Linux interviews test your command-line fluency, file system knowledge, process management, networking, shell scripting, and system administration skills. This guide covers the 50 most common questions with concise answers and real examples.
Quick reference
| Topic | Most asked questions |
|---|---|
| File system | inodes, hard vs soft links, permissions, find/grep |
| Processes | ps/top/kill, signals, background jobs, systemd |
| Networking | netstat/ss, iptables, DNS, curl/wget |
| Users & permissions | chmod/chown, sudo, /etc/passwd, PAM |
| Shell scripting | variables, loops, functions, exit codes |
| Package management | apt/yum/dnf, rpm, snap |
| Kernel & boot | kernel modules, GRUB, runlevels, dmesg |
| Disk & storage | df/du, LVM, mount, RAID |
Core Concepts
1. What is a Linux kernel?
The kernel is the core of the OS — it manages hardware resources (CPU, memory, I/O), provides system calls that programs use, handles process scheduling, memory allocation, and device drivers. User-space programs never access hardware directly; they go through the kernel via system calls like read(), write(), fork().
2. What is the difference between a process and a thread?
| Process | Thread | |
|---|---|---|
| Memory | Own address space | Shares parent's address space |
| Creation cost | High (fork) | Low (pthread_create) |
| Communication | IPC (pipe, socket, shm) | Shared memory directly |
| Crash isolation | Isolated | Can crash entire process |
A process has its own PID, file descriptors, and virtual address space. Threads within a process share memory but each has its own stack and program counter.
3. What are runlevels / systemd targets?
Traditional SysV runlevels map to systemd targets:
| Runlevel | systemd Target | Description |
|---|---|---|
| 0 | poweroff.target | Halt |
| 1 | rescue.target | Single user |
| 3 | multi-user.target | CLI multi-user |
| 5 | graphical.target | GUI |
| 6 | reboot.target | Reboot |
systemctl get-default # current default target
systemctl set-default multi-user.target
systemctl isolate rescue.target # switch immediately
4. What is the difference between /bin, /sbin, /usr/bin, /usr/local/bin?
| Directory | Purpose |
|---|---|
/bin |
Essential user binaries needed before /usr mounts (ls, cp, bash) |
/sbin |
System binaries for root (fsck, iptables) |
/usr/bin |
Most user commands (python, git, curl) |
/usr/sbin |
Non-essential system binaries |
/usr/local/bin |
Locally compiled/installed software |
On modern systems (Debian/Ubuntu/Fedora), /bin and /sbin are symlinks to /usr/bin and /usr/sbin.
5. What is an inode?
An inode is a data structure that stores metadata about a file:
- File type, permissions, owner, group
- File size, timestamps (atime/mtime/ctime)
- Pointers to data blocks on disk
- Link count
The inode does not store the filename — filenames live in directory entries that map name → inode number.
ls -i file.txt # show inode number
stat file.txt # show full inode info
df -i # show inode usage per filesystem
File System & Permissions
6. What is the difference between hard links and symbolic links?
| Hard Link | Symbolic (Soft) Link | |
|---|---|---|
| Points to | Same inode | File path (name) |
| Cross filesystem | No | Yes |
| Works on dirs | No (usually) | Yes |
| Survives original deletion | Yes | Breaks (dangling link) |
ls -l indicator |
Same as file | l prefix, shows -> |
ln source.txt hard_link.txt # hard link
ln -s /path/to/source soft_link # symbolic link
7. Explain Linux file permissions.
-rwxr-xr-- 1 alice developers 4096 Jul 14 10:00 script.sh
│├──┤├──┤├─┤
││ │ │ │
││ │ │ └── Other: r-- (read only)
││ │ └───── Group: r-x (read, execute)
││ └──────── Owner: rwx (read, write, execute)
│└─────────── File type: - (regular), d (dir), l (link)
└──────────── Always present
Permission values: r=4, w=2, x=1. So rwxr-xr-- = 754.
chmod 755 script.sh # rwxr-xr-x
chmod u+x,g-w file # symbolic
chown alice:devs file # change owner and group
8. What does chmod 777 mean and why is it dangerous?
chmod 777 sets read, write, execute for owner, group, and others. Dangerous because:
- Any user on the system can modify or execute the file
- Web server files with 777 allow remote code execution if there's an upload vulnerability
- Use least-privilege: web files → 644, directories → 755, scripts → 750
9. What is the sticky bit?
The sticky bit on a directory means only the file owner (or root) can delete files inside, even if others have write permission on the directory.
ls -ld /tmp
# drwxrwxrwt ... /tmp ← 't' = sticky bit
chmod +t /shared # set sticky bit
chmod 1777 /shared # rwxrwxrwt
Used on shared directories like /tmp to prevent users from deleting each other's files.
10. How do you find files in Linux?
# find by name
find /var/log -name "*.log"
# find by modification time (modified in last 7 days)
find /home -mtime -7
# find by size (larger than 100MB)
find / -size +100M -type f 2>/dev/null
# find and execute
find . -name "*.pyc" -delete
find . -name "*.txt" -exec grep -l "error" {} +
# find SUID files (security audit)
find / -perm -4000 -type f 2>/dev/null
11. What is grep and how do you use it efficiently?
grep "error" /var/log/syslog # basic search
grep -i "ERROR" file.log # case-insensitive
grep -r "TODO" /src --include="*.py" # recursive
grep -v "DEBUG" app.log # invert (exclude)
grep -c "404" access.log # count matches
grep -n "fail" auth.log # show line numbers
grep -A 3 -B 2 "CRITICAL" app.log # context lines
grep -E "error|fail|warn" app.log # extended regex
grep -P "\d{3}-\d{4}" contacts.txt # Perl regex
Processes
12. How do you list and manage processes?
ps aux # all processes (BSD syntax)
ps aux | grep nginx # find process by name
ps -ef --forest # tree view
top # interactive (q to quit)
htop # better interactive view
pgrep nginx # get PIDs by name
pidof nginx # same, traditional
13. What Linux signals do you know?
| Signal | Number | Default Action | Use Case |
|---|---|---|---|
| SIGHUP | 1 | Terminate / reload | Reload config without restart |
| SIGINT | 2 | Terminate | Ctrl+C |
| SIGQUIT | 3 | Core dump | Ctrl+\ |
| SIGKILL | 9 | Terminate (forced) | Unkillable process |
| SIGTERM | 15 | Terminate (graceful) | Normal shutdown |
| SIGSTOP | 19 | Stop | Ctrl+Z (can't catch) |
| SIGCONT | 18 | Continue | Resume stopped process |
| SIGUSR1/2 | 10/12 | User-defined | Custom app signals |
kill -15 <pid> # graceful (SIGTERM)
kill -9 <pid> # force (SIGKILL) — last resort
kill -1 <pid> # reload (SIGHUP)
killall nginx # kill all processes named nginx
pkill -f "python app" # kill by full command match
14. What is a zombie process?
A zombie process has finished executing but still has an entry in the process table because its parent hasn't called wait() to read its exit status.
ps aux | grep 'Z' # find zombie processes
# PPID from ps → kill parent to clean up orphans
Zombies don't consume CPU/memory (just a PID slot). They disappear when the parent reaps them or is killed.
15. How does fork() and exec() work?
- fork(): Creates a copy of the current process. Parent gets child's PID, child gets 0.
- exec(): Replaces the current process image with a new program.
- fork + exec = how shells run commands: fork creates a child, child calls exec to replace itself with the command.
16. What is the difference between ps aux columns?
| Column | Meaning |
|---|---|
| USER | Process owner |
| PID | Process ID |
| %CPU | CPU usage |
| %MEM | Memory usage (RSS / total RAM) |
| VSZ | Virtual memory size (KB) |
| RSS | Resident set size — actual RAM used (KB) |
| STAT | Process state (S=sleeping, R=running, Z=zombie, D=disk wait) |
| START | Start time |
| TIME | Total CPU time consumed |
| COMMAND | Command with arguments |
17. How do you run a process in the background and keep it after logout?
command & # background (dies on logout)
nohup command & # background + immune to SIGHUP
nohup command > out.log 2>&1 &
# Better: use screen or tmux
screen -S mysession
# ... run command ... Ctrl+A D to detach
screen -r mysession # reattach
# Best for services: systemd unit
systemctl start myservice
systemctl enable myservice # auto-start on boot
Users, Groups & sudo
18. What is the /etc/passwd file format?
username:password:UID:GID:GECOS:home_dir:shell
alice:x:1001:1001:Alice Smith:/home/alice:/bin/bash
- Password field is
x— actual hash is in/etc/shadow(readable only by root) - UID 0 = root; UIDs 1–999 = system users; 1000+ = regular users
- GECOS = full name and contact info (optional)
19. How do you add a user and manage groups?
useradd -m -s /bin/bash -G sudo alice # create user with home
passwd alice # set password
usermod -aG docker alice # add to group
groups alice # show groups
id alice # show UID, GID, groups
userdel -r alice # delete user + home
20. How does sudo work?
sudo elevates privileges based on rules in /etc/sudoers. Key concepts:
visudo # safe way to edit /etc/sudoers
# sudoers format:
# user hosts=(run_as) commands
alice ALL=(ALL:ALL) ALL # full sudo
bob ALL=(ALL) NOPASSWD: /bin/systemctl restart nginx
sudo -l shows what the current user can run with sudo.
Networking
21. How do you check open ports and listening services?
ss -tulnp # sockets: TCP, UDP, listening, numeric, process
netstat -tulnp # older equivalent (may not be installed)
lsof -i :80 # which process uses port 80
nmap -sV localhost # port scan with service version
22. What is the difference between TCP and UDP?
| TCP | UDP | |
|---|---|---|
| Connection | Connection-oriented | Connectionless |
| Reliability | Guaranteed delivery, ordered | Best-effort, no ordering |
| Error correction | Retransmit lost packets | No retransmit |
| Speed | Slower | Faster |
| Use cases | HTTP, SSH, databases | DNS, video streaming, gaming |
23. How do you troubleshoot network connectivity?
# Layer by layer
ping 8.8.8.8 # L3 reachability
ping google.com # DNS resolution + L3
traceroute google.com # routing path
mtr google.com # live traceroute
curl -I https://google.com # HTTP response
curl -v https://api.example.com # full request/response
dig google.com # DNS query
dig @1.1.1.1 google.com # specific DNS server
nslookup google.com
ss -s # socket statistics
ip addr show # interface addresses
ip route show # routing table
24. What is iptables?
iptables is a user-space utility to configure the Linux kernel's firewall (netfilter). Rules are processed top-to-bottom; first match wins.
iptables -L -n -v # list rules (with packet counts)
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow HTTP/HTTPS
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
# Drop everything else
iptables -P INPUT DROP
# Save rules
iptables-save > /etc/iptables/rules.v4
Modern alternative: nftables and ufw (simplified interface).
25. What is DNS and how does a lookup work?
- Check local
/etc/hosts - Check OS DNS cache
- Query configured resolver (
/etc/resolv.conf) - Resolver performs recursive lookup:
- Root nameservers → TLD nameservers (
.com) - Authoritative nameserver for domain
- Root nameservers → TLD nameservers (
- TTL-cached response returned
cat /etc/resolv.conf # configured DNS servers
cat /etc/hosts # local overrides
resolvectl status # systemd-resolved status
Shell Scripting
26. What are the special variables in bash?
| Variable | Meaning |
|---|---|
$0 |
Script name |
$1–$9 |
Positional arguments |
$# |
Number of arguments |
$@ |
All arguments (quoted individually) |
$* |
All arguments (as one string) |
$? |
Exit code of last command |
$$ |
PID of current shell |
$! |
PID of last background process |
$_ |
Last argument of previous command |
27. What is the difference between $@ and $*?
# When double-quoted:
"$@" → "$1" "$2" "$3" # each argument quoted separately
"$*" → "$1 $2 $3" # all in one string
# Example:
args() { for arg in "$@"; do echo "[$arg]"; done; }
args "hello world" "foo"
# [hello world]
# [foo]
Always use "$@" when passing arguments to preserve quoting.
28. How do you handle errors in shell scripts?
#!/usr/bin/env bash
set -euo pipefail
# -e: exit on error
# -u: treat unset variables as errors
# -o pipefail: pipe fails if any command fails
trap 'echo "Error on line $LINENO"; exit 1' ERR
trap 'cleanup' EXIT # always runs on exit
cleanup() {
rm -f /tmp/lockfile
echo "Cleanup done"
}
# Check exit codes explicitly
if ! command; then
echo "command failed" >&2
exit 1
fi
29. Write a script that backs up a directory.
#!/usr/bin/env bash
set -euo pipefail
SOURCE="${1:?Usage: $0 <source> <dest>}"
DEST="${2:?Usage: $0 <source> <dest>}"
DATE=$(date +%Y%m%d-%H%M%S)
BACKUP_FILE="${DEST}/backup-${DATE}.tar.gz"
mkdir -p "$DEST"
tar -czf "$BACKUP_FILE" "$SOURCE"
echo "Backup created: $BACKUP_FILE ($(du -sh "$BACKUP_FILE" | cut -f1))"
# Keep only last 7 backups
ls -t "${DEST}"/backup-*.tar.gz | tail -n +8 | xargs rm -f
30. What is the difference between [ ] and [[ ]] in bash?
| Feature | [ ] (test) |
[[ ]] (bash builtin) |
|---|---|---|
| Standard | POSIX | Bash/ksh only |
| Word splitting | Yes (quote carefully) | No (safer) |
| Regex match | No | Yes (=~) |
&& / || inside |
Must use -a / -o |
Yes |
| Glob patterns | No | Yes (== *.txt) |
# Old way — must quote
[ -f "$file" ] && echo "exists"
# Better with [[ ]]
[[ -f $file ]] && echo "exists"
[[ $name =~ ^[A-Z] ]] && echo "starts with capital"
[[ $filename == *.log ]] && echo "is a log file"
31. How do you use awk and sed?
# awk: process fields
awk '{print $1, $3}' file.txt # print columns 1 and 3
awk -F: '{print $1}' /etc/passwd # print usernames
awk '$3 > 1000 {print $0}' /etc/passwd # filter by UID > 1000
ps aux | awk 'NR>1 {sum+=$3} END {print "Total CPU:", sum"%"}'
# sed: stream editor
sed 's/foo/bar/g' file.txt # replace all
sed -i 's/old/new/g' file.txt # in-place
sed '/pattern/d' file.txt # delete matching lines
sed -n '5,10p' file.txt # print lines 5-10
sed 's/^/ /' file.txt # indent all lines
Package Management
32. What are the differences between apt, yum/dnf, and rpm?
| Tool | Distro | Type |
|---|---|---|
apt / apt-get |
Debian, Ubuntu | High-level (resolves deps) |
dpkg |
Debian, Ubuntu | Low-level (no dep resolution) |
dnf |
Fedora, RHEL 8+, CentOS 8+ | High-level |
yum |
RHEL 7, CentOS 7 | High-level (legacy) |
rpm |
Red Hat family | Low-level |
pacman |
Arch Linux | High-level |
zypper |
openSUSE | High-level |
# Debian/Ubuntu
apt update && apt upgrade -y
apt install nginx
apt remove --purge nginx
# RHEL/Fedora
dnf update -y
dnf install nginx
dnf remove nginx
33. How do you check what package owns a file?
dpkg -S /usr/bin/python3 # Debian/Ubuntu
rpm -qf /usr/bin/python3 # RHEL/Fedora
Disk & Storage
34. What is the difference between df and du?
| Command | Reports | Scope |
|---|---|---|
df |
Filesystem usage (blocks reserved) | Per filesystem |
du |
Actual disk space used by files | Per directory/file |
df -h # human-readable filesystem usage
df -i # inode usage
du -sh /var/log # total size of directory
du -sh /* 2>/dev/null | sort -rh | head -10 # top dirs
du -ah /home/alice | sort -rh | head -20 # biggest files
35. What is LVM and when would you use it?
LVM (Logical Volume Manager) adds a flexible abstraction layer over physical disks:
Physical Volume (PV) → Volume Group (VG) → Logical Volume (LV) → filesystem
Benefits:
- Resize volumes without downtime (
lvextend + resize2fs) - Snapshots before updates
- Span multiple disks seamlessly
- Striping and mirroring
pvdisplay / vgdisplay / lvdisplay # show current state
lvextend -L +10G /dev/vg0/lv_root # extend LV by 10GB
resize2fs /dev/vg0/lv_root # extend ext4 filesystem
36. How do you mount a filesystem?
mount /dev/sdb1 /mnt/data # temporary mount
umount /mnt/data # unmount
# Permanent: /etc/fstab
# device mountpoint type options dump pass
UUID=abc123 /data ext4 defaults,noatime 0 2
mount -a # mount all entries in /etc/fstab (test after editing)
systemd
37. What is systemd and how does it differ from SysV init?
systemd is the modern init system (PID 1). It replaces SysV init:
| SysV init | systemd | |
|---|---|---|
| Config | Shell scripts in /etc/init.d/ |
Unit files in /etc/systemd/system/ |
| Parallel start | Sequential | Parallel (dependency graph) |
| Service logging | Separate log files | Unified journal (journalctl) |
| Socket activation | No | Yes |
| Boot speed | Slow | Fast |
38. How do you write a systemd service unit?
# /etc/systemd/system/myapp.service
[Unit]
Description=My Application
After=network.target
Wants=network-online.target
[Service]
Type=simple
User=appuser
WorkingDirectory=/opt/myapp
ExecStart=/opt/myapp/bin/server --port 8080
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5s
StandardOutput=journal
StandardError=journal
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
systemctl daemon-reload # reload unit files
systemctl start myapp
systemctl enable myapp # auto-start on boot
systemctl status myapp
journalctl -u myapp -f # follow logs
39. How do you check logs with journalctl?
journalctl -xe # recent logs with context
journalctl -u nginx # logs for nginx unit
journalctl -u nginx --since "1 hour ago"
journalctl -f # follow (like tail -f)
journalctl -p err # error priority and above
journalctl --disk-usage # total journal size
journalctl --vacuum-time=7d # delete logs older than 7 days
Kernel & Boot
40. How does the Linux boot process work?
- BIOS/UEFI — hardware initialization, POST
- Bootloader (GRUB2) — loads kernel + initramfs from disk
- Kernel — mounts initramfs, initializes hardware, loads drivers
- initramfs — temporary root FS with tools to mount real root
- Real root filesystem mounted
- init/systemd (PID 1) starts services per dependency graph
- Login prompt or display manager starts
41. How do you check kernel messages?
dmesg # all kernel messages (current boot)
dmesg | tail -20 # recent messages
dmesg -T | grep error # with timestamps, filter errors
dmesg --level err,crit # filter by severity
dmesg -w # follow live
# Persistent (systemd)
journalctl -k # kernel messages from current boot
journalctl -k -b -1 # kernel messages from previous boot
42. How do you manage kernel modules?
lsmod # list loaded modules
modinfo e1000e # info about a module
modprobe e1000e # load module (with deps)
modprobe -r e1000e # remove module
rmmod e1000e # remove without dep check
# Persistent loading: /etc/modules-load.d/
echo "e1000e" > /etc/modules-load.d/nic.conf
# Blacklist (prevent loading): /etc/modprobe.d/
echo "blacklist nouveau" > /etc/modprobe.d/nouveau-blacklist.conf
Performance & Monitoring
43. How do you diagnose high CPU usage?
top -b -n1 | head -20 # snapshot
# Sort by CPU: press 'P' in top
# Find the heavy process
ps aux --sort=-%cpu | head -10
# Get detailed CPU info
mpstat 1 5 # per-CPU stats (sysstat package)
# Profile which function is hot
perf top # live function profiling
perf record -g sleep 30 # record 30s
perf report # analyze
44. How do you diagnose high memory usage?
free -h # RAM and swap summary
cat /proc/meminfo # detailed memory stats
# Find memory hogs
ps aux --sort=-%mem | head -10
# Clear page cache (safe on production — kernel reclaims anyway)
sync && echo 1 > /proc/sys/vm/drop_caches
# OOM killer log
dmesg | grep -i "oom\|killed process"
journalctl -k | grep OOM
45. What is the load average?
Load average represents the average number of processes in a running or runnable state over 1, 5, and 15 minutes.
uptime
# 14:32:01 up 5 days, load average: 0.82, 1.05, 1.23
# ^1min ^5min ^15min
A load average equal to the number of CPU cores means fully utilized. Above that = overloaded.
nproc # number of CPU cores
Rule of thumb: load average / nproc > 1.0 → investigate.
Security
46. What is SSH key-based authentication and how do you set it up?
# Generate key pair (on client)
ssh-keygen -t ed25519 -C "alice@workstation"
# Copy public key to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub alice@server
# Or manually
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
# /etc/ssh/sshd_config hardening
PasswordAuthentication no
PermitRootLogin no
AllowUsers alice bob
ClientAliveInterval 60
ClientAliveCountMax 3
47. What is SELinux and AppArmor?
Both are Mandatory Access Control (MAC) systems that enforce security policies beyond standard Unix permissions.
| SELinux | AppArmor | |
|---|---|---|
| Used by | RHEL, Fedora, CentOS | Ubuntu, Debian, SUSE |
| Config | Labeling system (complex) | Path-based profiles (simpler) |
| Modes | Enforcing / Permissive / Disabled | Enforce / Complain / Disabled |
# SELinux
getenforce # Enforcing / Permissive / Disabled
setenforce 0 # switch to Permissive (temporary)
sestatus
audit2allow -a # generate policy from denials
# AppArmor
aa-status
aa-complain /usr/sbin/nginx # set to complain mode
aa-enforce /usr/sbin/nginx # set to enforce mode
48. How do you audit file access with auditd?
# Install and enable
systemctl enable --now auditd
# Watch a file for all access
auditctl -w /etc/passwd -p rwxa -k passwd_watch
# Watch a directory
auditctl -w /etc/ssh/ -p rwa -k ssh_config
# Query logs
ausearch -k passwd_watch -i # human-readable
aureport --summary # summary report
Tricky Questions
49. What is the difference between /dev/null, /dev/zero, and /dev/urandom?
| Device | Reads | Writes |
|---|---|---|
/dev/null |
Returns EOF immediately | Discards everything |
/dev/zero |
Returns infinite null bytes | Discards everything |
/dev/random |
True random (blocks if entropy low) | — |
/dev/urandom |
Cryptographically secure, non-blocking | — |
# Discard output
command 2>/dev/null
# Wipe a disk (overwrite with zeros)
dd if=/dev/zero of=/dev/sdb bs=1M
# Generate random password
head -c 32 /dev/urandom | base64
# Create 1GB zero-filled file (faster than dd for sparse FS)
fallocate -l 1G test.img
50. What happens when you type ls in the terminal?
- Shell reads
ls, searches$PATHdirectories for executable namedls - Found:
/bin/ls(or/usr/bin/ls) - Shell calls
fork()— creates child process - Child calls
execve("/bin/ls", ["ls", ...], envp)— replaces itself with ls - Kernel loads ls binary, sets up virtual address space
- ls calls
getdents()syscall to read directory entries from kernel - ls calls
stat()on each entry for metadata - ls writes formatted output to stdout (fd 1) → your terminal
- ls exits, child process terminates
- Shell calls
wait(), collects exit status, shows next prompt
Common mistakes
| Mistake | Problem | Fix |
|---|---|---|
rm -rf / |
Destroys entire filesystem | Use --no-preserve-root; better: use trash |
Forgetting "" around variables |
Word splitting on spaces | Always quote: "$var" |
chmod 777 on web files |
Remote code execution risk | Use 644 (files) / 755 (dirs) |
Using root for daily work |
Any mistake is catastrophic | Create unprivileged user |
Pipe to sudo tee instead of sudo echo > |
echo runs as user, redirection as user |
echo "text" | sudo tee /etc/file |
kill -9 first |
Process can't clean up | Try -15 (SIGTERM) first |
Editing /etc/fstab without testing |
Unbootable system | Always mount -a to test |
apt upgrade without update |
Stale package list | Always apt update first |
Linux vs other operating systems
| Feature | Linux | macOS | Windows |
|---|---|---|---|
| Kernel | Monolithic (Linux kernel) | Hybrid (XNU/Darwin) | Hybrid (NT kernel) |
| Package manager | apt/yum/pacman | Homebrew (third-party) | winget / Chocolatey |
| Filesystem | ext4, XFS, Btrfs | APFS | NTFS |
| Process model | fork/exec | fork/exec | CreateProcess |
| Config | Text files in /etc | plist files | Registry + text |
| Shell | bash, zsh, fish | zsh (default) | PowerShell, cmd |
FAQ
Q: What is the difference between su and sudo?su switches to another user entirely (requires that user's password). sudo runs a single command with elevated privileges (requires your own password, based on /etc/sudoers rules). Prefer sudo because it's audited and more granular.
Q: How do you recover from a forgotten root password?
Boot into rescue/single-user mode (add init=/bin/bash or rd.break to kernel parameters in GRUB), remount root as read-write (mount -o remount,rw /), then passwd root.
Q: What is the difference between > and >>?> truncates (overwrites) the file before writing. >> appends to the end of the file. Both create the file if it doesn't exist.
Q: What is a cron job and how do you set one up?
cron runs scheduled commands. Edit with crontab -e:
# ┌──min(0-59) ┌──hour(0-23) ┌──day(1-31) ┌──month(1-12) ┌──weekday(0-7)
# │ │ │ │ │
30 2 * * 0 /opt/backup.sh
# Every Sunday at 02:30
Q: What is the /proc filesystem?/proc is a virtual filesystem exposing kernel and process information as files. Nothing is actually stored on disk — it's generated on-the-fly by the kernel. Examples: /proc/cpuinfo, /proc/meminfo, /proc/<pid>/status, /proc/sys/ (tunable kernel parameters via sysctl).
Q: What is the difference between exec and running a command normally in bash?exec command replaces the current shell process with command (no fork). Normal command execution forks a child process. Use exec in wrapper scripts when you don't need to return to the shell after.