwSrw-r-- 1 user1 user1 0 2017-10-29 21:41 file1
Note the capital S. This means there are no execute permissions. Run the following command to add execute permissions to the file1 file, noting the lower case s.
# chmod u+x file1
# ls -l file1
-rwsrw-r-- 1 user1 user1 0 2017-10-29 21:41 file1


Sticky bit is set on folders where its contents should not be deleted even though every one has write permissions. Sticky bit is used where everyone has write permissions to a folder, but no one can delete other’s data except the owner who create the folder or root. Can be set to a file or folder. When set , only owner can delete the file/folder regardless of permissions.

t=sticky bit with execute permission

T=sticky bit without execute permission

Ex: chmod 1757 /opt/dump/
chmod o+t /opt/dump/
chmod +t /opt/dump/

I am seeing “T” ie Capital s in the file permissions, what’s that?
After setting Sticky Bit to a file/folder, if you see ‘T’ in the file permission area that indicates the file/folder does not have executable permissions for all users on that particular file/folder.

3. Enable fsck on each boot. how will you set this

/etc/fstab is the file, where flag is set to do fsck on each boot. 5th field is dump and 6th field is fsck.

cat /etc/fstab

UUID=xyz    /    ext4    defaults    0    0

4. Linux Patching - How to do

Linux patching involves 3 phases. they are 1) precautions 2)Pre-check and 3) Post-checks

Exclude a package during upgrade:

Roll back an update

4. What is zombie process and how will you check if there is any zombie process

Zombie process is a process which doesn't have parent process to it. To get the zombie processes in a system, use ps command. If you do ps -aux |grep defunct or ps -aux | grep Z will lists the zombie processes.

5. What is dmidecode command! How will you find whether given machine is physical or virtual

dmidecode command gives you hardware information in human readable format. DMIdecode stands for Desktop Management Interface table decoder. dmidecode will displays different information related to all hardware around 19 types

dmidecode -t system is the command to check whether a machine is physical or virtual. system is a keyword. The other keywords are: bios, system, baseboard, chasis, processor, memory, cache, connector, slot

6. Explain about Linux boot process

There are 6 stages during Linux boot process.

  1. BIOS : Checks system integrity, searches, loads and executes boot loader program from HDD/Floppy/CD/USB. Then the control is given to boot loader(MBR) for further process
  2. MBR: It is located in the first sector of the bootable disk. MBR is less than 512 bytes. It contains information about GRUB/LILO boot loaders. So MBR loads and executes the GRUB boot loader
  3. GRUB: GRand Unified Bootloader. It lists all the kernel images available and default can be set. Configuration file is: /boot/grub/grub.conf and /etc/grub.conf is link to this file. It contains information about Kernel and initrd images
  4. Kernel: Mounts the root file system as mentioned in grub.conf as root= and execute /sbin/init process which is a parent process to all in Linux. So it has the process ID of 1 in ps output. initrd stands for Initial RAM Disk, which is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers required to access harddisk partitions and other hardware.
  5. Init: the parent process. Which looks at /etc/inittab file to decide the run level(0halt,1singleuser,2multiuser without nfs,3full multiuser,4unused, 5X11 and 6reboot). Default run level is defined as initdefault in /etc/inittab
  6. Runlevel: /etc/rc.d/rcx.d is the directory for each run level x. inside these directories there are programs start with S or K which denotes the programs starting/killing during startup/shutdown in the order(sNsendmail - means start sendmail at N sequence).

7. LVM (Logical Volume Management) How to

LVM Extend process:

LVM Reduce Process: (use PE or +/- G during extend or reduce)

8. Create a local yum repository on server and configure the client

9. NFS

10. Multipath I/O

Multipath is usefull to overcome single point failures. Multipathing ensures that the system uses multiple physical paths to provide redundancy and increased throughput. There are many vendor specific multipathing implementations like EMC's powerpath and Symantec's VxDMP.

Device Mapper Multipathing is a Linux native multipath tool to configure multiple I/O paths between server nodes and storage arrays into a single device. These I/O paths are physical SAN connections that can include separate cables, switches and controllers.

11. Network Bonding

network bonding is a feature of kernel where we can aggregate muliple network adapters into single virtual adapter or interface which can increase availability and throughput. There are seven modes starting from 0 to 6; 0 is round robin and 1 is active-backup..Following are the files involved during network bonding. * /etc/sysconfig/network-scripts/ifcfg-bond0; /etc/modprobe.d/bonding.conf; /etc/sysconfig/network-scripts/ifcfg-eth[0-4]; and /proc/net/bonding/bond0
    How many IP addresses are need for NIC bonding
    Steps: cd /etc/sysconfig/network-scripts
    ifconfig to list the IPs
    Create a bonding interface ifcfg-bond0 in the         above path
    BONDING_OPTS=“mode=1 miimon=100” (miimon is polling interval. here its 100ms)

    Now modify slaves.i.e the interfaces participating in this bond.

vi ifcfg-eth0

vi ifcfg-eth1


Restart network connection or bring up the bonding interface using ifup bond0

view the current status of bonding: cat /proc/net/bonding/bond0

12. Disk Quotas:

In Linux, quotas can be implemented to restrict usage of file system. Following are the steps to enable quotas in Linux machine

13. Performance troubleshooting and tuning:

There is no golden rule for troubleshooting performance issues.There are many cause of bottlenecks and following are the common performance bottlenecks.
To troubleshoot above bottlenecks, we have package called sysstat for debian and redhat. It should be available and service need to be started.
When you start above service, it starts collecting data and then we can use sar -r for memory stats or sar -b for disk stats or sar -A for full report on stats.
For irregular performance issues, we can use #iostat -x 5 for disk usage and free and top commands to monitor and troubleshoot memory usage.
Examples: sar -b 1 3 => sar runs for every one second for three times and gives disk statistics and other commands and tools include:

14. What are inodes in Linux

An inode is a data structure on a filesystem on Linux and other Unix-like operating systems that stores all the information about a file except its name and its actual data. When a file is created, it is assigned both a name and an inode number, which is an integer that is unique within the filesystem. Both the file names and their corresponding inode numbers are stored as entries in the directory that appears to the user to contain the files. The concept of inodes is particularly important to the recovery of damaged filesystems. When parts of the inode are lost, they appear in the lost+found directory within the partition in which they once existed.

The inode entries store metadata about each file, directory or object, but only points to these structures rather than storing the data. Each entry is 128 bytes in size. The metadata contained about each structure can include the following:

Inode number
Access Control List (ACL)
Extended attribute
Direct/indirect disk blocks
Number of blocks
File access, change and modification time
File deletion time
File generation number
File size
File type
Number of links
Status flags

Inode structure of a directory consists of a name to inode mapping of files and directories in that directory.In a directory, you can find the inode number corresponding to the files using the command ls -i

786727 -rw------- 1 root root 4226530 May 29 13:17 sudo.log
786437 -rw-------. 1 root root 32640 Jun 23 20:11 tallylog
786440 -rw-rw-r--. 1 root utmp 276096 Jul 20 06:45 wtmp
786741 -rw------- 1 root root 9653 Jul 17 09:38 yum.log

Similar way, the number of inodes allocated, used and free in a Filesystem can be listed using df -i command

15. What is drop cache in Linux and how do you clear it?

Cache in Linux memory is where the Kernel stores the information it may need later, as memory is incredible faster than disk.

It is great that the Linux Kernel takes care about that.Linux Operating system is very efficient in managing your computer memory, and will automatically free the RAM and drop the cache if some application needs memory.

Kernels 2.6.16 and newer provide a mechanism to have the kernel drop the page cache and/or inode and dentry caches on command, which can help free up a lot of memory. Now we can throw away that script that allocated a ton of memory just to get rid of the cache.

To free pagecache:

# echo 1 > /proc/sys/vm/drop_caches
To free dentries and inodes:

# echo 2 > /proc/sys/vm/drop_caches
To free pagecache, dentries and inodes:

echo 3 > /proc/sys/vm/drop_caches
This is a non-destructive operation in normal scenarios and will only free things that are completely unused. Dirty objects will continue to be in use until written out to disk and are not freeable. However it is always preferred to run "sync" first to flush useful things out to disk.

16. Disk utilization is high and deleted few files, but still usage is high. How to find the files , those still in use

In Linux even if we remove a file from the mounted file system, that will still be in use by some application and for this application, it remains available. Its because file descriptor in /proc filesystem is held open..So if there are such open descriptors to files already removed, space occupied by them considered as used. You find this difference by checking them using the "df" and "du" commands. While df is to show the file system usage, du is to report the file space usage. du works from files while df works at filesystem level, reporting what the kernel says it has available.

You can find all unlinked but held open files with:

# lsof | grep '(deleted)'

This will list the filename which is open with the pid in which it is running. We can kill those Pids and which will stop these process and will recover the disk space responsible for this file.

Learn & Learn