1. A user complains they cannot log in. How will you troubleshoot?
A) I will first check if the user account exists and is not locked ( passwd -S username # shows status) or expired (chage -l username # check expiry). Then I’ll verify the home directory and shell in /etc/passwd. Next, I’ll check password status and authentication logs (/var/log/secure or /var/log/auth.log) for errors. If it’s via SSH, I’ll confirm the SSH service is running and the user is allowed. Finally,
I’ll reset the password if required.
2. A script is executable by one user but not another. How do you resolve this?
A) If a script is executable by one user but not another, I will first check the file permissions and directory permissions. Then I’ll verify if the shebang and PATH are correct. If permissions are fine but still failing, I’ll check ACLs or SELinux context. Finally, I can adjust ownership or permissions with chmod or chown to allow execution.
3. A service is consuming 100% CPU. How will you find and fix it?
A) I will use top or ps to find which process is using high CPU. Then I’ll check its logs to see the issue. For quick relief, I can restart or kill the process
4. You cannot SSH into a remote machine. How do you debug?
A) I’ll first check if the server is reachable(ping <server-ip>) and port 22 is open. Then I’ll verify the SSH service is running and not blocked by firewall or security groups.If still failing, I’ll check logs for authentication errors(tail -f /var/log/secure ) and fix key or password issues.
5. / partition is full. How do you find and delete large files safely?
A) I’ll use df -h to confirm / is full and then du or find to locate large files. Usually, logs or temp files take space, so I’ll truncate logs safely instead of deleting. I’ll also clean /tmp, old kernels, or crash dumps. This way, I free space without harming the system.
6. A log file is showing junk characters. How will you check and recover it?
A) If a log file shows junk, I’ll first check if it’s compressed or in a different encoding(file -i /var/log/xyz.log). If yes, I’ll use tools like zcat or iconv to read it. If it’s really corrupted(dmesg | grep -i error), I’ll use strings to recover readable data(strings xyz.log > recovered.log) and also check disk health to prevent further corruption.
7. A scheduled job is not executing. How do you debug?
A) Check if cron is running( systemctl status cron ), verify crontab syntax(* * * * * /path/to/script.sh), ensure the script is executable(ls -l /path/to/script.sh)(chmod +x /path/to/script.sh), check logs (/var/log/cron or /var/log/syslog), use absolute paths, and test the script manually
8. yum or apt is failing. How will you resolve it?
A) I would first check internet and DNS (ping 8.8.8.8)If DNS fails, fix (/etc/resolv.conf)., then verify repo files(ls /etc/yum.repos.d/), clean yum/apt cache (yum clean all), ensure no lock files are blocking (ps aux | grep yum), check GPG keys(rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-*), and confirm enough disk space. Finally, retry the command
9. A user was added to sudoers, but sudo still doesn’t work. What could be wrong?
A) Even if a user is added to sudoers, sudo may not work if they are not in the correct group (wheel(usermod -aG wheel username) or sudo), if /etc/sudoers has syntax/permission issues(ls -l /etc/sudoers), or if the user hasn’t re-logged in. I would check groups, validate the sudoers file with visudo, and ensure correct permissions(chmode 440)
10. How do you troubleshoot and recover from a kernel panic?
A) Kernel panic means the OS encountered a fatal error it couldn’t recover from.
Common causes:
- Corrupt initramfs / kernel image
- Wrong drivers / hardware failure
- Bad configuration in /etc/fstab or GRUB
- If a server hits a kernel panic, I first try booting from an older kernel via GRUB. If not, I enter rescue mode, rebuild the initramfs, and check /etc/fstab for misconfigurations. Logs and crash dumps help identify the root cause.
- As a last step, I reinstall the kernel or recover from backup
11. How do you identify and remove zombie processes?
A) Zombie processes show up with a Z status in ps output(ps aux | grep Z). You can’t kill them directly; instead, you find their parent process and either restart or kill it so init can clean up the zombie(kill -9 <parent_pid>)
12. How do you fix “Too many open files” in Linux?
A) Too many open files’ means the process hit the file descriptor limit. I would check limits with ulimit -n, identify the process with lsof, and then increase the nofile limit temporarily or permanently in /etc/security/limits.conf or systemd. If it persists, I’d check for application file descriptor leaks
13. A process is causing high memory usage. How do you locate and stop it?
A) I would use top or ps aux –sort=-%mem to locate the process consuming high memory. If safe, I would stop it with kill or restart the service. Then I would check logs for memory leaks or misconfiguration to prevent recurrence
14. A user’s home directory is missing. How will you restore it?
A) If a user’s home directory is missing, I would first check /etc/passwd to confirm the path. Then recreate(mkdir /home/username) it with proper ownership(chown username:username /home/username) and permissions(chmod 700 /home/username), copy default files from /etc/skel, and if available, restore the user’s data from backup (using rsync -av /backup/home/username/ /home/username/)
15 The server time is incorrect. How do you fix NTP sync?
A) I will check the current time with date or timedatectl. Then I’ll make sure the NTP service (chronyd or systemd-timesyncd) is running. If not, I’ll start it and enable it. I can force sync using chronyc makestep or ntpdate pool.ntp.org, and finally verify that the time is synchronized with timedatectl status
16. How do you find all files modified in the last 10 minutes?
A)
find / -type f -mmin -10
17. Deleting Large Files But Space Not Freeing Up: What could be the reason?
Ans:-the reason is usually that a process is still holding the file open. Check with lsof | grep deleted, then restart or kill that process(kill -9 <PID>) to release the space.
18. How do you analyze high system load issues?
A) High system load is analyzed by checking uptime and top for load average and top processes, using vmstat/iostat to check CPU, memory, and I/O wait, and reviewing logs.The cause may be CPU-hungry processes, memory leaks, or disk bottlenecks, and the fix depends on which resource is overloaded
19. How do you troubleshoot an NFS mount not working?
A) NFS mount issues are checked by verifying network connectivity to the server(ping <nfs-server>), confirming NFS service(systemctl status nfs-server) and exports with showmount -e(showmount -e <nfs-server>),
testing manual mounts, and checking firewall/SELinux. Logs help identify the exact error(dmesg | tail).
20. ping is working, but ssh is failing by hostname. Why?
A) the hostname may resolve to the wrong IP or SSH might be blocked. Check name resolution (getent hosts)(nslookup <hostname>), ensure SSH is running on the server(systemctl status sshd), and verify firewall/SELinux rules.
21. How do you extend a partition without unmounting it?
A) Extending a partition without unmounting requires online filesystem resizing. For LVM, use lvextend -r. For partitions, extend with growpart, then resize with xfs_growfs (XFS) or resize2fs (ext4).
22. What steps are needed to add a new disk to a Linux server?
A) Normal Disk case (non-LVM):
Detect the disk with lsblk, partition using fdisk/parted, make filesystem with mkfs, mount it, and update /etc/fstab.
LVM Disk case:
Create PV with pvcreate, add it to VG with vgextend, extend LV using lvextend, then grow filesystem with xfs_growfs or resize2fs.
23. How to check which processes are writing to a file in real time?
A) To check which process is writing to a file, use lsof or fuser to see open PIDs. For real-time monitoring, use inotifywait or iotop
24. How to recover a deleted file in Linux?
A) once a file is deleted it cannot be easily recovered. If a process still has it open, copy it from /proc/<pid>/fd; otherwise restore from backups or snapshots (extundelete (ext4)
25. How to check disk I/O performance in Linux?
A) iostat -x for disk performance, iotop for per-process I/O.
26. A directory is taking too much space. How do you analyze it?
A) du -sh * | sort -h to find large files/directories.
27. How do you remount a filesystem in read-write mode without rebooting?
A) mount -o remount,rw / makes it writable again.
28. What happens when a file is deleted but is still in use by a process?
A) Linux keeps the data until the process closes it. It disappears from the directory but the space is only freed after the process ends
29. How do you create and mount a swap file?
A) Create a file with dd(dd if=/dev/zero of=/swapfile bs=1M count=2048), set (chmod 600 /swapfile), run (mkswap /swapfile), then (swapon /swapfile). Add it to /etc/fstab for persistence
30)How do you find large unused files across multiple partitions?
A) df -h to find the full partition, then find /mountpoint -xdev -size +100M