[-]

eodchop@reddit

List 4 reasons while a writable file system errors out when attempting to write to it. You check du and it shows there is plenty of space.

[-]

I've been a sysadmin for 25 years and never had this issue. The comments below make it seem like this happens often, and maybe I've been lucky, but inode exhaustion would not be the first thing I would think of.

[-]

Apparently, they work the same (allocated at filesystem creation, and so, if the default ratio is used, the number is the same, but ext4 is more efficient. I asked an AI, cause I didn't know offhand:

ext2/ext3: These filesystems allocate a fixed number of inodes at creation, determined by the inode ratio (default: one inode per 16KB of disk space). For a 500GB filesystem, with a default ratio, approximately 32 million inodes are created (500GB ÷ 16KB). This is fixed and cannot be changed without reformatting. ext3 is similar to ext2 but adds journaling.
ext4: Similar to ext3, ext4 uses a fixed inode count set at creation, with a default ratio of one inode per 16KB, yielding about 32 million inodes for 500GB. However, ext4 supports dynamic inode allocation in some cases, allowing more efficient use of inodes, and it can handle larger filesystems and files.

This could be wildly incorrect, or there might be subtleties that I don't know... it is an AI after all, but all I know is that I never ran into inode limits.

[-]

mgedmin@reddit

That's why it's so surprising when it happens.

(I had it happen to me once, because I made a mistake and ran mkfs.ext2 with the option to optimize for large files, which reduces the number of available inodes.)

[-]

GreenHairyMartian@reddit

Depends on the environment.

Ive had it happen a few times in the 10years I've been involved in production Linux systems.

Usually been on NFS mounts, or on stupid web servers that write a bunch of tiny files, but never clean themselves up.

[-]

manapause@reddit

Running 300+ LEMP asset/erp portal applications for customers on a single instance, storing user uploads locally. Customers in big organizations had uploaded 30K+ files, as well as some issues with application-specific log rotations. A great lesson in accommodating power users. Also AWS Linux inodes (ulimit) settings were pretty.conservative back then.

“df -i” alerting is easy to set up, don’t let it happen to you! (Also use S3 for uploads if you can.)

[-]

Derp_turnipton@reddit

I found 4 without including this.

[-]

minektur@reddit

disk space
out of inodes (depending on the fs type)
unexpected permissions (e.g. suid related)
SELinux very quietly denying simple and expected things

SEL has subtly wasted hours of my life - it defies my muscle memory of stuff to quickly check and it usually bites me on some service that is running but can't update logs or some other random thing that makes me think "config issue" for the application.

That's the first one I thought of.

Also permissions, bad disk, corrupt filesystem? Cosmic rays...

[-]

gzk@reddit

In addition to what everyone else has said, extended attributes (chattr / lsattr)

[-]

vainstar23@reddit

The file is write locked

The file is protected

There are not enough numa cores (not really no writes but slow writes)

There are not enough inodes

There is not enough space

There is a I/o failure

[-]

Emergency-Scene3044@reddit

What's the difference between a hard link and a soft link?"—brain went poof in the moment 😂 What was yours?

[-]

punkwalrus@reddit

I got one where it was obvious that they got the interview questions from a book and didn't know the context because they asked in weird ways.

"Suppose you have a web server, and it has no directory. What would you do?"

"What do you mean has no directory? Like the web server doesn't list files and you want it to on a web page?"

"No, in the cloud."

"And by the cloud you mean what? What is your end goal?"

"Don't over think it."

"I'd set the apache or nginx to list files in that directory."

"Passive or active?"

"Those are ftp terms, not web terms."

"But they are part of the kernel. The kernel's ftp."

"... I am not sure the context of this question. What are you trying to do?"

"Go to ftp.kernel.org. See?"

Easy

database { host: localhost; port: 3306; database: css; user: web; password: 12345; }

[-]

Wonderful_Device312@reddit

That's not the worst question actually. It's kind of a unique combination of creative problem solving and demonstrating an actual understanding of how various things work. It's more relevant to the job than any leetcode question at least.

I mostly do backend stuff but some ideas I came up with:

IE supported CSS expressions - aka JavaScript in CSS. Do a fetch to an endpoint that connects to the database or some other creative thing with JavaScript.

CSS's url function could be used to send get requests to various API's which effectively connects you to a database.

You could do some crazy CSS shenanigans and build a really shitty database in CSS and connect to that. I'm not a css wizard but I know it supports basic toggle like logic, which means you can implement logic gates, which means you can simulate any program... Kinda. Sorta. I think theres counters and other stuff too so... It might be even easier.

CSS custom properties maybe? But that's similar to css expressions.

GolemancerVekk@reddit

"Go to ftp.kernel.org. See?"

"See what, browsers stopped supporting FTP years ago."

"No no, it works fine in IE6."

[-]

k-phi@reddit

ftp.kernel.org. was shut down in 2017

Firefox stopped supporting ftp in 2021

[-]

Inquisitive_idiot@reddit

It’s in their IE6 offline files 😭

[-]

returns the specified digits of pi or returns appropriate errors if to is not a number, from is not a number, from < 0, to < 0, from > SOME ARBITRARY CONSTANT, to > SOME ARBITRARY CONSTANT, to < from, or the range to-from is too big

[-]

lazyant@reddit

I’d love to watch a sketch based on something like this, it’s hilarious

[-]

03263@reddit

Kind of reminds me of this

https://www.youtube.com/watch?v=BKorP55Aqvg

[-]

shrizza@reddit

Two YouTube channels you might enjoy: * Programmers are also human * KRAZAM

[-]

vainstar23@reddit

Lol I would have trolled

Your answer reminds me of an interview I once had with a very rude IT manager in Gibraltar. There was also an Indian guy asking the technical questions, but he didn’t seem to know much more than the manager.

There was a bit of a language barrier with both of them, too

[-]

inbetween-genders@reddit

Some of the interviewers remind me of that scene where it’s a British 3 vs a German 3. The questions are all wacky then you realize they aren’t from the area.

[-]

cdn-sysadmin@reddit

An enterprising young junior sysadmin has run the the following command on a production system:

chmod -x /bin/chmod

Without rebooting into a LiveCD how would you fix this?

[-]

-rwsr-xr-x@reddit

Without rebooting into a LiveCD how would you fix this? (How would you make chmod executable again?)

I've used, and had this question on so many interviews, and so many people have Google'd solutions, I tend to exclude all the obvious ones that they haven't directly tried themselves.

I have one I used on an interview years ago, and the interviewer said "Your answer won't work.", because his own Google'd search result, didn't include my solution, so he blindly excluded it.

Until I said: It works. Try it, or I can show you right now.

He did. He realized it works. I told him not to just trust Google, but to always "test your assumptions".

I got the job.

The answer?

cp /usr/bin/ls /var/tmp/chmod
cat /bin/chmod > /var/tmp/chmod
/var/tmp/chmod --version

chmod (GNU coreutils) 8.32

Copyright (C) 2020 Free Software Foundation, Inc.

cp /bin/chown /bin/chmod.tmp cp /bin/chmod /bin/chmod.tmp

cp /bin/chmod /bin/chmod.tmp install -m 755 /bin/chmod.tmp /bin/chmod

[-]

BlackPignouf@reddit

Couldn't Perl or Python delegate chmod to /bin/chmod?

I don't get the third one. Shouldn't the second cp be a cat?

[-]

Dolapevich@reddit

I thought the reinstall package option, but I am not sure if chmod is a dependency for that. Most likely it will use install so it should work.

[-]

mgedmin@reddit

I'm pretty sure apt/dpkg/rpm call the libc fchmod() APIs directly instead of shelling out to an external /usr/bin/chmod or /usr/bin/install for each file.

Postinst scripts might break, if they invoke chmod. There are a number of these on my system:

$ grep -l chmod /var/lib/dpkg/info/*.{pre,post}{inst,rm}|wc -l
169

but coreutils itself doesn't have any of those.

i've encountered this question and i've asked this question

i like it because there are quite a few valid solutions

[-]

It's funny how sometimes your brain looks for the hard answer instead of the simplest and most obvious - just reinstall the stupid package. As for dpkg:

apt install --reinstall <pkg>

[-]

Catenane@reddit

Also, obligatory https://xkcd.com/356/

Thanks for nerd sniping me, lol.

[-]

Catenane@reddit

So yeah that was my obvious first thought, but I actually tried that in a container—and with a fresh container (and thus empty package cache), you can't update the cache after chmodding chmod, making it impossible to --reinstall. Apt-key calls chown in a few places and pulling repos fails if it can't do so. There may be an option to ignore/override. Now the interesting part is after cleaning the cache, it'll still work if you've initialized. That's because of an (lz4 in my case) compressed archive description file for the repo in /var/lib/apt/lists. That doesn't get deleted with an apt clean, but if you delete it again, you can't --reinstall anymore.

It's such a contrived example, but something you can definitely walk away from with some extra knowledge after playing around a bit, haha. In this case it's almost certainly due to deletion of as much as possible to shrink the base container, but I feel like this contrived problem could make sense in the context of containers anyways.

[-]

lordgurke@reddit

I do that one, too.

The most straightforward solution: >!Use busybox's builtin chmod to fix it.!<

Some other solutions I was presented:

cp -p /bin/bash /bin/chmod2 && cp -a /bin/chmod /bin/chmod2
dd if=/dev/zero bs=1M count=1 of=/tmp/fs.bin && mkfs.vfat /tmp/fs.bin && mount -m -o umask=000 /tmp/fs.bin /tmp/vfatfs && cp /bin/chmod /tmp/vfatfs && /tmp/vfatfs/chmod +x /bin/chmod
gdb /bin/chmod --args +x /bin/chmod and type run

[-]

mcd1992@reddit

Only way I can think of is invoking ld-linux.so with chmod as an arg. Any other trick for it?

[-]

ChowSaidWhat@reddit

chmod -x /usr/bin/chmod.

fix it. No internet, no CDs, no python, nothing, use just OS commands.

[-]

bqw74@reddit

ouch!

[-]

bqw74@reddit

Give me a shell 1-liner that find and prints out the 10 most common words in the bash manpage with a count.

Answer:

! man bash | tr -cs '[:alpha:]' '[\n*]' | sort | uniq -c | sort -rn | head !<

[-]

punklinux@reddit

The hardest I ever got were weird trivia questions about Linux and UNIX history. Like:

The original UNIX was written in assembly for which specific hardware, and what was one of the major technical limitations of that system?
List 5 limitations of the original UART.
What was the notable bug in the Linux 1.x kernel series?
Which Linux distributions predate Red Hat Enterprise editions?
If I were to get the message, "lp0 on fire," what might that mean?

PDP-11?
Don't know
Don't know, but there was a big in the driver for a scsi card a had that I tracked down in the 0.97 kernel and submitted to the maintainer at unc
Slackware, redhat not enterprise, Debian? I can name close to a dozen non Linux unices I've worked on
Your printer is offline

[-]

WiseassWolfOfYoitsu@reddit

They started on PDP-7 but PDP-11 is where it really got going. The big technical limitation was disk space. The PDP-7 supported one disk pack with an astounding 1.5MB of storage, which wasn't quite enough. The PDP-11 supported... gasp... TWO 1.5MB disk packs!

This is also why /bin and /usr/bin are separate plus the origin of /home. Originally /bin was binaries and /usr was user storage, but they ran out of space for binaries and so /usr/bin had user executables not needed to boot. Then they made /home for user personal files because /usr became full of binaries.

[-]

maryjayjay@reddit

Nice! TIL

[-]

catonic@reddit

The original UNIX was written in assembly for which specific hardware, and what was one of the major technical limitations of that system?

I've read about that, and he owes me two beers now. One because I had to remember the 3B series, and another to erase the pain of recalling the memory.

Go read about it if you want to have some sort of down-the-rabbit-hole chase of the white rabbit like The Matrix into a world of layered emulation and virtualization. There is a reason why the NSA has people who are damn good at telco stuff and it's in there. Any sane person wouldn't let that stuff within the effective blast radius of nuclear weapons to themselves.

List 5 limitations of the original UART.

Clock speed options, buffer size, interrupts (8-bit originally, so Interrupts 2-7, and serial data speed (IIRC 38400, 57600, and 115200 were sketchy).

What was the notable bug in the Linux 1.x kernel series?

Don't remember other than F0 0F C7 C8. Pentium.

Which Linux distributions predate Red Hat Enterprise editions?

RH, Slackware, Debian, SUSE, I think Yellow Dog as well. I'm sure I'm missing a few.

If I were to get the message, "lp0 on fire," what might that mean?

IIRC you have something going very wrong with interrupts associated with the printer port.

[-]

-rwsr-xr-x@reddit

Which Linux distributions predate Red Hat Enterprise editions?

I still have ALL of those versions, running as VMs on my infra (in a suspended state, of course). I also have versions of Windows 1.0, 2.0, 2.2, Microsoft OS/2 (before they sold it to IBM), every version of DOS (including FreeDOS), Windows, BSD, Linux (every distro), and many others.

Lots of versions pre-date RHEL, including the former Red Hat Linux versions.

Yggdrasil (my very first Linux ever)
Slackware Linux
Several Debian releases
SuSE Linux
Mandrake
Ench/Gentoo

All of these and more, predate RHEL which began in 2002.

I still have several of the 6-cd boxed sets from the "Linux Developer Connection", which includes full versions of all of these, full ftp archives of funet.fi and sunsite.

Those were fun time!

[-]

WiseassWolfOfYoitsu@reddit

I know people who could answer all of those, but they'd be so close to retirement I don't think they'd be job shopping!

I could do 2.5 of them? I know some history but Linux 1.x stuff is dang old...

[-]

HeligKo@reddit

It wasn't the hardest, but it cracked me up. "Do the alphabet in linux commands like you were writing a childrens book"

A is for at b is for bzip c is for cat d is for dd e is for export

rockandrollalice@reddit

ifconfig is the only one that comes to my mind starting with i

[-]

dig-it-fool@reddit

Bah, of course it's one I've typed a thousand times, as well as ip.

I originally looked on my Mac and just overlooked it, now looking on an actual Linux machine I see a lot more I use /used frequently

if
id
Ifdown
Ifup
Iptables

[-]

420GB@reddit

See I was debating whether shell built-ins like echo or if would count and decided against it. But I also definitely had to resort to some tools that definitely aren't preinstalled on most server systems too lol

[-]

cullor@reddit

I haven't used ifconfig for ages. "ip -br a" is my go-to unless I'm looking for the MAC.

[-]

Easy:

ä
ü
ö
ß
ç
ï

[-]

420GB@reddit

Easy:

ä
ü
ö
ß
ç
ï

[-]

HeligKo@reddit

Now there is a question that eliminates 90% of guys with a ton of experience with no good applicable skill attached to it.

[-]

doubled112@reddit

If somebody asks something like that I always hope they’re looking for effort and thought process.

Oh god... I suck and pulling shit out of my memory at random like this. I would suck at this task.

There also interrupt handlers. Generally when various pieces of hardware need attention from the kernel they can "raise an interrupt" to ask the system to stop what it's doing and deal with their situation. These handlers are another entry point into the kernel.

There are more, but that's the general idea.

[-]

dig-it-fool@reddit

I've been using Linux for 20 years and I can name 0.

After typing that, I did the math and it's been nearly 30 years, damn I am getting old.

[-]

cknipe@reddit

I don't know that I did particularly well on that question. Off the top of my head I knew syscalls and interrupt handlers. Past there I was encouraged to speculate, and speculate I did... Didn't get the job in the end.

[-]

excludingpauli@reddit

Implement a basic version of ps using only bash natives.

[-]

rockpunk@reddit

Yuck. How do you list files in a bash native way? If you assume basic coreutils commands and procfs, it could be as simple as ls /proc/*/cmdline and xarging into cat

What was the interviewer looking for?

[-]

excludingpauli@reddit

Yeah I think so, but I didn't get that job partly on account of that question. I just asked ChatGPT for how to do it and this was its solution:

#!/bin/bash

# Read /etc/passwd into associative array (UID -> username)
declare -A uid_to_user

while IFS=: read -r user _ uid _; do
    uid_to_user["$uid"]=$user
done < /etc/passwd

# Print header
printf "%-8s %-5s %-8s %-s\n" "USER" "PID" "TTY" "CMD"

# Loop through numeric PIDs in /proc
for proc in /proc/[0-9]*; do
    pid=${proc##*/}

    # Skip unreadable processes
    [ -r "$proc/status" ] || continue

    # Get UID from status file
    uid=""
    while IFS= read -r line; do
        [[ "$line" == Uid:* ]] && {
            uid=${line#Uid:}
            uid=${uid%% *}
            break
        }
    done < "$proc/status"

    user="${uid_to_user[$uid]:-?}"

    # Get command
    cmd=""
    if [ -r "$proc/comm" ]; then
        IFS= read -r cmd < "$proc/comm"
    elif [ -r "$proc/cmdline" ]; then
        IFS= read -d '' -r cmd < "$proc/cmdline"
        cmd=${cmd//\0/ }  # Replace NULs with spaces
    fi
    cmd=${cmd:-[?]}

    # Get TTY by inspecting fd/0 symlink (pure Bash readlink logic)
    tty="?";
    fd0="$proc/fd/0"
    if [ -e "$fd0" ]; then
        link=$(readlink "$fd0" 2>/dev/null)
        [[ "$link" == /dev/* ]] && tty=${link#/dev/}
    fi

    printf "%-8s %-5s %-8s %-s\n" "$user" "$pid" "$tty" "$cmd"
done

[-]

greenFox99@reddit

Had an interview for system engineer role at Amazon. I had to take a scripting language of my choice to make algorithms.

I had two interesting questions: - Print all numbers from 1 to 10. - write a function that minify the path in argument (/var/../usr/bin//bash should return /usr/bin/bash)

The first was probably a warm-up to make me write a loop. But I went with seq 1 10 which does exactly that.

For the second part, I don't know how to make it programmatically clear, maybe regex, or cd or pushd based solution, there are many ways. The easiest I found so far is realpath "$1".

And I guess both commands come from coreutils. It is worth having a look to those commands, because it can save you some pain every day, and I guess if I ever do recruitment, I'll ask for coreutils commands.

[-]

-rwsr-xr-x@reddit

I had two interesting questions: - Print all numbers from 1 to 10.

How small can it be? :)

printf '%d ' {1..10}

or

echo {1..10}

or:

seq 10 # as you did

[-]

Hour_Ad5398@reddit

I would write

print '1 2 3 4 5 6 7 8 9 10'

and start observing his expression

[-]

pithivier@reddit

I had to stop asking "what's the difference between Linux and UNIX?" because not many people can answer it any more.

Candidate:
There’s no direct equivalent, but you could clear cache with sync; echo 3 > /proc/sys/vm/drop_caches or clean package manager caches with something like apt clean.

Interviewer:
Got it. So, what’s the Linux Registry called?

Candidate:
Uh... Linux doesn’t have a registry. Configuration is typically stored in plain text files under /etc/.

Interviewer:
Interesting. But where do you install .exe files then?

Candidate:
You don’t. .exe files are Windows executables. Linux uses ELF binaries — or you compile from source, or install via a package manager.

Interviewer:
Sure, but like, what’s the Linux version of msconfig? How do you set startup apps?

Candidate:
Startup processes are typically managed through systemd units or init scripts.

Interviewer:
(systematically ignoring)
Okay, next: when you open Linux, where’s the Start Menu?

Candidate:
Well, there’s no Start Menu. Different Linux desktop environments have different panels or docks, but the shell doesn’t have one.

Interviewer:
But if you can’t click Start, how do you reboot it?

Candidate:
...By typing reboot in the terminal?

Interviewer:
Wait, so no Task Manager? How do you Ctrl+Alt+Del?

Candidate:
You can use top, htop, or kill processes manually with kill commands.

Interviewer:
Alright. Last question:
How would you remove a Linux virus if you can’t open Windows Defender?

Candidate:
Generally, viruses aren’t a major threat on Linux if you follow best practices. But you could scan with ClamAV or, you know, not run random scripts from the internet.

Interviewer:
So, like... no Control Panel either?

Candidate:
(staring blankly)
No Control Panel.

Interviewer:
(leaning back, satisfied)
Wow. Linux sounds kinda limited compared to Windows.

Candidate:
(mentally updating resume mid-interview)

[-]

apathyzeal@reddit

98% of the ones I've received are really cookie cutter questions somebody googled.

"Where are crontab files stored"

"Have you ever compiled a kernel"

"Why would you use a dash after 'su'?"

The interview I had for my current position gave me some that I had to think about. I wouldn't necessarily call them hard, but they weren't bad questions and caught me off guard a little with their specificity and actual practicality. Here are two:

"Why would you choose a specific mpm in apache, and describe the common ones."

And

"Explain why you would choose tcp over udp, or vice versa, when configuring rsyslog."

locate -r some.*fucking.*thing | rg -i probably.in.this.dir

(With plocate, of course. Although at this point in time I think plocate is mostly default in sane distros) and then pipes from package manager rpm -ql/dpkg -L are also nice. And of course find/fd. We're gonna find what the fuck we're looking for one way or another is my motto. :P

[-]

mgedmin@reddit

And lsof to see where some random daemon is storing its logs.

[-]

Catenane@reddit

Haha. I have a whole lsof-proc script I use for that too to grep by command name, pull out PIDs, etc.

[-]

mgedmin@reddit

I have one that greps lsof output by filename, finds the file offset, stats to get file size, and then loops showing % of file size with an ETA, assuming that the program in question reads the file from start to end.

I use it as a substitute of a progress bar.

[-]

catonic@reddit

ls -laR /var/log

"Why would you use a dash after 'su'?"

I am a pedant when it comes to this one. I constantly see peers and customers on shared screen sessions do sudo -i, and think they're getting a root shell.

They're not.

Using:

sudo su -

vs.

sudo -i

Are not the same thing. Quite far from it, and the latter will eventually bite you if you're not aware of the difference. sudo su - is almost always the correct choice.

Hint: printenv > /tmp/$$ under each context, and then diff or meld the two files to compare.

[-]

Will-E-Coyote@reddit

I hate when people use sudo su -. And hate when people say this is the correct way to get a root shell.

[-]

-rwsr-xr-x@reddit

I hate when people use sudo su -. And hate when people say this is the correct way to get a root shell.

It's unfortunate you don't understand the difference. But at least there are manpages to help you educate yourself!

[-]

IHaveTeaForDinner@reddit

What do you consider the correct way?

[-]

Will-E-Coyote@reddit

I consider sudo -i as the correct method. This way it doesn't need to start a slightly misused su to get a login shell.

[-]

bmayer0122@reddit

I am only getting a difference of:

SUDO_GID=1000 
SUDO_COMMAND=/bin/bash 
SUDO_USER=$user 
SUDO_UID=1000

The above being in the sudo -i instance. How is that going to bite me?

[-]

mgedmin@reddit

Several years back various distros (Ubuntu specifically, probably also Debian) shipped a default /etc/sudoers that had PreserveRoot HOME by default. So when you did a sudo -s to get a root shell and then launched vim or something, your /home/notroot would have a bunch of files (.bash_history, .viminfo etc) owned by root:root, and you would notice things like bash and vim no longer preserving your non-root history.

(BTW I can't for the life of me remember the difference between sudo -s and sudo -i. I always used the -s version because it's mnemonic for "shell". I will now go look it up in the man page, again, and then forget in 30 seconds.)

[-]

jgo3@reddit

One of my favorites was, "How do you use cron?"

"With the crontab open in one terminal window and the man page open in the other."

"Whelp, that's how I do it!" makes a check on sheet

[-]

Catenane@reddit

By using a systemd timer because it's not 2004 lol

[-]

420GB@reddit

Yea I was gonna say this question is not that easy lol.

Last times I configured a cronjob was always through ansible but mostly I've been adjusting to systemd timers

[-]

jgo3@reddit

"Fuck you, kid, I got nothing to prove." --Jill Sobule

[-]

eightdigit@reddit

That man crons.

[-]

mcmx2@reddit

During an interview I was asked which command used to see the syscalls of a process (something like that).

I only knew how to use "strace command". I didn't know it could connect to a running process 😞

Yeah, pretty much + dangling images. I think it ended up being docker system prune -a -f --volumes. It was designed as a sort of XY problem - tl;dr reporters might make bad assumptions, what do.

After saying I'd investigate with df and du, that lead me back around to /var/lib/docker having gigs of dangling images and volumes. Don't think I was able to pull the switches out from memory but I explained the problem and passed.

[-]

ugadawg239@reddit

Do you like snaps?

[-]

mysterytoy2@reddit

How do you fix a server with a lost root password

[-]

Foxxthegreat@reddit

If it's a Rhel/centos 7 box with selinux enabled , reboot the box,

At the beginning of the boot process, at the GRUB 2 menu, type the e key to edit.

Then, go to the kernel line (the line starting with linux16) and add the following statements at the end: rd.break enforcing=0

then ctrl x to resume booting

  /# mount –o remount,rw /sysroot
  /# chroot /sysroot
  /#  passwd
  /# load_policy -i
  /# restorecon -v /etc/shadow
  /#exit
   reboot

[-]

-rwsr-xr-x@reddit

How do you fix a server with a lost root password

I can say, after interviewing no less than 900 separate candidates for Linux support roles over the last several years, that 95%+ of the candidates, even senior sysadmins who are asked this question, get this wrong.

The wrong answers include:

Enter rescue mode, mount the volumes, use passwd root
Boot from a LiveCD, mount the volumes, use passwd as root
Mount the / volume as 'rw' under init=/bin/bash, use passwd or passwd root
Mount the disks under a 'chroot', chroot into that path, and change the root password with passwd command

ALL of these are wrong.

The biggest issue here is that you're changing that server's authentication/authorization, which has the potential to restore login access, but break any other services/processes that may have knowledge of that password, or use it interactively (for example, Ansible playbooks).

The first and most important rule when fixing any system, restoring access, troubleshooting, is to change as little as possible to restore service to the host.

You can change the password using passwd, but without backing up shadow, you can't ever restore the system to its previous state.

The correct answers include:

Back up /etc/shadow (or all of /etc/), before making any changes with passwd
Determine if the authentication actually uses the root account (check auth.log or last -aix), then fix only if needed
Fix /etc/sudoers, so a known-good user now has access and authorization to sudo su - to the root user without knowledge of the root password.

Lots of ways to slice this that do not require altering the existing, unknown-to-you, root password hash.

[-]

thesaddestpanda@reddit

It’s bad practice to use root for things like ansible because you should be using service accounts. Most shops see changing the password as fine because they aren’t using root for everything.

[-]

catonic@reddit

it's running? restore from backup.

[-]

wulf_rtpo6338@reddit

Live CD

[-]

tenuki_@reddit

As a hiring manager i have tiers of questions and keep asking until I get wrong answers or don’t knows. I warn people first so they don’t feel they have failed, which they inevitably do. Only way to know someone’s skill level. From that experience over the years I’ve discovered that the holes in people’s knowledge tend to cluster around different things depending on their background. Really interesting and less important to me than exhibiting curiosity. I also ask them to rate their knowledge on a scale of 1-10 with 9 being Linus ( hinting how I scale and nobody’s knowledge is complete). Then I rate them after the questions and record both ratings. Bonus points for knowing what they don’t know and more bonus points for asking what the answer is. The people with the most accurate self assessment tend to be hired I’ve noticed. I can’t count the number of jr people who have claimed a 8-10 even after I state the scale and anchor.

I also google the question if it’s a phone interview. The number of people reading the top search hit word for word is frankly astonishing. They don’t make it past that interview.

Anyway, thought I would share from the other side of the question. Your wrong answers are not what I’m judging. ;)

[-]

Nebarik@reddit

Linus is 9?!

Who the hell would be a 10 then? This is why I hate the technical questions round of interviews. The interviewer never knows what the fuck they're talking about.

[-]

tenuki_@reddit

It may be you.

[-]

cocacola999@reddit

One of my go to questions no matter the level of skill I'm interviewing for is "what happens after you type google.com into your browser and press enter"

[-]

dmills_00@reddit

Intel used to ask what happens when you push the power button on a PC, then just kept asking for more details.

Great interview question because the candidate can take it any direction they like... If power supplies are your thing, you can go all the way down the switching supply design rabbit hole, if the system management and early boot is more your bag, you can go there, DDR initialization and PCI link training by all means, have at it, BIOS is fair game, wanna talk about getting the thing out of real mode, there is some depth there....

Great fun questions if you actually know any of this stuff in depth.

[-]

[-]

evild4ve@reddit

Lucy's younger brother.

[-]

bmayer0122@reddit

These questions tweak me, but I am seeing that they are common.

You bring up a good point that Linus isn't the know everything of Linux. Which brings up the question, What about Linux am I rating myself on?

* How some distro does something?

* How loading modules actually works?

* How to build a kernel, know what the compiler chain is actually doing?

* How it runs an ELF file?

* How many different types of permissions can we deal with on a network connected system and have it still fall under "My Linux machine isn't working"?

There is so much going on, at so many different levels the question is non-sense from the start. But that is why we ask questions.

[-]

uberduck@reddit

This guy interviews. And it's the good kind. I'd trust you getting a solid employee in!

[-]

Superb_Raccoon@reddit

Linus? The kid with the blanket?

[-]

Brru@reddit

Why can't I get reasonable interviewers like you. I hate the idea of claiming I'm an expert in anything, but that seems to be all anyone cares about; Perfection.

[-]

zapman449@reddit

"at a shell prompt, you type 'wget https://kernel.org'. What happens when you press ?"

I talked for a solid hour on DNS, IP connectivity to the local router, connectivity to the end host over the internet, TCP handshakes, TLS handshakes, HTTP protocol...

And I got the question wrong.

Because they wanted me to talk instead about shell fork-exec the wget binary, signal handling, process management, IPC mechanisms, etc.

(not that they ever TOLD me they were interested that rather than what I was talking about... )

roughly 2010 for a FAANG.

[-]

microlit@reddit

Similar to yours: “Tell me how /bin/ls works. Go as in depth as you can.”

I made it to dirent structs in the kernel before waving the white flag.

It was a really collaborative thought exercise. I liked it so much that I still use it in the rare event that I conduct an interview. Gives you a chance to work together and it quickly exposes a bullshitter. I’ve had people make up stuff with extreme confidence, and others get as far as the readdir() libc call and admit they couldn’t go any further.

The depth never mattered, it was the relationship made along the way.

[-]

zapman449@reddit

That’s the trick.

I love “tell me about something you’ve done in the last year that you’re proud of.”

I’ve got enough breath/depth that I can tell whether and how much they were involved in $thing.

[-]

Fazaman@reddit

I hate those questions because I forget all the cool shit I do a few seconds after I've done it.

Ask me later and all I'd be able to remember is the last time I did some boring update.

[-]

ganzzahl@reddit

Same problem for me. The instant anyone asks me about what kinds of cool projects I've worked on, or what I'm proud of, I instantly forget everything.

It's probably a matter of practicing interviewing, making myself a little less nervous – but also my memory is just shit

[-]

grievre@reddit

I like to ask "describe the boot-up process of any Linux system you are familiar with".

People invariably answer one of two ways:

They begin with the CPU coming out of reset and loading the stage 0 bootloader, and end with the kernel starting.
they begin with the kernel starting and end with the login prompt/X11/servers running.

I'm always looking for the candidate that gives an answer that crosses that boundary.

[-]

bdashrad@reddit

This is a good question, but the interviewer should be steering the candidate towards the area of focus for the role. Your answer isn't wrong, and if they wanted to know less about the network part of the answer and more about the system, a good interviewer would have redirected with something like "how about before the request even leaves the system" or similar.

[-]

NeverMindToday@reddit

You said you got the question wrong. That is more accurate than you may have intended.

ie right answer for the wrong question - but they made you guess what the question was. FFIW, I would've assumed it was network question too - if they were after OS level stuff they should've chosen something that just works locally.

[-]

zapman449@reddit

Either that or stopped me after 10 minutes to redirect…

[-]

ColdToast@reddit

Not sure if it's same for these, but FAANG SWE interviews can ask questions in vague ways expecting you to start by clarifying the context.

It's useful because it shows what areas you have an understanding of and, presumably, could drill down deeper in. Also an indicator that you won't just take one approach to problems, but consider possibilities.

That being said, since you were clearly well-versed in the route you were exploring they should have nudged you given they had a specific goal in mind

[-]

Thick_You2502@reddit

how to use lsof to identify files owned by zombie processes? what's is an i-node?

[-]

grievre@reddit

Here are questions I ask software engineering candidates and many of them get it wrong despite having years of experience with "Linux":

What does Linux do when it runs out of memory?
What is an inode?
What's the difference between a hard link and a symbolic link?
What is a partition?
How do drivers for USB devices get loaded?

[-]

michaelpaoli@reddit

Hmmm, can't recall many specifically that were all that tough. Perhaps a somewhat esoteric networking question that wasn't even at all specifically Linux - in fact wasn't reaally a Linux question at all ... unless perhaps one was using Linux as a router or the like, then perhaps might be considered a Linux question.

Anyway, some I've asked, and challenges I've run across (and done):

If you have a file that is named precisely, without the quotes (the part inside such): "-rf *" how do you safely remove only and exactly that file?
if a non-root user ID launches a fork bomb, intentionally or otherwise (e.g. code bug), how do you signal all that ID's processes at once without it being race condition that does or may fail to signal all their processes?
If you've got large storage device in active use - e.g. a large hardware RAID device, and you want to migrate that storage to other device, e.g. software RAID such as md RAID, how can you do that while minimizing the time that storage data is unavailable (and, yeah, did another proof-of-concept demo run of that quite recently)
So, df says the filesystem is full or nearly full, but using du as root, on the mount point of the filesystem doesn't come anywhere close to approximating accounting for all that storage. Give explanations for the discrepancy. Bonus points for giving two or more entirely distinct cases of things that could fairly easily or even commonly happen. And in the case of >!unlinked file(s)!<, give at least 2 possible ways to locate them, bonus points for giving three or more ways. In the case of >!overmounts!<, how can one fix that without first >!unmounting!< the filesystem?
rfkill - how do you check those settings or change them without the rfkill command - just standard basic Linux utilities and such available, nothing more, and not using Network Manager or anything nearly so complex.
If a file has permissions for the owner, not the group owner, and also has permissions for world/other, and you're not the owner and not a member of the group, do you have permission (r, w, and/or x, as applicable) to that file? And explain why that's the case.
Explain why an exceedingly large number of small files directly in a single directory is very inefficient for space storage considerations, at least for most common filesystem types (and their options). Explain also why that's generally a major performance issue when operating on that directory. If one removes most all the files from such a directory, do most or all those problems go away? If not, explain, and explain how to correct that. What about the case if it's the root (top level directory) of that filesystem?
You've got a modern drive. It's developed an unrecoverable read error on one single sector - the rest of the drive reads perfectly fine. How exactly could you isolate exactly where and how that block is used on that drive? Let's say you've isolated it to one particular large file - say it's a DVD ISO image. Let's say you've got another copy of that file, or the original DVD itself, and have copied out from it the one single block that needs to be repaired. How can you repair that block within the damaged file while not changing any other blocks in that file - notably not writing or rewriting any of the other blocks? Would that actually fix the problem on the drive, or have you now just chased that problem to elsewhere on the drive? How could you actually fix the problem on the drive itself - presume the drive has no shortage of spare reserved blocks.
without lsof, how do you determine the binary file that's executing for a given PID? Same question, but the binary that's still executing, that binary executable was removed - can that actually happen where the binary then still runs, and if so, what exactly does that look like? Can one recover a copy of that binary in such a case?

(more to follow)

[-]

michaelpaoli@reddit

(continued from my comment above)

Edit-in-place. Explain the differences between a true edit-in-place, that changes the file itself, vs. one that replaces the file. Explain the advantages and disadvantages of each. Give at least one example of how to accomplish each method.
Fully explain the standard base UNIX/Linux file permissions for at least non-ancient implementations thereof. Don't included ACLs and extended attributes that may be available on some filesystems, but just what's included per POSIX. Include not only explaining SGID on directories, but how that varied historically going back at least to the preceding common implementations on that and how they varied/differed. Be sure to explain also the full mapping of all 12 of these permission bits. Don't forget to well cover, e.g., what "execute" permission on a directory does/doesn't do. Also give examples of what happens when a directory has execute but not read, or read, but not execute - in such cases, exactly what access does one have and not have and what information can and can't one get. Bonus - there are further higher level bits for a file in the filesystem structure - explain what the next group of bits do (the next higher set of bits as returned by, e.g. stat(2) or lstat(2)).
Tell me about ssh certificates. Yes, ssh, not ssl, and not keys, but certificates.
rsync - two large files, same permissions, length, and mtime, but their content differs. If you use rsync to ensure that the 2nd of those files matches the first, do you have to use any non-default options for that to actually ensure that the file contents will get matched? Explain.
Explain, atime, mtime, and ctime. Bonus, for filesystems that support btime, explain that also. If one can do so, how can one set/change: atime? mtime? ctime? btime? Bonus: explain how to change the ctime of a file to a given arbitrary legitimate timestamp. Extra bonus: give at least two quite distinct ways to do that.
Explain what eval does in shells that are (or can be) POSIX compliant (e.g. dash, bash, etc.). Give at least one example usage. Same question, except for exec.
Likewise on shells, explain exactly what is substituted in for $() or ``, be sure to be fully accurate regarding ending newline(s) or trailing empty lines or lines that only contain space characters. What if either of those are within " (double quote) characters? What difference, if any, does that make, and in what contexts? Also explain the difference between $() and `` and why it's often preferable to use the former rather than the latter.
how can you create a file with a newline character in the name of the file?
To merely create a file, folks often give example using the touch command. In standard shells, how can one do that much more concisely, and without using any external command at all.
Some daemon process is running, you have it's PID. How do you determine what file(s), if any, it's using for stdin, stdout, and stderr, and without using the lsof command.
for any block device, how can you determine its precise size, without reading it?
two block devices under /dev have the same major and minor number. Are they the same device? Are they the same file? Explain.
For a given device under /dev, how can you locate all files / pathnames under /dev that refer to the same device?

[-]

mgedmin@reddit

Edit-in-place. Explain the differences between a true edit-in-place, that changes the file itself, vs. one that replaces the file. Explain the advantages and disadvantages of each. Give at least one example of how to accomplish each method.

I would probably suggest reading Vim's :help on the 'backupcopy' option. If pressed: one is creating a new file + renaming on top of old file; the other is truncating the old file and then overwriting it with data (or overwriting and then truncating). The difference is (1) what happens if the program crashes in the middle of the write, and (2) what happens if some other program still has that file open. E.g. one method works for replacing executables that are currently being executed while the other fails with EBUSY. Another e.g. is crontab -e that wants the same file back and not a new one with the same filename.

Fully explain the standard base UNIX/Linux file permissions for at least non-ancient implementations thereof Include not only explaining SGID on directories, but how that varied historically going back at least to the preceding common implementations on that and how they varied/differed.

And this is where I would get stuck, because I don't know (and don't much care).

The rest of this I think I know, except for practical effect of dr--r--r-- directory permissions. You can ls but not stat/open the files inside?

Tell me about ssh certificates. Yes, ssh, not ssl, and not keys, but certificates.

All I know is that they exist and can be used to grant access without adding each key into authorized_keys.

rsync - two large files, same permissions, length, and mtime, but their content differs. If you use rsync to ensure that the 2nd of those files matches the first, do you have to use any non-default options for that to actually ensure that the file contents will get matched?

I'm pretty sure I do, because rsync has optimizations. The man page says the option is --checksum/-c.

Explain, atime, mtime, and ctime.

Last access (with digression about mount -o noatime/relatime), last modification (of file contents), last inode change (eg. chmod/chown). I remember doing experiments checking if opening a file for write/append access and writing zero bytes to it changes the mtime. (IIRC it doesn't.)

Bonus, for filesystems that support btime, explain that also.

Inode creation ("birth") time. When I last investigated it seemed a very non-standard thing with almost no POSIX APIs exposing it, requiring debugfs and such to see on ext2. I now see that even tools like ls can show birth times.

If one can do so, how can one set/change: atime? mtime?

/bin/touch, or the utimes() syscall.

ctime?

umm, chmod?

btime?

create a new file, move it on top of the old one?

Bonus: explain how to change the ctime of a file to a given arbitrary legitimate timestamp.

Ooh, is that possible? Without temporarily changing the system clock? Or fiddling with debugfs/banging bits on an unmounted filesystem?

Extra bonus: give at least two quite distinct ways to do that.

The above (changing system clock + debugfs).

Explain what eval does in shells that are (or can be) POSIX compliant (e.g. dash, bash, etc.). Give at least one example usage.

Evaluate its parameters as a shell command in the current shell.

eval "$(ssh-agent)"

Same question, except for exec.

Replace the current shell process with a new process running the specified command. All of my wrapper scripts that, idk, set extra environment variables (export MOZ_USE_WAYLAND=1), end with an exec /usr/bin/original-binary "$@".

Likewise on shells, explain exactly what is substituted in for $() or ``, be sure to be fully accurate regarding ending newline(s) or trailing empty lines or lines that only contain space characters.

Whee I would fail this. I almost never use $() without wrapping it in "", except when I know it will produce one word of output (like $(pidof process) when I know one and only one copy of it is running).

What if either of those are within " (double quote) characters?

The output is preserved exactly, I think.

What difference, if any, does that make, and in what contexts? Also explain the difference between $() and `` and why it's often preferable to use the former rather than the latter.

You can nest $()!

how can you create a file with a newline character in the name of the file?

I would try

$ touch "file
name"

and then rm -i ./file<tab> before it has a chance to mess things up.

To merely create a file, folks often give example using the touch command. In standard shells, how can one do that much more concisely, and without using any external command at all.

>> filename.txt

probably. I have used > file.txt to truncate files, but I've needed a replacement for touch. (Although > file.txt would also create, but I would fear accidentally overwriting an existing file if I mistype the filename.)

Some daemon process is running, you have it's PID. How do you determine what file(s), if any, it's using for stdin, stdout, and stderr, and without using the lsof command.

Good old ls -l /proc/$pid/fd.

for any block device, how can you determine its precise size, without reading it?

sfdisk -s /dev/thingy. (Only I see the manual now says it's deprecated and I should be using blockdev --getsz or blockdev --getsize64.)

I have also occasionally poked in /sys/class/block/* for this information.

two block devices under /dev have the same major and minor number. Are they the same device?

Yes.

Are they the same file?

Ehh. What is a 'file'? There are directory entries and there are inodes. Is a file an inode?

(Now I'm curious if one is allowed to hardlink device nodes. I don't see why not, TBH.)

They could be two names to the same inode, or they could be two separate inodes, or one could be a symlink to another.

For a given device under /dev, how can you locate all files / pathnames under /dev that refer to the same device?

Hm. find /dev -ls gives me what looks like major, minor device numbers in the size column. I could do something with grep and eyeballing. I don't see any options on matching on device numbers in find's man page.

I could write a Python script that uses os.walk() and os.stat() if I needed something automated and reliable.

[-]

michaelpaoli@reddit

True edit-in-place vs. not - another difference is >!if the original file has multiple hard links.!<

dr--r--r-- directory permissions. You can ls but not stat/open the files inside?

Yes, can get the names, but not stat/open. With d--x--x--x >!the reverse is the case - can stat/open ... if you know the name, but can't get name by reading the directory.!<

Ooh, is that possible? Without temporarily changing the system clock? Or fiddling with debugfs/banging bits on an unmounted filesystem?

You got it, those would be the two possible ways.

$() or ``, be sure to be fully accurate regarding ending newline(s) or trailing empty lines or lines that only contain space characters.

" quoted or not, it's still the case that >!trailing newlines are stripped.!<

> file.txt would also create, but I would fear accidentally overwriting an existing file if I mistype the filename.)

There's noclobber option (and syntax to override that), but if one needs check the option, already lost the brevity advantage, and yes, of course >> is safe(er), that's also why I'm commonly doing ... >> /dev/null - notably in case I ever typo the filename as root, and as for brevity, the whitespace before the filename isn't needed unless the shell might otherwise misinterpret as something other filename.

block device, how can you determine its precise size

!read/cat the relevant /sys/block/.../size file.!<

Ah, blockdev --gets* options, nice, wasn't aware of (/ didn't recall?) those. Thanks, I learn something every day! Oh, and /sys/class/block/.../size - I'd been using /sys/block/.../size, yeah, ... /sys/block/ and /sys/class/block have quite similar, but not quite identical content ... learned another thing today. :-)

Ehh. What is a 'file'?

Same >!inode number on same filesystem,!< same file (of any type), otherwise not.

curious if one is allowed to hardlink device nodes

!Yes.!< >!One can also hardlink sym links.!<

And more generally, *nix allows superuser to >!hardlink directories!< - but that way madness lies, and Linux stubbornly refuses to do so (even though the documentation may still suggest otherwise).

Hm. find /dev -ls gives me what looks like major, minor device numbers

Yep, you're almost there. Add >!-follow and grep!<, and that can do it. Or POSIXly, instead of >!-ls, -exec ls -lLd \{\} \;!< and either way, also include >!-type b before that!< to avoid >!other file types (and symlinks to such).!<

could write a Python script that uses os.walk() and os.stat()

Yes, and similarly, Perl has a built-in find function.

[-]

mgedmin@reddit

yeah, ... /sys/block/ and /sys/class/block have quite similar, but not quite identical content ...

Wait, what? They do?

checks

Yeah, one is full of symlinks to /sys/devices/..., excluding partitions; the other is full of symlinks to the same /sys/devices/..., but also includes partitions.

learned another thing today. :-)

Me too!

[-]

michaelpaoli@reddit

Yup, for /sys/block/ partitions are down one more level, whereas with /sys/class/block/ they're directly there (and also down one level).

$ ls -dLli /sys{,/class}/block/sda{,1}{,/sda1}{,/size} 2>>/dev/null | sort
25880 drwxr-xr-x 27 root root    0 May 23 10:18 /sys/block/sda
25880 drwxr-xr-x 27 root root    0 May 23 10:18 /sys/class/block/sda
25890 -r--r--r--  1 root root 4096 May 30 08:27 /sys/block/sda/size
25890 -r--r--r--  1 root root 4096 May 30 08:27 /sys/class/block/sda/size
26744 drwxr-xr-x  5 root root    0 May 25 13:20 /sys/block/sda/sda1
26744 drwxr-xr-x  5 root root    0 May 25 13:20 /sys/class/block/sda/sda1
26744 drwxr-xr-x  5 root root    0 May 25 13:20 /sys/class/block/sda1
26750 -r--r--r--  1 root root 4096 May 30 08:21 /sys/block/sda/sda1/size
26750 -r--r--r--  1 root root 4096 May 30 08:21 /sys/class/block/sda/sda1/size
26750 -r--r--r--  1 root root 4096 May 30 08:21 /sys/class/block/sda1/size
$

[-]

mgedmin@reddit

True edit-in-place vs. not - another difference is if the original file has multiple hard links.

Oh yes, hardlinks, forgot about those. My biggest fear from the new Python package manager uv using hardlinks to speed up installation of the same packages into multiple Python virtual environments is that I like to edit .py files of installed 3rd-party packages and add debug prints to them when I'm debugging on my dev machine -- what if I forget to remove the debug print and it's reflected in uv's cache and all the venvs, not just the one I used for debugging?

[-]

thesaddestpanda@reddit

Wow I’m stumped on a lot of these. Do you have to answers as well?

[-]

michaelpaoli@reddit

Have answers, I know the answers ... though for some of the more complex ones I might have to sometimes lookup a bit of syntax or the like (e.g. I've certainly not memorized all the table details to construct a device with the dmsetup(8) command). So, ... pick one or two that you think are the toughest and/or that have you stumped, and I'll give answers.

[-]

tenuki_@reddit

Great list. Some of these will probably make it onto mine. :)

[-]

Twattybatty@reddit

This, is treasure! Many thanks.

[-]

mgedmin@reddit

This is a nerd-snipe, sir! I apologize for adding to the inevitable pileup of answers, but I could not resist!

If you have a file that is named precisely, without the quotes (the part inside such): "-rf *" how do you safely remove only and exactly that file?

rm -i ./-rf<tab> or hitting F8 in Midnight Commander or pressing Del in Nautilus.

if a non-root user ID launches a fork bomb, intentionally or otherwise (e.g. code bug), how do you signal all that ID's processes at once without it being race condition that does or may fail to signal all their processes?

Ooh! Ooh! sudo -u THATUSER kill -9 -1, right?

Although this is a trick question because the system is not responsive enough to allow you to enter any commands because no Linux distro ever sets resource limits in a way that would allow it to survive a fork bomb out of the box.

Moving data across storage devices

Dunno, but I'd like to know. A few rsyncs, then stopping all the processes that touch the device, then one last rsync?

If you're using LVM you could use pvmove.

So, df says the filesystem is full or nearly full, but using du as root, on the mount point of the filesystem doesn't come anywhere close to approximating accounting for all that storage. Give explanations for the discrepancy.

(1) deleted files (check with lsof | grep -i del) and (2) subtrees hidden by mount points (check with mount --bind into a temporary location, followed by du, because a non-recursive bind mount doesn't have any nested mount points to hide parts of the tree), and also maybe (3) filesystem corruption that throws off the numbers (check with fsck after remounting read-only).

rfkill - how do you check those settings or change them without the rfkill command - just standard basic Linux utilities and such available, nothing more, and not using Network Manager or anything nearly so complex.

Ehh I bet there's a chance these are exposed somewhere in /sys/, but I don't know. I'd have to look for things. find /sys -name 'rfkill*' gives me interesting things already!

If a file has permissions for the owner, not the group owner, and also has permissions for world/other, and you're not the owner and not a member of the group, do you have permission (r, w, and/or x, as applicable) to that file? And explain why that's the case.

Not sure I understood the question correctly. You mean like r-----r-- $owner:$group? and I'm neither the $owner nor a member of $group? I do have read permissions then. A more interesting question is what if I'm not $owner but I'm a member of $group. I'm not sure; both options make sense to me. I'd have to test it out or read the documentation. If I had to guess, I'd say I don't have permissions.

Explain why an exceedingly large number of small files directly in a single directory is very inefficient for space storage considerations, at least for most common filesystem types (and their options).

Lack of tail compression: each file is rounded up to a multiple of the filesystem block size (e.g. 4K). Plus each file takes up space for its metadata (inode + directory entry).

Explain also why that's generally a major performance issue when operating on that directory.

Finding/modifying one item in a large list takes longer than finding/modifying one item in a small list. Unless the filesystem uses a btree or something for large directories (it's an ext4 option iirc?).

If one removes most all the files from such a directory, do most or all those problems go away?

Maybe? Depends on the on-disk data structure.

If not, explain, and explain how to correct that.

mkdir, move all the files into the new dir, delete the old dir, rename the new dir to the old name?

What about the case if it's the root (top level directory) of that filesystem?

Whee please don't tell me backup + mkfs is the only solution here.

You've got a modern drive. It's developed an unrecoverable read error on one single sector - the rest of the drive reads perfectly fine. How exactly could you isolate exactly where and how that block is used on that drive?

Is the answer badblocks here? I'm not sure I ever ran it.

I could find the offset in the kernel log for the error, but that wouldn't give me the filename.

I could expect to find the filename from the program that tried to access the file that gave me the error.

I could read all the files by doing something like tar -cf /dev/null --one-file-system /path/to/thing and then see which ones aren't readable.

I could run e2fsck with the option that checks for bad blocks -- iirc there is one? (yeah, -c), but I probably won't bother -- I'd get a new disk and copy the files, note down which ones are missing, then try to restore those from backups.

How can you repair that block within the damaged file while not changing any other blocks in that file - notably not writing or rewriting any of the other blocks?

Hmm, you could overwrite just that block with dd using the appropriate seek/skip/count options. A modern drive ought to reallocate the sector. I would want to check if it worked by dropping the disk caches (echo 3 |sudo tee /proc/sys/vm/drop_caches) and doing a sha256sum of the entire file, but I'm not sure I would trust that drive. A SMART self-test is in order.

without lsof, how do you determine the binary file that's executing for a given PID?

ls -l /proc/$pid/exe

Same question, but the binary that's still executing, that binary executable was removed - can that actually happen where the binary then still runs, and if so, what exactly does that look like?

readlink on /proc/$pid/exe returns '/path/to/file (deleted)', IIRC

Can one recover a copy of that binary in such a case?

cat /proc/$pid/exe > /tmp/copy-of-old-binary.

AFAIU there's no way of creating a hard link to a deleted file that would prevent it from getting garbage-collected when the last process that has it open closes it.

[-]

michaelpaoli@reddit

Impressive! Yeah, you got most of those spot on, and those that you didn't totally nail, still generally pretty damn close, so yeah, good showing!

rm -i ./-rf<tab> or hitting F8 in Midnight Commander or pressing Del in Nautilus

Don't need the -i, but sure, safer with it. And yeah, the leading ./ prevents the - from looking to rm as introducing option(s), alternatively, for non-ancient rm, one can >!use a preceding -- to indicate the end of options, then any arguments after that that begin with - are taken to be non-option arguments.!!quote the space and * characters - by whatever means (preceding \ or surrounded within ' or " characters).!<

And basically nailed that kill one. And depending how (not?) badly those user's PIDs are behaving, might not need SIGKILL, but that'll certainly do it, or could, e.g., try SIGTERM first, and if that doesn't do it, then SIGKILL. But yeah, most don't know about >!the pseudo-PID target of -1!<, and that's key to beating the race condition.

The moving data one, yeah, if it's under LVM there's pvmove, but if not, as I show in the linked, one can use >!device mapper, via dmsetup - basicallly RAID-1 it onto another block device, and after synced, drop the original, and then get rid of the device mapper device - but will have to make the device available for some bits, notably where one substitutes in - and out, the device mapper device for the underlying device one wants to move that data from/to.!< What I linked to has example (in that case moving md raid10 data from a set of 4 old drives to a set of 4 new drives, while generally minimizing the time the md device is unavailable).

like r-----r-- $owner:$group? and I'm neither the $owner nor a member of $group? I do have read permissions the

!Nope.!< For more details (and why), have a read over:
https://www.mpaoli.net/\~michael/unix/permissions

Well nailed the df/du discrepancy - many don't know, fair number cover the most common reason, few come up with 2 reasons, you got 3, very few get 3 (or more? - not even sure there's a possible 4th). Oh, and unlinked open files, can also locate those >!via the /proc filesystem!< - so don't even need lsof.

And yes, rfkill functionality without rfkill command - can be done via the /sys filesystem - I find that highly handy when helping users attempting to install Linux via Wi-Fi, and they need rfkill functionality to do/continue such, but they don't have the rfkill command - and of course can't yet get it via Wi-Fi.

And got the large/huge directory one - concisely explained - a more full explanation gets rather long. And after removing the files, for (most) filesystems where directories don't shrink, yeah, recreate the directory - and that's bad news if it's the root directory of the filesystem, because in that case, yes, that means recreating the filesystem (that's also why I highly prefer to never give untrusted IDs write access to the root directory of any filesystem).

And yeah, unrecoverable read on a single sector/block on drive, badblocks (with -w option) could do it. And yeah, non-ancient drives will automagically remap such upon write, so long as one writes the same location on the drive and the reserved block table isn't already full.

there's no way of creating a hard link to a deleted file

I think, at least in theory, there is a (deep dark magic) way, but I've not actually done so or attempted such. Oh, but there is one relatively ugly dirty way to do it - >!crash the filesystem, then fsck, and then should have it by its inode # under the filesystem's /lots+found directory.!<

[-]

oriondracowolf@reddit

Honestly simply asking what happens when you enter a URL and hit return in a web browser is a very telling question. It’s my filter question.

I only hear the term “DNS” 5% of the time.

[-]

zakabog@reddit

Most of the code base has been re-written for those tools and the original GNU members that maintained have either kicked the bucket or left the project.

Ah okay.

Different question, what does the first letter in GPL stand for?

Follow up, what does that stand for?

[-]

beheadedstraw@reddit

I'd refer that to legal, as it's not my fucking job to know nor interpret that.

Next question.

[-]

zakabog@reddit

I'd refer that to legal, as it's not my fucking job to know nor interpret that.

You're a Linux user with 2 decades of experience and don't know how to find out what the first letter in GPL stands for? Maybe this is a good interview question, I'd quickly skip over someone that incompetent.

[-]

beheadedstraw@reddit

I obviously know what it stands for moron, it’s not my job to interpret licenses for company use, nor should it be yours. All licenses and usage of said software under said license should be approved by legal. Otherwise good luck getting SOX and SOC2 compliance.

It has literally nothing to do with the performance of being able to my job, therefore a completely useless interview question.

Next.

[-]

mia_rosecore@reddit

You seem unpleasant to work with.

[-]

beheadedstraw@reddit

Ask stupid questions irrelevant questions, get stupid irrelevant answers 🤷‍♂️

[-]

zakabog@reddit

I obviously know what it stands for moron

I would say it's clear you don't as you've completely avoided the question and resorted to insults because you have some problems answering this simple question. It seems to be quite good at filtering out the bad apples.

[-]

beheadedstraw@reddit

And you gave me an absolutely useless hiring question which would make me walk right out of that interview because it's clear you focus on bullshit rather than actual skills. It's a good thing I have a job and actively contributed to both mainline and RT kernels for the last 25 years also huh?

Those questions are also good at weeding out the people that don't want to work with moronic hiring managers that expect their admins to also not consult with legal OR infosec when implementing new software and tracking supply chain attacks on the security side. God help you when you file a claim with your cyber insurance.

But yea, sure, "WuT duz the G in GeePeeEll stand for?". Kkthxbai rofl.

[-]

zakabog@reddit

You took a joke about the pronunciation and recursive acronym that is GNU as a personal attack and declared GNU to be meaningless these days. You then doubled down on your rage boner when jokingly asked about the first letter of the most widely used open source license on the planet (the GNU Public License, though IANAL so you should consult your legal team to verify first....)

Sounds like the question is a perfect filter.

[-]

beheadedstraw@reddit

Yea, the perfect filter to get the fuck out of a hellscape of manager mind games and most likely people that have no idea what they're doing so they ask bullshit loaded questions. Typically the people that ask those are unqualified to hire for that position, let alone actually know what they're doing. If I was in a culture fit interview, maybe I'd entertain it, probably not, I'd still have reservations as obviously loaded questions are obvious.

If I go in for an interview I'm not here to joke, I'm here for a job. I'm not your friend, buddy, pal, or anything else. And I swear to god if they use the bullshittery of "We're like a family" I'll punch them in the face because you already know just from that single line the benefits are shit, there's no on-call schedule besides 24x7 and you'll be expected to work 12 hour days. I've been doing this for over 2 decades, I know a shit workplace when I see it.

Maybe it's the military in me and the reason why I get along with my coworkers that are also prior military.

[-]

Hotshot55@reddit

Maybe it's the military in me and the reason why I get along with my coworkers that are also prior military.

I'm prior military and I wouldn't hire you based on your responses here. You're acting overly butthurt over nothing and if anything it just shows you're not great to work with.

[-]

zakabog@reddit

Maybe it's the military in me and the reason why I get along with my coworkers that are also prior military.

Your hired.

[-]

tenuki_@reddit

A couple ones I enjoy, not necessarily the hardest:

Four ways to list the processes running on the machine from the command line. Variants of the general command don’t count ( ie top htop atop are one not three.

What do you think of the new scheduler, can you compare and contrast it to the old one and discuss pros and cons?

Describe fixing a bug in a module and updating your host with it. Lots of follow-up questions here around internals, live loading, debugging, grub, ect.

How would you restrict a particular process to certain paths in the file system?

[-]

mgedmin@reddit

Four ways to list the processes running on the machine from the command line. Variants of the general command don’t count ( ie top htop atop are one not three. )

are ps and pstree two commands or variants of one?

I would go (1) ps, (2) pstree, (3) top, (4) ls /proc/ and variants (like head /proc/*/stat and head /proc/*/cmdline)

[-]

tenuki_@reddit

I count ps and pstree in the same family but usually accept that answer. I ask for four in case there is another way I don’t know about. If I was answering it would be some python for the fourth, although I suspect Unix being what it is there are probably ways I haven’t thought of, maybe that I have used on the past but forgot. lol . ( see previous comments about Linus being a 9/10 )

[-]

ebriose@reddit

You accidentally ran chmod -x on every file in /bin, /usr/bin, /sbin, and /usr/sbin (including chmod itself). How do you get yourself a working chmod again to fix it?

[-]

shemanese@reddit

We have a standard question we give more to see how people work thru the answer than actually know the answer...

Question: On a standalone server, what are the steps that the computer and OS go through from the time you push power-on until you get a login prompt?

They hit me with it, and we still give it. The idea is to see if someone can reason through the main steps needed. It's not a right or wrong kind of question and is intended to see how they think. We have hired people who missed steps because it was clear they had never studied that set of steps but could logically think about what was needed in general terms.

[-]

phorkor@reddit

We did a similar thing for junior admin positions. I'd give them a laptop that was mirrored to a screen that we could see, ask a few questions and see how they worked through it.

Candidate: "I don't have much experience with XYZ, is it okay if I use google?"
Me: "Absolutely!"
/few minutes later he had the answer
/hired

Candidate: "Uh, I, uh, hmm"
Me: twiddles thumbs
Candidate: "So uh, hmmm. I don't really know how to do that with XYZ"
Me: "That's ok, you can use any resource you want to figure it out"
Candidate: "Oh, I see"
/he started doing random shit that had nothing to do with XYZ and never got even close to what we were asking
/not hired

Candidate: "I have very little experience in XYZ, but I know the basics. Is it okay if I ask questions to get me on the right track?"
Me: "Of course, what are your questions?"
/asking questions is always acceptable
/hired

Some of the candidates were like deer in headlights and while they might have known ABC really well, if they weren't resourceful enough to even open up google or ask questions they weren't a good fit for us.

[-]

Nicolay77@reddit

Nowadays it would be:

Is it OK if I use ChatGPT?

[-]

The question needs refinement. Do you mean 'in a single directory' or 'a tree with arbitrary depths?'

I'd suggest:

        find . -type f -printf '%T@ %p\\n'\
                | grep --invert-match '\^0\\.0000000000' --text\
                | sort --numeric\
                | head --lines=1
646556400.0000000000 ./OLD_LAPTOP_FILES/ETHLOAD/NETBIND.EXE

Bonus points if you can convert the EPOCH back to human.

(The grep was to discard some flatpak cruft that may not be relevant.)

(Yes, EPOCH's used to be 'less than 10 digits.')

[-]

lazyant@reddit

Or ls -lt | tail -1 ? Not a great question since chatgpt et al are pretty good at this trivia

[-]

Hotshot55@reddit

Or ls -lt | tail -1 ?

[-]

"What are your top 10 Linux commands"

...wtf? How do you even begin to answer that?

I said the classic " unzip; strip; touch; finger; grep; mount; fsck; more; yes; umount; sleep" and they gave me the job

[-]

oldzoot@reddit

My favorite linux / unix interview question was ( I was the interviewer ) You have a computer with your favorite distribution installed. Please tell me what happens from the time you turn on the power until you get a login prompt.

This is a great question for learning what they understand about the system. Someone who understands a different OS deeply should have no problem adapting to a different system if needed.

I hired my replacement when I retired based on their answer to this question along with a few others relating to automated installation systems.

[-]

gudlyf@reddit

I used to ask -- and I'd make it clear it was mostly for fun -- if they could describe different RAID levels. Most got thrown when I asked to describe RAID 50 or RAID 0+1.

[-]

tenuki_@reddit

Here’s one that actually happed to me: here’s your workstation, last person to use it set the firmware password and changed the root password. If you can use it by tomorrow morning without reinstalling or wiping you have the job. Then find the source he was supposed to be working on and finish it. ( technically this wasn’t Linux it was a sun high end work station running Solaris. ).

[-]

I didn't claim you were incorrect, just that flexing certs in on random threads is weird.

[-]

beheadedstraw@reddit

So trolling just to troll, got it.

Flexing equivalent DoD level certs on a thread isn't weird, and I didn't claim I know everything, but at least gives some sort of credence to my knowledge level considering CASP+ isn't just a rote memory cert like Sec+/A+ (and according to other people extremely hard since it's a pass/fail with no scoring mechanism). It's the equivalent of a CISSP on the implementation side.

You would know if you actually had it or even studied for it.

[-]

IWorkForTheEnemyAMA@reddit

https://youtu.be/gYqF6-h9Cvg?si=E_0KZ1N5UGyPt6_c

[-]

beheadedstraw@reddit

Man I love watching her talks, she was amazing.

[-]

stroke_999@reddit

OK I'll stop it. This is not the right topic. Yes every distro is for a purpose. I think that fintechs should buy larger hardware and be more safe, however they all fear changing, and they are right. You can't say that having less footprint is not relevant to security. Less things = less vulnerabilities. Alpine is a security distro. If you compile apps with security in mind it is always a lot better. Just see how much 0 day vulnerabilities are found on alpine and compare them to Debian, there are like 90% less vulnerabilities.

[-]

beheadedstraw@reddit

"however they all fear changing,"

You're thinking of banks, not fintech, which consists of mostly proprietary trading firms. We use literally the latest tech, bleeding edge kernel source trees and networking hardware. In fact a lot of us help maintain the RT kernel.

Losing 100 nanoseconds is a huge deal in our world.

"Just see how much 0 day vulnerabilities are found on alpine and compare them to Debian"

leadout_kv@reddit

Is it 9?

[-]

kidmock@reddit

SIGTERM aka -15

-9 is SIGKILL aka the signal of last resort. I die inside every time i watch devs use -9 with every kill they issue. Stop doing that 😁

[-]

Dolapevich@reddit

Some person edited ~/.bashrc and left a typo, so when you try to login, it fails and you never get to an interactive shell. ¿How do you fix it?

I end up scping an empty .bashrc

[-]

This was in 2004, so servers by that time had enough capacity not to need inetd. But I ten told them how you would set it up.

I just retired from that job after 21 years.

[-]

autogyrophilia@reddit

Ok, but reasonable question in 2004

[-]

elprophet@reddit

"Teach me something I don't know".