Linux Interview Questions and Answers

Some Linux Commands and Tips:

• yes command to repeatedly print a character or string until you break. ex: yes test
• Replace a string starting between group of characters like tcp:// and .com with another URI.
  sed -i 's/tcp:\/\/.*com/tcp:\/\/b2ce28191781d11e795250a0afdfb204-1579818744.us-east-1.elb.amazonaws.com/g' test.txt
• scp vs rsync: scp cannot resume the copy process ones it fails, but rsync can resume the process
• check default run-level: cat /etc/inittab or use who -r command
• File permissions for a pirticular user: setfacl -m u:username:permissions filename
• Command to check running services: netstat -anultp or port number
• To find gateway IP address, use netstat -nr or route -N commands
• To find the package name if command is not found, to query the package name in linux,use "yum provides */commandname
• What is nfs hard mount and soft mount
• lsof is the command used to list open files
• rpm2cpio is the command to extract RPM
• Remount a read only partition as RW: remount -o rw,remount /
• Password expire information can be found using: chage -l uname
• Recover a user if the user is deleted by mistake: use pwunconv ;creates users as per /etc/passwd and deletes /etc/shadow
• Password never expire can be set to a user using: passwd -x -1 uname
• fuser -cu is the command to list all users and fuser -ck uname command to kill all login sessions
• Disable remote root login using /etc/sshd/sshd_config file by setting RootLogin no
• getenforce and setenforce are selinux commands to get/set selinux status
• semanage -user -l is the command to list selinux users
• Query a thirdparty owned package using rpm -qi pkgname
• Query which package owns the file: rpm -qf /etc/host
• Query the depending packages for a rpm: rpm -qPR
• To reboot a linux host, we can use commands: reboot or shutdown -r or init 6
• Identify the existing disks: fdisk -l 2>/dev/null | egrep ‘^disk’ | egrep -v ‘dm-|type|identifier’ Identify No.of HBA Adapters: systool -c fc_host -v [OR] ls /sys/class/fc_host Scan the LUNS: echo “1” > /sys/class/fc_host/host0/issue_lip echo “- – -” > /sys/class/scsi_host/host0/scan
• Find files which have been accessed within last 30 days: find / -type f -atime -30 > December.files
• Audit logs-AUDITCTL,AUSEARCH,aureport;yum install audit;ntsysv is the command to autostart audit during booting.
  Auditctl -w /etc/passwd -p war -k password-file
• ausearch -f <filename> is the command to get the details of file who accessed or modified it.
• fuser -mvk /home is the command to find the file which is locking the filesystem to unmount it.
• LUKS(Linux Unified Key Setup) is the encryption in RHEL.—get expert on this
• Linux events can be tracked by running syslogd daemon. it generates log file /var/log/syslog
• restrict or allow IPs using hosts.deny and hosts.allow files
• ctrl+alt+backspace will forcibly kills the GUI on linux if the commad service gdm stop didnt work
• find and delete all tar files in a directory=> find /home name “*.tar” | xargs rm rf
• slocate will search for files that user has access and locate will search for all files
• find a string in current directory using find command recursively=> find -name ‘*.txt” | xargs grep “string”
• wall command is used to broadcast a message to all users who logged in
• hardlink cannot be created for directories and is only for files. Soft link can be created for files and directories. When original file is deleted when it has hard link, the file is intact. but when softlink is created and original file is deleted, it will be deleted and cannot be retrieved. Hard link are created using ln . Hard Links will have same inode number(ls -i . LS command will show no.of links Even we delete one hardlink, the other links will point to same indoe and file will be intact. Hard links will span across the file system. i.e we need to create hard link on the same file system
• we can install mutt to send attachments from the commandline using smtp.
• Process states from the output of top command are: RUNNING(R), STOPPED(T), SLEEPing/WAITing-Interruptable(S), UNINTERRUPTABLE(D), and Zombie (Z).
• Linux cache can be dropped using "echo 1 > /proc/sys/vm/drop_caches
• finger server acts as both web and ftp server
• Sar collects, reports, or saves system activity information, sar serves to log and evaluate a variety of information regarding system activity. With performance problems, sar also permits retroactive analysis of the load values for various sub-systems (CPUs, memory, disks, interrupts, network interfaces and so forth) and limitation of problems in this manner. If CPU utilization is near 100 % (user + nice + system), the workload sampled is CPU-bound.By default, log files of Sar command is located at /var/log/sa/sadd file, where dd parameter indicates the current day.
• cat /proc/net/bonding/bond0 is the file used to identiy by network bonding, which mode is used and interfaces involved in bonding.
• /etc/shadow file is readable by only root user
• cron min. granularity is minute while anacron is day and cron can be sheduled by any user, while anacron is only scheduled by super user
• pwconv command create /etc/shadow file and place ‘x’ in the password field of /etc/passwd file
• /bin/false shell is configured for pop3 account user
• chkconfig --list is the command to list the services enabled at each run level
• Use zcat to check the files inside a compressed file without uncompressing it. #zcat -f <xyz.tar.gz>
• Start syslogd daemon to get the logs in /var/log/syslog file
• 
  

1. What is chattr command

chattr is a command line utility used to change the attributes of a file in Linux systems to secure a file from accidental deletions or modification of important files or folders, even though you are logged in as root.

Syntax: chattr [operator] [flags] <filename>

2. SUID/GUID bit vs Sticky bit

SUID- Set User IDentification

For example, thought of how a normal(non-root) user can change his own password when he doesn't have write permission to the shadow file? to check this verify the permission of /usr/bin/passwd command.

# ls -lrt /usr/bin/passwd
-r-sr-sr-x   1 root     sys        31396 Jan 20  2014 /usr/bin/passwd

# chmod u+s file1
View the permissions using the ls -l command:
# ls -l file1
-rwSrw-r-- 1 user1 user1 0 2017-10-29 21:41 file1
Note the capital S. This means there are no execute permissions. Run the following command to add execute permissions to the file1 file, noting the lower case s.
# chmod u+x file1
# ls -l file1
-rwsrw-r-- 1 user1 user1 0 2017-10-29 21:41 file1

STICKY BIT:

Sticky bit is set on folders where its contents should not be deleted even though every one has write permissions. Sticky bit is used where everyone has write permissions to a folder, but no one can delete other’s data except the owner who create the folder or root. Can be set to a file or folder. When set , only owner can delete the file/folder regardless of permissions.

t=sticky bit with execute permission

T=sticky bit without execute permission

Ex: chmod 1757 /opt/dump/
chmod o+t /opt/dump/
or
chmod +t /opt/dump/

I am seeing “T” ie Capital s in the file permissions, what’s that?
After setting Sticky Bit to a file/folder, if you see ‘T’ in the file permission area that indicates the file/folder does not have executable permissions for all users on that particular file/folder.

3. Enable fsck on each boot. how will you set this

/etc/fstab is the file, where flag is set to do fsck on each boot. 5th field is dump and 6th field is fsck.

cat /etc/fstab

UUID=xyz    /    ext4    defaults    0    0

4. Linux Patching - How to do

Linux patching involves 3 phases. they are 1) precautions 2)Pre-check and 3) Post-checks

Exclude a package during upgrade:

• rpm -X <pkg name> update
• yum -x mysql -x httpd update
• yum -x mysql,httpd update
• yum -x kernel* update
• or update the file/etc/yum.conf to exclude the packages php* , kernel* and httpd, add line like: exclude=php* kernel* httpd

Roll back an update

• yum history will give you all the changes/updates made
• yum history undo will undo the changes
• yum downgrade <package name>
• yum history list all
• yum history info
• rpm -Uvh --oldpackage <package name>

4. What is zombie process and how will you check if there is any zombie process

Zombie process is a process which doesn't have parent process to it. To get the zombie processes in a system, use ps command. If you do ps -aux |grep defunct or ps -aux | grep Z will lists the zombie processes.

5. What is dmidecode command! How will you find whether given machine is physical or virtual

dmidecode command gives you hardware information in human readable format. DMIdecode stands for Desktop Management Interface table decoder. dmidecode will displays different information related to all hardware around 19 types

dmidecode -t system is the command to check whether a machine is physical or virtual. system is a keyword. The other keywords are: bios, system, baseboard, chasis, processor, memory, cache, connector, slot

6. Explain about Linux boot process

There are 6 stages during Linux boot process.

1. BIOS : Checks system integrity, searches, loads and executes boot loader program from HDD/Floppy/CD/USB. Then the control is given to boot loader(MBR) for further process
2. MBR: It is located in the first sector of the bootable disk. MBR is less than 512 bytes. It contains information about GRUB/LILO boot loaders. So MBR loads and executes the GRUB boot loader
3. GRUB: GRand Unified Bootloader. It lists all the kernel images available and default can be set. Configuration file is: /boot/grub/grub.conf and /etc/grub.conf is link to this file. It contains information about Kernel and initrd images
4. Kernel: Mounts the root file system as mentioned in grub.conf as root= and execute /sbin/init process which is a parent process to all in Linux. So it has the process ID of 1 in ps output. initrd stands for Initial RAM Disk, which is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers required to access harddisk partitions and other hardware.
5. Init: the parent process. Which looks at /etc/inittab file to decide the run level(0halt,1singleuser,2multiuser without nfs,3full multiuser,4unused, 5X11 and 6reboot). Default run level is defined as initdefault in /etc/inittab
6. Runlevel: /etc/rc.d/rcx.d is the directory for each run level x. inside these directories there are programs start with S or K which denotes the programs starting/killing during startup/shutdown in the order(sNsendmail - means start sendmail at N sequence).

7. LVM (Logical Volume Management) How to

• 256 volume groups can be created
• LV size can be increased on fly without unmounting it
• But to reduce the size, we have to unmount first, then reduce the filesystem; resize2fs and then mount back the partition
• pvscan command is used to scan newly added disk or LUN in LVM
• lvscan is used to scan logical volume from existing volume group
• Disable a LV using "lvchange -an <lvname>" and enable a LV using "lvchange -ay <lvname>"
• Disable a VG using "vgchange an <vgname> and enable it using "vgchange -ay <vgname>"
• "lvs -a -o +devices" is the command used to display the disks in LV mirroring
• PVS,VGS and LVS are the command used to display about physical disks, volume groups and logical volumes
• pvdisplay, vgdisplay and lvdisplay are the commands used to display detailed information
• LVM1 snapshots are readonly by default, but LVM2 snapshots are Read/Write
• If /proc/misc file contains string like "device-mapper" means device mapper is installed on that system
• LV max size for 2.6 kernel is 16TB for 32-bit and 8EB for 64 bit machines
• If you want to remove a disk/device from a VG, use "vgreduce <vgname> <diskpath>" and to add a new disk to the VG, use "vgextend <vgname> <disktobeadded>
• SWAP-82, RAID-fd and LVM-8e are the partition numbers
• lvmdump is the command used to collect troubleshooting information
• Default backup location is /etc/lvm/backup and "vgcfgbackup <vgname>" is the command to take VG config backup.
• Its possible to rename a VG, but it will be affected only when its remounted. also need to update /etc/fstab accordingly.

LVM Extend process:

• Add partition with 8e
• fdisk -l
• pvcreate /dev/sda1
• pvs
• vgextend <vgname> /dev/sda1
• vgs
• pvscan
• lvdisplay
• vgdisplay
• lvextend -l +4607 /dev/vgname/lvname
• resize2fs /dev/vgname/lvname

LVM Reduce Process: (use PE or +/- G during extend or reduce)

• Unmount the file system
• check the fs
• Reduce FS
• Reduce LV
• recheck FS
• remount FS
• resize2fs /dev/vgname/lvname 10G
• lvreduce -L -8G lvname
• lvdisplay

8. Create a local yum repository on server and configure the client

• Create a local directory for the repo like "mkdir /var/www/html/repo"
• There are 2 ways to create a repo:
• reposync -p /var/www/html/repo -r <repoID> -l
• createrepo /var/www/html/repo
• Start apache and confirm access to the files:
• wget http://localhost/repo/repomod.xml
• wget http://fqdn/repo/repomod.xml
• To update the existing repo, add rpm files and run:
• createrepo --update /var/www/html/repo
• Before seeing updates on the clients, you may need to:
• rm -rf /var/cache/yum/*
• yum clean all
• Client Configuration:
• yum-config-manager --add-repo http://fqdn --enable-repo

9. NFS

• NFS runs on port 2049/TCP
• Current version is NVSv4
• ACLs
• Statefull Ops
• Services: NFS , NFS/rpcbind/xinetd
• /etc/exports => to share the directories
• /etc/sysconfig/nfs => fix ports
• pNFS => Parallel NFS for performance gain
• nfsstat -o all

10. Multipath I/O

Multipath is usefull to overcome single point failures. Multipathing ensures that the system uses multiple physical paths to provide redundancy and increased throughput. There are many vendor specific multipathing implementations like EMC's powerpath and Symantec's VxDMP.

Device Mapper Multipathing is a Linux native multipath tool to configure multiple I/O paths between server nodes and storage arrays into a single device. These I/O paths are physical SAN connections that can include separate cables, switches and controllers.

• Check whether device mapper is installed or not using #rpm -qs | grep device-mapper
• Check the modules loaded using: #lsmod | grep dm_multipath
• Check configuration file at: /etc/multipath.conf
• Check whether the service is running or not: # /etc/init.d/multipathd status
• Check if there are any devices listed using: #multipath -v2 (or) #multipath -ll

11. Network Bonding

network bonding is a feature of kernel where we can aggregate muliple network adapters into single virtual adapter or interface which can increase availability and throughput. There are seven modes starting from 0 to 6; 0 is round robin and 1 is active-backup..Following are the files involved during network bonding. * /etc/sysconfig/network-scripts/ifcfg-bond0; /etc/modprobe.d/bonding.conf; /etc/sysconfig/network-scripts/ifcfg-eth[0-4]; and /proc/net/bonding/bond0
    How many IP addresses are need for NIC bonding
    Steps: cd /etc/sysconfig/network-scripts
    ifconfig to list the IPs
    Create a bonding interface ifcfg-bond0 in the         above path
    DEVICE=bond0
    IPADDR=192.168.1.25
    NETMASK=255.255.255.0
    GATEWAY=192.168.1.1
    BONDING_OPTS=“mode=1 miimon=100” (miimon is polling interval. here its 100ms)
    BOOTPROTO=none

    Now modify slaves.i.e the interfaces participating in this bond.

vi ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

vi ifcfg-eth1

DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

Restart network connection or bring up the bonding interface using ifup bond0

view the current status of bonding: cat /proc/net/bonding/bond0

12. Disk Quotas:

In Linux, quotas can be implemented to restrict usage of file system. Following are the steps to enable quotas in Linux machine

• hard limit is the limit for which linux will not allow beyond that limit. Softlimit only gives warning when limit is reached, but allows you to create files beyond the limit. grace period is the period which allows days to create files once the hard limit is reached.
• Enable quotas by modifying /etc/fstab file
• /dev/VolGroup00/LogVol02 /home     ext3    defaults,usrquota,grpquota  1 2
• remount the file system using mount -a command
• create quota database files and generate the disk usage table; use quotacheck command to generate database files.
• assign quota policies
• use “quotacheck -cug /home” command where -c is quota files shoud be created for each file system;-u to check user quotas and -g to check for group quotas. If neither of u or g is specified, by default user quota file is created.
• assign quotas per user using “edquota <username>” command and for group use “edquota -g <groupname>”. this will open a file for editing quotas. edit the limits and save the file. You can change the editor in ~/.bashrc file.
• grace period for quotas can be set using “edquota -t” command. -u or -g is per user/group, but -t is filesytem wide.
• quotas can be disabled for all without setting 0 for user/group using command “quotaoff -vaug” and to enable “quotaon -vaug” or for a specific file system, we can use it like, “quotaon -vaug /home”
• “repquota /home” is the command used to report statistics of quota on /home..you can use -a like repquota -a command to list all file systems and quotas.
• quotacheck -vaug /home” command can be used when no files are in use to check the accuracy of quotas.

13. Performance troubleshooting and tuning: