Landing a Linux system administration job in 2026 requires more than just knowing your way around a terminal. Hiring managers are looking for candidates who can demonstrate practical skills, problem-solving ability, and a deep understanding of modern infrastructure. This guide covers 25 questions that are actually being asked in technical interviews right now, along with ideal answers that will set you apart from other candidates.
Fundamentals and System Knowledge
1. Explain the Linux boot process from power-on to login prompt.
Ideal answer: The boot process follows these stages: BIOS/UEFI firmware initializes hardware and finds the bootloader. GRUB2 (the default bootloader) loads the kernel and initial ramdisk (initramfs). The kernel initializes hardware drivers and mounts the root filesystem. systemd (PID 1) starts as the init system, processes unit files, and brings the system to the configured target (e.g., multi-user.target or graphical.target). Finally, login services like getty or a display manager present the login interface.
2. What is the difference between hard links and soft (symbolic) links?
Ideal answer: A hard link is an additional directory entry pointing to the same inode as the original file. Both names are equal — deleting one does not affect the other. Hard links cannot cross filesystem boundaries and cannot link to directories. A symbolic link is a special file that contains the path to another file. It can cross filesystems and link to directories, but becomes broken if the target is deleted.
# Create a hard link
ln original.txt hardlink.txt
# Create a symbolic link
ln -s /path/to/original.txt symlink.txt
# Verify inode numbers (hard links share the same inode)
ls -li original.txt hardlink.txt3. How do Linux file permissions work? Explain setuid, setgid, and sticky bit.
Ideal answer: Standard permissions are read (4), write (2), and execute (1) for owner, group, and others. Special permissions include: setuid (4000) — when set on an executable, it runs with the file owner's permissions (e.g., /usr/bin/passwd runs as root). Setgid (2000) — on executables, runs with the group's permissions; on directories, new files inherit the directory's group. Sticky bit (1000) — on directories, only the file owner can delete their files (e.g., /tmp).
4. Explain the difference between processes, threads, and daemons.
Ideal answer: A process is an instance of a running program with its own memory space, PID, and resources. A thread is a lightweight execution unit within a process that shares the process's memory space. Multiple threads can run concurrently within a single process. A daemon is a background process that runs continuously without a controlling terminal, typically started at boot time to provide system services (e.g., sshd, nginx, crond).
5. What happens when you type a URL in a browser? Explain from the Linux server perspective.
Ideal answer: DNS resolution occurs to translate the domain to an IP address. A TCP connection is established (three-way handshake). If HTTPS, a TLS handshake negotiates encryption. The HTTP request arrives at the server, where the kernel's network stack routes it to the listening socket. The web server process (nginx/Apache) accepts the connection, processes the request, potentially passes it to an application backend (PHP-FPM, Python WSGI), the application processes the request, generates a response, and the web server sends it back over the established connection.
Networking and Security
6. How would you troubleshoot a server that is unreachable over the network?
Ideal answer: Follow a systematic bottom-up approach: Check physical/virtual network connectivity. Verify the interface is up with ip link show. Check IP configuration with ip addr show. Test local connectivity with ping to gateway. Check routing table with ip route show. Verify DNS resolution with dig or nslookup. Check firewall rules with iptables -L or nft list ruleset. Verify the service is listening with ss -tlnp. Check service logs for errors.
7. Explain iptables vs nftables. Which would you use in 2026?
Ideal answer: iptables is the legacy packet filtering framework using separate tools for IPv4 (iptables), IPv6 (ip6tables), ARP (arptables), and bridging (ebtables). nftables is the modern replacement that unifies all these into a single framework with a cleaner syntax and better performance. In 2026, nftables is the recommended choice as it is the default on most modern distributions, though firewalld provides a higher-level abstraction that uses nftables as its backend.
8. How do you harden an SSH server?
Ideal answer: Key hardening steps include: Disable root login (PermitRootLogin no). Use key-based authentication and disable password authentication (PasswordAuthentication no). Change the default port. Limit allowed users with AllowUsers or AllowGroups. Set idle timeout with ClientAliveInterval and ClientAliveCountMax. Use fail2ban to block brute force attempts. Restrict SSH protocol to version 2 only. Use strong key exchange algorithms and ciphers.
System Administration
9. A server is running slowly. Walk me through your troubleshooting process.
Ideal answer: Start with the USE method (Utilization, Saturation, Errors) for each resource. Check CPU with top or htop — look for high load average, CPU-bound processes. Check memory with free -h — look for swap usage and available memory. Check disk I/O with iostat -x 1 — look for high await times and utilization. Check network with sar -n DEV 1. Check for process-level issues with ps aux --sort=-%cpu and ps aux --sort=-%mem. Review system logs in /var/log/syslog or journal for errors.
10. Explain LVM and its advantages.
Ideal answer: Logical Volume Manager (LVM) provides a layer of abstraction between physical storage and filesystems. It consists of Physical Volumes (PVs), Volume Groups (VGs), and Logical Volumes (LVs). Advantages include: dynamic resizing of volumes without downtime, spanning volumes across multiple disks, snapshots for backups and testing, thin provisioning, and easier storage management compared to traditional partitioning.
11. How do you manage services with systemd?
# Check service status
systemctl status nginx
# Start/stop/restart/reload
systemctl start nginx
systemctl stop nginx
systemctl restart nginx
systemctl reload nginx
# Enable/disable at boot
systemctl enable nginx
systemctl disable nginx
# View logs for a service
journalctl -u nginx -f --since "1 hour ago"
# List failed services
systemctl --failed
# Create a custom service unit
# /etc/systemd/system/myapp.service12. What is the difference between cron and systemd timers?
Ideal answer: Cron is the traditional job scheduler using crontab files with a time-based syntax. Systemd timers are the modern alternative that offer advantages like: persistent timers that catch up on missed executions, better logging through journald, dependency management with other systemd units, randomized delays to prevent thundering herd problems, and calendar-based or monotonic time specifications. In 2026, systemd timers are preferred for new deployments, while cron remains common in existing systems.
Containers and Modern Infrastructure
13. Explain the difference between containers and virtual machines.
Ideal answer: Virtual machines run a complete operating system on emulated hardware via a hypervisor, providing strong isolation but with higher resource overhead. Containers share the host kernel and use namespaces and cgroups for isolation, making them lightweight and fast to start but with weaker isolation boundaries. VMs are better for running different operating systems or when strong security isolation is required. Containers are better for microservices, CI/CD pipelines, and applications where density and speed are priorities.
14. How would you debug a Docker container that keeps crashing?
Ideal answer: Check container logs with docker logs container_name. Inspect the container with docker inspect container_name for configuration issues. Check the exit code for clues. Start the container interactively with docker run -it image_name /bin/sh to debug. Check resource limits with docker stats. Review the Dockerfile for issues. Verify environment variables and mounted volumes. Use docker events to see container lifecycle events.
15. What are cgroups and namespaces?
Ideal answer: Control groups (cgroups) limit and account for resource usage — CPU, memory, disk I/O, and network bandwidth — for groups of processes. Namespaces provide isolation by giving processes their own view of system resources: PID namespace (process isolation), network namespace (network stack isolation), mount namespace (filesystem isolation), user namespace (UID/GID mapping), UTS namespace (hostname isolation), and IPC namespace (inter-process communication isolation). Together, they form the foundation of container technology.
Scripting and Automation
16. Write a bash script to check disk usage and send an alert if over 80%.
#!/bin/bash
THRESHOLD=80
ALERT_EMAIL="admin@company.com"
df -h --output=pcent,target | tail -n +2 | while read usage mount; do
percent=${usage%\%}
if [ "$percent" -gt "$THRESHOLD" ]; then
echo "WARNING: $mount is at ${usage} on $(hostname)" | \
mail -s "Disk Alert: $(hostname)" "$ALERT_EMAIL"
fi
done17. How do you handle errors in bash scripts?
Ideal answer: Use set -euo pipefail at the top of scripts: -e exits on error, -u treats unset variables as errors, -o pipefail catches errors in pipelines. Use trap for cleanup on exit. Check return codes with $?. Use || true for commands where failure is acceptable. Implement proper logging and error messages.
Advanced Topics
18. Explain the /proc filesystem.
Ideal answer: /proc is a virtual filesystem that provides an interface to kernel data structures. It contains process information in numbered directories (/proc/PID/), system information (/proc/cpuinfo, /proc/meminfo), kernel parameters (/proc/sys/), and runtime configuration. It exists only in memory and is dynamically generated by the kernel. Common uses include checking CPU info, memory stats, network connections (/proc/net/), and tuning kernel parameters via /proc/sys/.
19. What is swap space and when should you use it?
Ideal answer: Swap is disk space used as virtual memory when physical RAM is exhausted. The kernel moves inactive memory pages to swap to free RAM for active processes. In 2026, with RAM being relatively affordable, swap is primarily a safety net. Best practice is to have swap equal to 1-2x RAM for systems under 8GB, or a fixed 4-8GB for systems with more RAM. Set the swappiness value appropriately — lower values (10-30) for servers to prefer keeping data in RAM.
20-25: Additional questions covering infrastructure as code (Ansible/Terraform), monitoring strategies (Prometheus/Grafana), backup and disaster recovery planning, kernel tuning for performance, SELinux/AppArmor policies, and cloud migration strategies.
These advanced questions are covered in detail in our Linux career preparation guides, with full answers, code examples, and interviewer perspectives.
Interview Preparation Tips
- Practice in a lab — Set up virtual machines and practice every command and scenario
- Explain your thought process — Interviewers value methodology over memorized answers
- Know your resume — Be ready to discuss any technology listed on your CV in depth
- Ask questions — Inquire about the team's infrastructure, challenges, and tooling
- Stay current — Follow Linux kernel releases, security advisories, and industry trends
Recommended Reading
Prepare thoroughly with these essential Dargslan career guides:
- Linux Job Interview Guide — Comprehensive interview preparation with 100+ questions and answers
- LPIC-1 Exam Prep — Validate your Linux skills with certification
- Linux Administration Fundamentals — Master the core skills interviewers expect
- Linux System Administration Handbook — The definitive reference for Linux sysadmins
