Typical questions asked at Linux/UNIX Job interviews.

If you are in the UNIX field, at some point it time you have had to interview cantidates, or be interviewed by technical staff at a company. These are technical questions I would consider mid-senior level. I based them on real-world situations that I deal with on a daily basis. I have tried to keep them as platform independant as possible. You may leave comments about any of these or to contribute your own.

1. A Machine is listening on a TCP socket. How would you determine which process is the one listening?

2. What is a process in the 'D' state.

3. Name 5 standard ports ( 22:ssh, 23:telnet, 53:dns, etc . . .)

4. What is a TTY and how does it relate to processes?

5. You need to test if a server ( is listening on port 80. You telnet to that machine on port 80. You get the following response.Describe the response and how to remedy it.


6. What is a 'DMZ' and why is it important?

7. You are trying to reach a server on port 80 on a remote DMZ. You know the firewall is open and the port is listening, but you get no response from the server. What could be the problem?

8. A server is out of disk space. You notice a very large log file and determine it is save to remove. You remove the file but the disk still show full. What would cause this and how would you remedy it?

9. Using grep, How would you display the contents of a config file minus comments and blank lines?

10. How would you search recursively through directories looking for files containing the word "foo"?

11. Without using an editor such as vi, ed, or emacs, how would you replace all iterations of the word XXX with the word YYY in all the files in a directory?

12. You see a directory with the permissions 'drwxr-xr-T' What does the T represent and why would you use it?

13. What is setuid and why is it dangerous?

14. When administering DNS, what is the significance of the serial number?

15. When administering Apache 2.x, How does the MaxClients setting affect server performance?

16. Explain "Load Average"?

17. A server is responding very sluggish. You run 'top' but you do not see any processes using very much CPU or memory. What other factors could cause poor performance?

18. How would you tell if a process is actively swapping?

19. As process was killed using a -9 signal. After that, the process can not be started again. What is the most common cause for this and what would be the solution?

20. What are the two situations where you would need to reboot a UNIX system?

1. lsof| grep | grep LIST to find the PID, then ps -ef | grep PID to display the process.

2. D is an 'interruptible sleep' state where a process is waiting for IO to complete before it can continue. Mostly caused by flaky NFS setups.

3. See /etc/services for list of ports.

4. A tty is an active terminal session. Any processes bound to a tty would exit if the tty is disconnected.

5. This is a situation where a firewall would be blocking the port. Have an admin of the firewall open the port.

6. A DMZ is a "demilitarized zone". This is useful if you wish to contain systems exposed to the internet that may become compromised by attack.

7. Make sure a route is set for the return path to the clients' subnet.

8. The process that is writing the file still has control of the inode. Either restart the process, or truncate the file by redirecting stdin into the file ( > file).

9. grep -v ^# | grep -v ^$

10. find . | xargs grep

11. perl -pi -e 's/XXX/YYY/g'

12. A T (or t) represents a 'sicky bit'. When the sticky bit is turned on for a directory users can have read and/or write permissions for that directory, but they can only remove or rename files that they own.

13. Setuid allows a process to run as a different user, typically root. Running programs as setuid can be dangerous! The power that you get from running as a regular user rather than an under-privileged user also opens the program up for abuse and is a potential security risk.

14. The serial number allows slave DNS server to keep track of changes made to the master server.

15. The MaxClients directive sets the limit on the number of simultaneous requests that will be served. The default value is 256; to increase it, you must also raise ServerLimit.

16. The load average is the sum of the run queue length and the number of jobs currently running on the CPUs. The load average tries to measure the number of active processes at any time. As a measure of CPU utilization, the load average is simplistic, poorly defined, but far from useless. High load averages usually mean that the system is being used heavily and the response time is correspondingly slow. What's high? Ideally, you'd like a load average under, say, 5, Ultimately, 'high' means high enough so that you don't need uptime to tell you that the system is overloaded. Different systems will behave differently under the same load average. Running a single cpu-bound background job can bring response to a crawl even though the load avg remains quite low.

17. Check IOwait. Process could be waiting for disk operations to complete which could be causing the system to become unresponsive.

18. Run 'vmstat 1' and watch the si and so columns. This will indicate the ammount of data being swapped in, and swapped out respectively.

19. The process could have allocated semaphores. run ipcs as root to display any semaphores in use and use ipcrm to remove any that are still allocated by the process.

20. A system crash or the version of the kernel has changed.


Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.