PART 2 : Scenario-Based Linux Interview Questions and Answers (Q29–

Q60)

29. What is the Booting Process of Linux?

The Linux boot process consists of several stages:

- BIOS: Performs hardware checks and looks for the boot loader in the MBR.
- MBR (Master Boot Record): Located in the first sector of the bootable disk (e.g., /dev/sda), it's
512 bytes:
- 446 bytes – Primary boot loader
- 64 bytes – Partition table
- 2 bytes – MBR validation
- GRUB (Grand Unified Bootloader):
- Displays the boot menu.
- Loads the default kernel image from /boot/grub/grub.conf.
- Kernel:
- Mounts the root filesystem.
- Executes /sbin/init and loads initrd (initial RAM disk).
- Init Process:
- Reads /etc/inittab to determine runlevel:
- 0: Halt
- 1: Single-user mode
- 2: Multi-user without NFS
- 3: Full multi-user mode
- 4: Unused
- 5: X11
- 6: Reboot
- Runlevel Scripts: Located under /etc/rc.d/rc*.d.

30. What is the Meaning of PCPU and JCPU in the `w` Command?
The w command is a built-in utility that displays information about users currently logged into
the system. It shows details such as their usernames, login source (e.g., terminal or remote IP),
login time, and the command or process they are currently executing.
- JCPU: Total time of all system processes attached to the terminal.
- PCPU: Time spent on the user's current process.
31. What Happens When You Type a URL in the Browser and Press Enter?

• You enter www.google.com into the browser's address bar.

• The browser checks its local DNS cache to see if it already knows the IP address
associated with the domain.
• If the IP address is not cached, the browser queries the configured DNS server (usually
your ISP's) to resolve the domain to an IP address.
• Once the IP address is obtained, the browser initiates a TCP connection with the target
server (typically on port 80 for HTTP or 443 for HTTPS).
• The browser sends an HTTP request (or HTTPS if secure) to the server.
• The server processes the request and generates an appropriate HTTP response.
• The server sends back the HTTP response to the browser. This response includes a
status code:
o 1xx – Informational response
o 2xx – Success (e.g., 200 OK)
o 3xx – Redirection (e.g., 301 Moved Permanently)
o 4xx – Client error (e.g., 404 Not Found)
o 5xx – Server error (e.g., 500 Internal Server Error)
• The browser receives the response and renders the HTML content (along with CSS,
JavaScript, images, etc.) to display the web page.

32. Difference Between RPM and YUM

RPM vs YUM in Linux Package Management

To manage software in Linux (especially in Red Hat-based distributions), two major tools are
commonly used:

1. RPM (Red Hat Package Manager)

2. YUM (Yellowdog Updater, Modified)

RPM (Red Hat Package Manager)

RPM is a low-level tool used for installing, uninstalling, verifying, querying, and updating
individual software packages.
Common RPM Commands:

• rpm -qa vsftpd – Query all installed packages and filter for vsftpd.

• rpm -qa – List all installed packages.

• rpm -qa --test – Test query to check package availability.

• rpm -V <package> – Verify integrity and consistency of an installed package.

• rpm -ivh <package.rpm> – Install a package with detailed output.

o i – install

o v – verbose

o h – show progress with hash marks

YUM (Yellowdog Updater, Modified)

YUM is a higher-level utility that handles dependencies automatically, simplifying package

management tasks such as installation and updates.

Common YUM Commands:

• yum install <package> – Installs the specified package.

• yum list installed – Lists all installed packages.

• yum info <package> – Displays package details.

• yum remove <package> – Uninstalls the package.

• yum update – Updates all packages on the system.

33. What is ACL and How to Set It?

ACL (Access Control List) provides fine-grained discretionary access control for files and
directories, allowing you to assign permissions beyond the traditional owner/group/others
model.

Key Points:

• ACLs must be enabled on the filesystem at mount time (e.g., for ext4, use the acl option
during mounting).

• ACLs are especially useful in environments where multiple users need different levels of
access to the same files or directories.
 • Steps to Use ACLs:

1. Ensure the filesystem is ACL-enabled (for example, during mount):

2. mount -o acl /dev/sdX /mountpoint

3. Use getfacl to view ACLs:

4. getfacl <filename or directory>

o -d : Display default ACLs (applicable for directories).

o -R : Recursively list ACLs in subdirectories.

5. Use setfacl to modify ACLs:

6. setfacl -m u:<user>:rwx <filename>

o -m : Modify or add ACL rule.

o -x : Remove ACL rule.

o -R : Apply changes recursively.

34. What is an Inode?

An inode (index node) is a fundamental data structure used by Linux and other Unix-like
operating systems to represent metadata about a file.

Each inode stores information such as:

• File type and permissions

• Owner and group

• File size

• Timestamps (access, modify, change)

• Number of links

• Pointers to data blocks (where the actual file contents are stored)

• Every file or directory on a filesystem has a unique inode number.

• Inodes are unique within a single filesystem, but inode numbers can repeat across
different filesystems.

• Each mounted filesystem maintains its own inode table.

 • The combination of the filesystem ID and the inode number creates a globally unique
identifier for a file on a system.

• Inodes do not store the filename—file names are stored in directory entries that map
names to inode numbers.

df -i /dev/sda1

35. Can We Schedule Every 2 Seconds in Crontab?

No, crontab has a minimum resolution of 1 minute.

36. In production environment, any server is rebooted automatically. How will

you troubleshoot that server is rebooted by someone or its rebooted
automatically, if automatically then how and where will you check the logs?

Check logs:
- last reboot | less
- /var/log/messages, syslog, dmesg

37. Command to Change User Password Expiration

chage -E YYYY-MM-DD <username>

38. Extract a Single File from a TAR Archive

1. List Contents and Filter:

tar -tvf xyz.tar | grep filename

• -t – list contents of the archive

• -v – verbose output

• -f – specify the archive file

• grep filename – filter for the desired file(s)

2. Extract the Specific File:

Once you know the exact file path from the archive:

tar -xvf xyz.tar path/to/filename

This command will extract only the specified file from the archive.

39. Check Free Memory

free -m
free -g

40. View System Architecture

uname -a

41. Search Text Within Multiple Files

find ./ -type f -name "*.log" -exec grep 'error' {} \;

42. Delete Logs Older Than 30 Days

How to Delete Log Files Older Than 30 Days Using find

To identify and remove .log files that are older than 30 days:

# List logs older than 30 days

find /tmp/logs -name "*.log" -mtime +30 -exec ls -lthr {} \;

# Delete logs older than 30 days

find /tmp/logs -name "*.log" -mtime +30 -exec rm -f {} \;

• -name "*.log" – targets files with .log extension

• -mtime +30 – selects files modified more than 30 days ago

• -exec – executes the specified command on matching files

Understanding File Timestamps in Linux

Linux filesystems track multiple timestamps for each file:

atime – Access Time

• The last time a file's content was read.

• Updated when a file is accessed by a user or system process.

 mtime – Modification Time

• The last time the content of the file was changed.

Not updated when file permissions or ownership are changed.

• Represents the "data age" of the file.

ctime – Change Time

• The last time the file's metadata (e.g., ownership, permissions, or content) was
changed.

• Updated when the inode information is modified.

• Does not mean creation time.

You can see these timestamps using:

stat <filename>

43. Delete Files Whose Ownership Changed 45 Minutes Ago

find /opt/hadoop/hadoop-0.19.2/logs -type f -name '*.xml' cmin +45 -exec ls -ltrh {} \:

find /opt/hadoop/hadoop-0.19.2/logs -type f -name '*.xml' cmin +45 -exec rm -f {} \:

44. User is running ls -l command in the server, but he is not getting any output.
What could be the issue?

Possible filesystem corruption. Use fsck after unmounting:

umount /dev/sda1
fsck -p /dev/sda1 (Note: fsck - file system check)

45. What is a Run Queue in Linux and How Do You Monitor It?

The run queue in Linux refers to the number of processes that are either actively running on the
CPU or waiting in line (queued) to be executed. It’s a key performance metric that helps
determine whether the system is overloaded or experiencing CPU contention.

To monitor the run queue and other CPU statistics, the sar command is commonly used.

Tool Used: sar (System Activity Reporter)

• sar is part of the sysstat package, which must be installed if not already present.

Installation Commands (based on distribution):

# For Debian/Ubuntu:
sudo apt install sysstat

# For Red Hat/CentOS:

sudo yum install sysstat

# For openSUSE:

sudo zypper in sysstat

Command to Monitor the Run Queue:

sar -q 1

• -q – displays run queue and load average.

• 1 – refreshes the output every second.

This command provides a real-time view of system load and helps diagnose CPU bottlenecks by
showing how many processes are competing for CPU time.

46. What is the file used to change the default Run kevel? What happens when
you change the default run level to 6?
File: /etc/inittab
Runlevel 6 triggers continuous reboot loop.

47. Difference Between `yum update` and `upgrade`

apt-get update all

yum update all

--> When running this command, yum will begin by checking its own repositories for an updated
version of the software your system currently installed.

--> yum update and upgrade will perform the same function that update to the latest current
version of package.

--> But the difference is upgrade will delete obsolete packages, while update will preserve them.

48. Downgrade a Package

Red hat enterprise Linux 6 and 7:

yum history list all

yum history info <transaction id>

yum history undo 8

Red Hat Enterprice Linux 8 and 9:

dnf history list

dnf history info <transaction_ID>

49. What is filesystem in Linux or windows OS? What are the types of
filesystem in Linux or windows?
A filesystem is a method and data structure that an operating system uses to control how data is
stored and retrieved on a storage device such as a hard drive, SSD, or USB stick.

Without a filesystem, information placed on a storage medium would be one large block of data
with no way to tell where one piece of information stops and the next begins.

- Linux: EXT2, EXT3, EXT4, XFS, JFS

- Windows: FAT32, exFAT, NTFS

50. How to Remove Duplicate Packages

package-cleanup --dupes

51. Difference Between TCP and UDP

TCP (Transmission Control
Feature UDP (User Datagram Protocol)
Protocol)

Connection Type Connection-oriented Connectionless

Reliable – ensures delivery with Unreliable – no guarantee of

Reliability
acknowledgment delivery

Speed Slower due to overhead Faster with minimal overhead

Used for critical applications Used for real-time apps (DNS,

Use Cases
(HTTPs, FTP, SMTP) DHCP, VoIP, SNMP)

Advanced error checking with Basic error checking with

Error Checking
correction checksum only

Flow Control Supported Not supported

Guaranteed with retransmission

Data Integrity No retransmission or tracking
on loss

Packet Header Size 20 bytes 8 bytes

 TCP (Transmission Control
Feature UDP (User Datagram Protocol)
Protocol)

Acknowledgement
Yes – via ACK packets No acknowledgment
Mechanism

Uses three-way handshake to No handshake – fire-and-forget

Handshake Process
establish connection model

Sequence numbers track packet

Packet Tracking No sequencing or tracking
order

52. How to list directory inside a directory by using find command?

ls -d */
find . -maxdepth 1 -type d

53. Difference Between `.tar` and `.gz`

1. .tar – Archive File

• The tar (Tape Archive) command is used to bundle multiple files and directories into a
single archive file.

• However, .tar files are not compressed—they are simply containers.

Example:

tar -cvf archive.tar

• -c – Create an archive

• -v – Verbose output (list files)

• -f – Specifies the archive file name

• . – Archive the contents of the current directory

2. .gz – Compressed File

• The gzip utility compresses a single file (not multiple).

• Commonly used to compress .tar files into .tar.gz.

Example:

gzip archive.tar

• This compresses archive.tar and creates archive.tar.gz.

Operation Tool Output File

Archive files tar archive.tar

Compress archive gzip archive.tar.gz

So, to create a compressed archive:

1. Use tar to combine files → archive.tar

2. Use gzip to compress → archive.tar.gz

54. Normal user is trying to do telnet to other server, but it's getting timeout
error prompt. what could be the reason?
telnet -4 ww.redhar.com 21

trying 23.1.49.220

telnet:connect to address 23.1.49.220: connection timeout

Depending on how the remote network is configured.

When we see errors like this, it means that only of the following things are wrong:

--> The server daemon isn't running.

--> The server itself isn't up.

--> The firewall rule is blocking the connection.

--> There is no network route to the destination.

55. What is RAID 3?

Byte-level striping with dedicated parity. Suitable for sequential reads/writes.

56. EXT2 vs EXT3 vs EXT4 vs XFS

Linux supports several types of filesystems, each with different capabilities and performance
characteristics. Below is a comparison of four commonly used filesystems:

1. EXT2 vs EXT3
Feature EXT2 EXT3

Full Name Second Extended Filesystem Third Extended Filesystem

Journaling Support No Yes

File Size Support 16 GB to 2 TB 16 GB to 2 TB

Performance Slightly faster (no journaling overhead) More reliable (due to journaling)

Recovery from Crash Slower recovery Faster recovery

2. EXT4 vs XFS

Feature EXT4 XFS

Extended File System (64-bit journaling

Full Name Fourth Extended Filesystem
FS)

Journaling Support Yes Yes

Max Individual File

16 GB to 16 TB Supports files up to 8 exabytes (64-bit)
Size

1 EB (theoretical), 100 TB
Max Filesystem Size Up to 8 exabytes
practical

High-performance for large-scale

Performance General-purpose, reliable
systems

Ideal Use Case Desktops, general servers Enterprise storage, high I/O workloads

Summary:

• EXT2: Basic, no journaling – good for flash drives.

• EXT3: Adds journaling for improved reliability.

• EXT4: Most commonly used, supports larger files and better performance.
 • XFS: Optimized for scalability and large data sets, ideal for enterprise environments.

57. can we build a server without creating a swap partition. If yes, then what
could be the consequences?

Yes, it is technically possible to build and run a Linux server without creating a swap partition or
swap file. However, doing so comes with important considerations and potential consequences.

What Is Swap?

Swap space is a portion of disk storage used as virtual memory when the physical RAM is fully
utilized. It helps the system handle memory pressure more gracefully by offloading inactive
pages.

Consequences of Not Having Swap:

Risk Description

Out of Memory (OOM) If RAM is exhausted and no swap is available, the kernel's OOM killer
Errors may terminate processes (including critical services) to free memory.

Without swap, memory-intensive applications can cause instability or

Reduced Stability
unexpected shutdowns.

No Hibernation Swap is required for hibernation, as the system stores the contents of
Support RAM into swap during suspend.

Reduced Performance Swap helps the system remain responsive under heavy memory load by
Under Load moving less-used pages out of RAM.

When Is It Acceptable to Skip Swap?

• Systems with very large amounts of RAM (e.g., 64 GB or more) and controlled
workloads.

• Specialized appliances or containers where swap use is explicitly avoided.

58. df command says your /opt is full but you have deleted 10GB of log files
recently? what could be the reason and how will you troubleshoot?

This issue typically occurs when deleted files are still being held open by a running process.
Although the files have been removed from the directory listing, their data blocks remain
allocated on the disk until the process that opened them releases the file handles.

Root Cause:

When a file is deleted, but a process still has it open:

• The file remains in use (invisible to the user).

• Disk space is not freed until the process is terminated or the file descriptor is released.

• This results in the df command showing the partition (e.g., /opt) as still full.

Troubleshooting Steps:

1. List Open Files in /opt:

2. lsof | grep '/opt'

3. Identify Deleted Files Still in Use:

Look for lines showing (deleted):

4. lsof | grep '/opt' | grep '(deleted)'

5. Find the PID of the Holding Process:

o Note the PID associated with the open deleted file.

6. Terminate the Process to Release Space:

Gracefully stop or force kill the process:

7. kill -9 <PID>

8. Recheck Disk Usage:

Confirm that space has been freed:

9. df -h /opt

Preventive Recommendation:
Use tools like logrotate to manage log files automatically. This avoids the need for manual
deletion and prevents issues where processes continue to hold deleted files.

59. Why Use IP Instead of MAC?

MAC is Media Access Control which provides physical connectivity only and IP address provides
Host or Network interface identification and location addressing.

60. Difference Between Incremental and Differential Backup

Both incremental and differential backups are used to optimize storage and reduce backup time
by avoiding full backups every time. However, they differ in what data they capture and how
recovery is handled.

1. Incremental Backup

• Definition: Backs up only the data that has changed since the last backup (either full or
incremental).

• Advantages:

o Faster and smaller backups.

o Saves storage space.

• Disadvantages:

o Slower recovery time (requires full backup + all incremental backups).

• Example:

o Mon: Full backup

o Tue: Backup changes since Mon

o Wed: Backup changes since Tue

2. Differential Backup

• Definition: Backs up all data that has changed since the last full backup.

• Advantages:

o Faster recovery (requires only the full backup + latest differential).

• Disadvantages:

o Larger and slower backup over time.

 • Example:

o Mon: Full backup

o Tue: Backup changes since Mon

o Wed: Backup changes since Mon (again, cumulative)

Feature Incremental Backup Differential Backup

Backup Size Smaller Grows over time

Backup Speed Faster Slower over time

Restore Time Slower (needs full + all incrementals) Faster (needs full + latest differential)

Storage Efficiency High Medium

Complexity Higher Lower