This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Thursday, September 21, 2017

Linux Interview Questions on Boot Process and other Stuff - Linvirtshell

1) What is GRUB Boot Loader.

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader.Boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software. The kernel, in turn, initializes the rest of the operating system (e.g. GNU)

2) Explain Linux Boot Process

Press the power button on your system, and after few moments you see the Linux login prompt.Have you ever wondered what happens behind the scenes from the time you press the power button until the Linux login prompt appears?

The following are the 6 high level stages of a typical Linux boot process.


BIOS stands for Basic Input/Output System

Performs some system integrity checks

Searches, loads, and executes the boot loader program.

It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.

Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.

So, in simple terms BIOS loads and executes the MBR boot loader.

b. MBR

MBR stands for Master Boot Record.

It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda

MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.

It contains information about GRUB (or LILO in old systems).

So, in simple terms MBR loads and executes the GRUB boot loader.


GRUB stands for Grand Unified Bootloader.

If you have multiple kernel images installed on your system, you can choose which one to be executed.

GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.

GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).

Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS.






title CentOS (2.6.18-194.el5PAE)

root (hd0,0)

kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/

initrd /boot/initrd-2.6.18-194.el5PAE.img

As you notice from the above info, it contains kernel and initrd image.

So, in simple terms GRUB just loads and executes Kernel and initrd images.

d. Kernel

Mounts the root file system as specified in the “root=” in grub.conf

Kernel executes the /sbin/init program

Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a ‘ps -ef | grep init’ and check the pid.

initrd stands for Initial RAM Disk.

initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware.

e. Init

Looks at the /etc/inittab file to decide the Linux run level.

Following are the available run levels

0 – halt

1 – Single user mode

2 – Multiuser, without NFS

3 – Full multiuser mode

4 – unused

5 – X11

6 – reboot

Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.

Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level

If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.

Typically you would set the default run level to either 3 or 5.

f. Runlevel programs

When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level.

Depending on your default init level setting, the system will execute the programs from one of the following directories.

Run level 0 – /etc/rc.d/rc0.d/

Run level 1 – /etc/rc.d/rc1.d/

Run level 2 – /etc/rc.d/rc2.d/

Run level 3 – /etc/rc.d/rc3.d/

Run level 4 – /etc/rc.d/rc4.d/

Run level 5 – /etc/rc.d/rc5.d/

Run level 6 – /etc/rc.d/rc6.d/

Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.

Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.

Programs starts with S are used during startup. S for startup.

Programs starts with K are used during shutdown. K for kill.

There are numbers right next to S and K in the program names. Those are the sequence number in which the programs should be started or killed.

For example, S12syslog is to start the syslog deamon, which has the sequence number of 12. S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program will be started before sendmail.

There you have it. That is what happens during the Linux boot process.

For Detail : Please refer linux boot process

3) Which files are called for user profile by default when a user gets login

$HOME/.bash_profile, $HOME/.bash_bashrc

4) Which file needs to update if srequired to change default runlevel 5 to 3

File is /etc/inittab and required to change below lines:

id:5:initdefault: to id:3:initdefault:

5) What command used for showing user info like Login Name, Canonical Name, Home Directory,Shell etc..

FINGER command can be used i.g; finger username

6) What is inode number

An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An

inode stores basic information about a regular file, directory, or other file system object

iNode number also called as index number, it consists following attributes:

File type (executable, block special etc)

Permissions (read, write etc)



File Size

find out the inode number using ‘ls -il’ command then run below command

find . -inum inode_number -exec rm -i {} \;

7) How can we increase disk read performance in single command

blockdev command

This is sample output – yours may be different.

# Before test

$ blockdev –getra /dev/sdb


$ time dd if=/tmp/disk.iso of=/dev/null bs=256k

2549+1 records in

2549+1 records out

668360704 bytes (668 MB) copied, 6,84256 seconds, 97,7 MB/s

real 0m6.845s

user 0m0.004s

sys 0m0.865s

# After test

$ blockdev –setra 1024 /dev/sdb

$ time dd if=/tmp/disk.iso of=/dev/null bs=256k

2435+1 records in

2435+1 records out

638390272 bytes (638 MB) copied, 0,364251 seconds, 1,8 GB/s

real 0m0.370s

user 0m0.001s

sys 0m0.370s

8) Command to change user password expiration time

CHAGE command

9) Command used to lock user password

usermod -L username

10) How many default number of Shells available and what are their names?


11) Which file defines the attributes like UID, PASSWORD expiry, HOME Dir create or not while adding user


12) Command used for changing authentication of linux system to LDAP/NIS /SMB/KERBOS


13) Command used for changing the attributes of any file


14) What is the path of network (ethX) configuration files


15) How can we change speed and make full duplex settings for eth0

We can do this with below given 2 methods:

ethtool -s eth0 speed 100 duplex full

ethtool -s eth0 speed 10 duplex half


mii-tool -F 100baseTx-HD

mii-tool -F 10baseT-HD

16) File which stores the DNS configuration at client side


17) Main configuration file and command used for exporting NFS directories and it’s deamons

/etc/exports and exportfs -av , deamons are quotad, portmapper, mountd, nfsd and nlockmgr/status

18) What is command to check ports running/used over local machine

netstat -antp

19) What is the commands to check open ports at remote machine


20) What is the difference between soft and hard links

Soft Links =>
1) Soft link files will have different inode numbers then source file
2) If original file deleted then soft link file be of no use
3) Soft links are not updated
4) Can create links between directories
5) Can cross file system boundaries

Hard Links =>
1) Hard links will have the same inode number as source file
2) Hard links can not link directories
3) Can not cross file system boundaries
4) Hard links always refers to the source, even if moved or removed

21) How to setup never expired user password

chage -E never username

22) Restricting insertion into file if full permission are assigned to all

chattr +i filename

23) Display or Kill all processes which are accessing any folder/file

Display User who are using file/folder : fuser -u file/folder

Kill All Processes which are using file/folder: fuser -k file/folder

24) Kill any user’s all processes

killall -u username

25) How can we have daily system analysis and reports over mail
Use logwatch

26) How can we rotate logs using logrotate without performing any operation like move and gzip’ng over original file and then creating new file (which is very lengthy process)

We can use “logrotate”‘s “copytruncate” option which will simply copy original file and truncate original file.

27) Command to collect detailed information about the hardware and setup of your system

dmidecode , sysreport

28) Command to check PCI devices vendor or version

Ans : lspci

29) What is the difference between cron and anacron

Cron :

1) Minimum granularity is minute (i.e Jobs can be scheduled to be executed every minute)

2) Cron job can be scheduled by any normal user ( if not restricted by super user )

3) Cron expects system to be running 24 x 7. If a job is scheduled, and system is down during that time, job is not executed

4) Ideal for servers 

5) Use cron when a job has to be executed at a particular hour and minute

Anacron :

1) Minimum granularity is only in days

2) Anacron can be used only by super user ( but there are workarounds to  make it usable by normal user )

3) Anacron doesn’t expect system to be running 24 x 7. If a job is scheduled, and system is down during that time, it start the jobs when the system comes back up.

4) Ideal for desktops and laptops

5) Use anacron when a job has to be executed irrespective of hour and minute

30) Default Port numbers used by   ssh, ftp, http, https, telnet, smtp, pop3, pop3s, imap,imaps

SSH 22, ftp 20/21, http 80, https 443, SMTP/SMPTS 25/465, POP3/POP3S 110/995, IMAP/IMAPS 143/993

31) How to setup ACLs in following case:

First we need mount the file system as ACL supported.
1) Create a file FILE1 and this should be read,write,executable for all user but Read only for user USER1

2) Copy FILE1 ACLs to FILE2 ACL

3) Delete a USER1′s rule for FILE1 which were setup in step 1)

Ans 1) touch FILE1 ; chmod 777 FILE1 ; setfacl -m u:USER1:r FILE1

2) getfacl FILE1 | setfacl –set-file=- FILE2

3) setfacl -x u:USER1 FILE1

32) How to make USB bootable?
Write efidisk.img from RHEL 6 DVD images/ subdirectory to USB

dd if=efidisk.img of=/dev/usb (usb device name)

33) How can we check disk/device status/failure/errors using smartctl utility?
Try following to check:

Enable/Disable SMART on device/disk : smartctl -s on /dev/sda

Check device SMART health : smartctl -H /dev/sda

Check device SMART capabilities : smartctl -c /dev/sda

Enable/Disable automatic offline testing on device : smartctl -o on/off /dev/sda

Show device SMART vendor-specific Attributes and values : smartctl -A /dev/sda

Show device log [TYPE : error, selftest, selective, directory,background,

scttemp[sts,hist]] : smartctl -l TYPE /dev/sda

Run test on device [TEST: offline short long conveyance select,M-N pending,N

afterselect,[on|off] scttempint,N[,p] : smartctl -t /dev/sda

34) Disable ping to avoid network/ICMP flood

Set following in /etc/sysctl.conf : net.ipv4.icmp_echo_ignore_all = 1

Then “sysctl -p”


echo “1″ > /proc/sys/net/ipv4/icmp_echo_ignore_all

35) What is SYN Flood, ICMP Flood

SYN Flood : A SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a fake/forged sender address. Each of these packets is handled like a connection request, causing the

server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet(Acknowledge), andwaiting for a packet in response from the sender address(response to the ACK Packet). However,

because the sender address is forged, the response never comes. These half-open connectionssaturate the number of available connections the server is able to make, keeping it from responding tolegitimate requests until after the attack ends

No comments:

Post a Comment