RHCSA FAQs Asked in Linux & DevOps Interviews [2025]

User and Group Management

1. What is the purpose of the /etc/passwd file in RHEL?

The /etc/passwd file stores user account details, including usernames, UIDs, home directories, and login shells. It ensures user authentication and access control, enabling the system to map users to their respective environments for secure operations in RHEL systems.

2. Why is the useradd command essential for system administration?

• Creates user accounts with unique IDs.
• Sets up home directories and shells.
• Configures user-specific permissions.
  The useradd command streamlines account creation, ensuring secure and tailored access for users in multi-user RHEL environments, critical for enterprise settings.

3. When should you use the usermod command?

Use usermod to modify user account attributes, like changing usernames, home directories, or group memberships. It ensures user settings align with organizational needs, maintaining security and functionality in RHEL systems during account updates.

4. Where are user group definitions stored in RHEL?

• Stored in /etc/group.
• Lists group names and members.
• Defines group access permissions.
  The /etc/group file organizes group-based access, ensuring secure resource sharing in RHEL multi-user environments.

5. Who can create new user accounts in RHEL?

Root or sudo-privileged administrators create user accounts using useradd. This ensures controlled account management, preventing unauthorized access and maintaining secure user environments in RHEL systems for enterprise operations.

6. Which command displays user account details?

The id command shows a user’s UID, GID, and group memberships. It verifies account configurations, ensuring correct permissions and access for users, critical for managing multi-user environments in RHEL systems securely.

7. How do you delete a user account in RHEL?

Use userdel -r to remove a user and their home directory. Verify with /etc/passwd. This ensures secure account removal, freeing resources while maintaining system integrity in RHEL environments.

8. What does the /etc/shadow file store?

• Holds encrypted user passwords.
• Includes password aging details.
• Restricted to root access.
  The /etc/shadow file secures authentication data, preventing unauthorized access and ensuring account protection in RHEL systems.

9. Why is the groupadd command used?

The groupadd command creates new groups, assigning GIDs and enabling shared access to resources. It simplifies permission management for collaborative projects, ensuring secure and organized group-based access in RHEL multi-user environments.

10. When do you use the chage command?

• Sets password expiration policies.
• Configures account aging parameters.
• Enhances security compliance.
  Use chage to enforce password updates, reducing credential risks in RHEL systems.

11. Where are user-specific configurations stored?

User configurations are stored in home directories, like /home/user1/.bashrc. These files customize shell settings or application preferences, ensuring personalized and consistent user experiences in RHEL multi-user environments.

12. Who can modify group memberships in RHEL?

Root or sudo-privileged administrators use usermod -G to modify group memberships. This ensures controlled access to shared resources, maintaining security and proper permission allocation in RHEL enterprise systems.

13. Which command locks a user account?

• The usermod -L command locks accounts.
• Disables login via /etc/shadow.
• Preserves user data.
  It restricts access temporarily, enhancing security in RHEL systems.

14. How do you set a user’s default shell?

Use usermod -s /bin/bash username to set a user’s default shell. Verify with /etc/passwd. This customizes the user environment, ensuring compatibility with preferred tools in RHEL systems for efficient workflows.

15. What is the role of the /etc/login.defs file?

The /etc/login.defs file sets defaults for user account creation, like password aging or UID ranges. It ensures consistent account policies, streamlining user management and enhancing security in RHEL multi-user environments.

File and Directory Management

16. What does the chmod command do in RHEL?

The chmod command modifies file or directory permissions, setting read, write, or execute rights. It ensures secure access control, restricting sensitive files to authorized users, critical for maintaining data integrity in RHEL systems.

17. Why is the chown command used?

• Changes file or directory ownership.
• Assigns users or groups.
• Enhances access control.
  The chown command ensures secure resource sharing in collaborative RHEL environments.

18. When should you use the find command?

Use find to locate files based on criteria like name, size, or type. It streamlines file management, enabling quick identification of specific files for maintenance or security tasks in RHEL systems.

19. Where are user home directories located?

• Found in /home, e.g., /home/user1.
• Stores user-specific configurations.
• Created during account setup.
  Home directories organize personal data, ensuring isolation in RHEL multi-user systems.

20. Who can change file permissions in RHEL?

File owners or root/sudo-privileged users change permissions using chmod. This restricts access to authorized users, ensuring secure file management and preventing unauthorized modifications in RHEL systems.

21. Which command displays detailed file permissions?

• The ls -l command shows permissions.
• Lists ownership and metadata.
• Verifies access controls.
  It ensures sensitive files are restricted in RHEL environments.

22. How do you create a symbolic link?

Use ln -s source target to create a symbolic link. Verify with ls -l. This provides shortcuts to files or directories, simplifying access and management in RHEL systems without duplicating data.

23. What is the purpose of the tar command?

The tar command archives files or directories, creating compressed backups. It supports operations like creating, extracting, or listing archives, ensuring efficient data storage and transfer in RHEL systems for administrative tasks.

24. Why is the setfacl command used?

• Sets Access Control Lists (ACLs).
• Grants specific user permissions.
• Enhances access flexibility.
  The setfacl command enables fine-grained access control in collaborative RHEL environments.

25. When do you use the getfacl command?

Use getfacl to view Access Control Lists, showing granular permissions. It verifies complex access settings, ensuring correct configurations for collaborative projects in RHEL systems, maintaining secure file access.

26. Where are temporary files typically stored?

• Stored in /tmp or /var/tmp.
• Used for transient data.
• Automatically cleared periodically.
  Temporary files support short-term operations, ensuring efficient resource use in RHEL.

System Services and Processes

27. What does the systemctl command do?

• Manages system services.
• Starts, stops, or enables services.
• Configures boot-time behavior.
  The systemctl command ensures service availability, critical for RHEL system reliability.

28. Why is the crontab command important?

The crontab command schedules automated tasks, like backups or updates, at specified intervals. It reduces manual effort, ensuring consistent execution of repetitive tasks, enhancing efficiency in RHEL system administration.

29. When should you restart a service in RHEL?

• Restart after configuration changes.
• Apply updates or patches.
• Resolve service failures.
  Restarting ensures services reflect new settings, maintaining functionality in RHEL systems.

30. Where are systemd unit files stored?

• Custom units in /etc/systemd/system.
• Defaults in /usr/lib/systemd/system.
• Defines service configurations.
  Unit files manage service settings, ensuring proper operation in RHEL systems.

31. Who can manage system services in RHEL?

Root or sudo-privileged users manage services using systemctl. This ensures controlled service operations, preventing unauthorized changes and maintaining system stability in RHEL environments.

32. Which command monitors running processes?

The ps command lists running processes, showing PIDs and resource usage. It helps identify active tasks, enabling administrators to manage system performance effectively in RHEL environments.

33. How do you terminate a hung process?

Identify the process ID with ps, use kill -9 to terminate, and verify with ps. This frees resources, restoring stability without rebooting, ensuring efficient operation in RHEL systems.

34. What is the role of the top command?

• Displays real-time resource usage.
• Shows CPU and memory stats.
• Identifies resource-intensive processes.
  The top command optimizes performance in multi-tasking RHEL environments.

35. Why is the nice command used?

The nice command adjusts process priority, allocating CPU time effectively. It ensures critical tasks get resources, optimizing multi-tasking performance in RHEL systems under varying workloads, enhancing efficiency.

36. When do you use the lsof command?

• Lists open files by processes.
• Identifies resource conflicts.
• Aids troubleshooting tasks.
  Use lsof to diagnose file or network issues in RHEL systems.

37. Where are systemd journal logs stored?

• Stored in /var/log/journal.
• Contains detailed event data.
• Supports service troubleshooting.
  Journal logs diagnose issues, ensuring reliability in RHEL systems.

Security and Access Control

38. What is the purpose of the /etc/sudoers file?

The /etc/sudoers file defines user privileges for executing commands with elevated permissions. Edited with visudo, it ensures controlled administrative access, preventing unauthorized actions and maintaining security in RHEL systems.

39. Why is SELinux critical for RHEL security?

• Enforces mandatory access controls.
• Restricts process privileges.
• Mitigates exploit risks.
  SELinux limits unauthorized actions, ensuring processes adhere to policies, enhancing security in RHEL environments.

40. When should you use the semanage command?

Use semanage to manage SELinux policies, like file contexts or ports. It ensures applications comply with security constraints, enabling secure operation in RHEL without disabling SELinux protections.

41. Where are failed login attempts logged?

• Logged in /var/log/secure or /var/log/auth.log.
• Shows user and failure details.
• Detects brute-force attacks.
  Monitoring logs ensures timely security responses in RHEL systems.

42. Who can configure SSH access in RHEL?

Root or sudo-privileged administrators configure SSH via /etc/ssh/sshd_config. They manage settings like ports or authentication, ensuring secure remote access for authorized users in RHEL environments.

43. Which command lists open network ports?

• The ss command shows open ports.
• Lists TCP/UDP connections.
• Verifies service accessibility.
  It minimizes security risks in RHEL network configurations.

44. How do you enable SELinux enforcing mode?

Edit /etc/selinux/config to set SELINUX=enforcing, apply with setenforce 1, and reboot if needed. This enforces strict policies, enhancing security by preventing unauthorized actions in RHEL systems.

45. What does the restorecon command do?

• Resets SELinux file contexts.
• Ensures policy compliance.
• Prevents service denials.
  The restorecon command corrects contexts, maintaining security in RHEL environments.

46. Why disable root login via SSH?

Disabling root SSH login in /etc/ssh/sshd_config reduces attack risks, forcing standard user logins with sudo. This minimizes damage from compromised credentials, enhancing security in RHEL networked systems.

47. When do you use the auditctl command?

• Configures real-time auditing.
• Monitors critical file changes.
• Ensures security compliance.
  The auditctl command tracks sensitive modifications, maintaining accountability in RHEL.

48. Where are SSH configuration files stored?

• Located in /etc/ssh.
• Includes sshd_config for servers.
• Manages client configurations.
  SSH files ensure secure, customized remote access in RHEL systems.

49. Who can view /var/log/audit/audit.log?

Root or permitted users view /var/log/audit/audit.log, containing SELinux audit events. It helps analyze security incidents, ensuring compliance and maintaining system integrity in RHEL environments.

50. Which command tracks user login activity?

• The last command shows login history.
• Displays users and timestamps.
• Detects unauthorized access.
  It provides audit trails for security monitoring in RHEL systems.

51. How do you set password expiration policies?

Use chage to define password aging, like 90-day validity. This enforces regular updates, reducing credential compromise risks, ensuring account security in RHEL systems per organizational policies.

Storage and Filesystem Management

52. What is the purpose of the mkfs command?

The mkfs command formats partitions to create filesystems, like ext4 or XFS, preparing storage for data. It enables administrators to configure disks for specific use cases, ensuring compatibility in RHEL systems.

53. Why is Logical Volume Manager (LVM) used?

• Supports dynamic volume resizing.
• Simplifies storage allocation.
• Enhances flexibility.
  LVM allows storage adjustments without downtime, optimizing resources in RHEL environments.

54. When should you use the fsck command?

• Checks filesystem integrity.
• Repairs errors post-crash.
• Runs on unmounted filesystems.
  The fsck command ensures reliable storage, preventing data corruption in RHEL.

55. Where are swap spaces defined?

• Defined in /etc/fstab.
• Lists swap devices or files.
• Provides virtual memory.
  Swap spaces ensure stability during high memory usage in RHEL.

56. Who can create logical volumes in LVM?

Root or sudo-privileged users create logical volumes, ensuring secure storage management. This prevents unauthorized changes, optimizing disk usage in RHEL systems for enterprise-grade solutions.

57. Which command shows disk usage by directory?

• The du command lists sizes.
• Uses human-readable format.
• Identifies large directories.
  The du command optimizes storage and plans cleanup in RHEL systems.

58. How do you extend a logical volume?

Use lvextend to increase volume size, resize the filesystem with resize2fs, and verify with lvs. This expands storage dynamically, supporting growing data needs in RHEL without disruptions.

59. What does the parted command do?

• Manages disk partitions.
• Supports large disk sizes.
• Configures partition tables.
  The parted command enables flexible storage setups in RHEL systems.

60. Why is the mount command important?

The mount command integrates filesystems into the directory tree, enabling data access. It connects devices to mount points, ensuring applications or users access required data in RHEL systems.

61. When do you use the blkid command?

• Displays block device attributes.
• Shows UUIDs and types.
• Aids /etc/fstab setup.
  The blkid command ensures accurate filesystem mounting in RHEL systems.

62. Where are filesystem mount options defined?

• Defined in /etc/fstab.
• Specifies options like noatime.
• Balances performance and functionality.
  Mount options customize storage access in RHEL systems.

63. Who can format disk partitions?

Root or sudo-privileged users format partitions using mkfs, ensuring secure disk preparation. This prevents unauthorized changes, maintaining data integrity in RHEL storage configurations.

64. Which command checks filesystem integrity?

• The fsck command scans filesystems.
• Repairs errors to prevent data loss.
• Ensures storage reliability.
  It maintains integrity in RHEL systems, especially after crashes.

65. How do you create a swap partition?

Create a partition with fdisk, set type to 82, format with mkswap, and enable with swapon. Add to /etc/fstab for persistence, ensuring virtual memory in RHEL systems.

Networking Configuration

66. What does the /etc/hosts file do?

The /etc/hosts file maps IPs to hostnames for local resolution. It supports fast, DNS-independent communication, essential for small networks or reliable hostname mappings in RHEL systems.

67. Why is the nmcli command used?

• Manages network configurations.
• Sets static IPs or connections.
• Automates network tasks.
  The nmcli command ensures reliable connectivity for RHEL servers, ideal for scripting.

68. When should you restart the networking service?

Restart networking after configuration changes, like IP updates, using nmcli con reload. This applies settings without rebooting, ensuring continuous connectivity for critical services in RHEL production environments.

69. Where are DNS settings configured?

• Configured in /etc/resolv.conf.
• Managed via NetworkManager tools.
• Specifies DNS servers.
  DNS settings ensure reliable name resolution in RHEL systems.

70. Who can configure network interfaces?

Root or sudo-privileged administrators configure interfaces using nmcli or manual edits. This ensures secure network setup, preventing unauthorized changes and maintaining connectivity in RHEL systems.

71. Which command checks network connectivity?

• The ping command tests connectivity.
• Measures latency and packet loss.
• Diagnoses network issues.
  It ensures reliable communication in RHEL systems.

72. How do you set a static IP address?

Edit /etc/sysconfig/network-scripts/ifcfg-<interface>, set BOOTPROTO=none, specify IPADDR, NETMASK, and GATEWAY. Restart with nmcli con reload. This ensures stable connectivity for RHEL servers, supporting critical applications.

73. What is the purpose of the /etc/resolv.conf file?

The /etc/resolv.conf file lists DNS servers for name resolution. Managed by NetworkManager, it ensures applications resolve hostnames reliably, critical for network-dependent services in RHEL systems.

74. Why was iptables used in older RHEL versions?

• Configured firewall rules.
• Filtered network traffic.
• Secured system communications.
  The iptables command protected legacy RHEL systems from unauthorized access.

75. When do you use the firewall-cmd command?

Use firewall-cmd to manage firewalld rules, like opening ports. It supports dynamic changes, ensuring secure network access without rebooting, critical for RHEL production environments.

76. Where are network interface configurations stored?

• Stored in /etc/sysconfig/network-scripts.
• Files like ifcfg-eth0 define settings.
• Managed by NetworkManager.
  These configurations ensure consistent network behavior in RHEL systems.

77. Who can manage firewall rules?

Root or sudo-privileged administrators manage firewall rules using firewall-cmd. This ensures secure traffic control, protecting RHEL systems from unauthorized access in networked environments.

78. Which command monitors network traffic?

• The iftop command shows bandwidth usage.
• Identifies high-traffic processes.
• Optimizes network performance.
  It ensures reliable communication in RHEL systems.

79. How do you configure a network bond?

Use nmcli to create a bond, set mode (e.g., active-backup), assign IPs, and restart networking. This ensures high availability and performance for critical network services in RHEL systems.

Troubleshooting and Performance Tuning

80. What does the dmesg command display?

The dmesg command shows kernel ring buffer messages, like hardware errors. It diagnoses boot or system issues, providing insights for quick resolution in RHEL environments, ensuring system stability.

81. Why is the top command used?

• Shows real-time resource usage.
• Identifies CPU-intensive processes.
• Optimizes system performance.
  The top command ensures efficient operation in multi-tasking RHEL systems.

82. When should you use the journalctl command?

Use journalctl to analyze systemd logs during troubleshooting. It identifies service failures, ensuring quick resolution and system reliability in RHEL with detailed event data.

83. Where are kernel panic logs stored?

• Stored in /var/log/messages or /var/log/syslog.
• Contains crash details.
• Aids failure diagnosis.
  Kernel panic logs identify hardware or kernel issues in RHEL.

84. Who can modify kernel parameters at runtime?

Root or sudo-privileged users use sysctl to tune kernel parameters, optimizing performance dynamically. This enables features without rebooting, critical for RHEL production systems.

85. Which command checks system uptime?

• The uptime command shows runtime.
• Displays days since reboot.
• Verifies system stability.
  It aids maintenance planning in RHEL systems.

86. How do you troubleshoot a service failure?

Check status with systemctl status, view logs with journalctl, and restart if needed. This identifies errors, restoring functionality quickly in RHEL environments for reliable operations.

87. What does the strace command do?

• Traces process system calls.
• Diagnoses application failures.
• Identifies performance bottlenecks.
  The strace command debugs errors, optimizing applications in RHEL systems.

88. Why is the sar command used?

The sar command collects performance data, like CPU or disk usage, analyzing trends. It optimizes resources, ensuring efficient operation in RHEL systems under varying workloads, critical for performance tuning.

89. When do you use the tcpdump command?

• Captures network packets.
• Analyzes traffic flow.
• Detects suspicious activity.
  The tcpdump command troubleshoots network issues, ensuring reliable connectivity in RHEL.

90. Where are core dump files stored?

• Stored in /var/lib/systemd/coredump.
• Configured via /proc/sys/kernel/core_pattern.
• Aids application crash debugging.
  Core dumps diagnose crashes in RHEL systems.

91. Who can use performance tuning tools like tuned?

Root or sudo-privileged users use tuned to optimize workload-specific settings. This enhances system efficiency, ensuring performance for RHEL servers or applications in demanding environments.

92. Which command monitors memory usage?

• The free command shows memory details.
• Displays total and used amounts.
• Optimizes resource allocation.
  It ensures efficient performance in RHEL systems.

93. How do you analyze disk performance with fio?

Install fio, run tests with parameters like block size, and review IOPS or latency results. This optimizes storage for specific workloads, ensuring efficient performance in RHEL systems.

94. What is the role of the /proc filesystem?

The /proc filesystem provides runtime system information, like /proc/cpuinfo for CPU details. It supports monitoring and troubleshooting, enhancing diagnostics in RHEL without additional tools.

95. Why is the iotop command useful?

• Monitors disk I/O by process.
• Identifies performance bottlenecks.
• Ensures efficient storage.
  The iotop command optimizes disk performance in RHEL for heavy workloads.

96. When do you use the netstat command in older RHEL versions?

Use netstat to list network connections and ports in older RHEL systems. It troubleshoots connectivity issues, verifying service accessibility, ensuring reliable network operations in legacy environments.

97. Where are systemd journal logs stored?

• Stored in /var/log/journal.
• Provides detailed event data.
• Aids service troubleshooting.
  Journal logs diagnose issues, ensuring reliability in RHEL systems.

98. Who can change the system hostname?

Root or sudo-privileged users use hostnamectl to change the hostname, ensuring consistent system identification across networks, critical for server management in RHEL environments.

99. Which command displays CPU details?

• The lscpu command shows CPU architecture.
• Displays cores and capabilities.
• Aids performance optimization.
  It ensures efficient CPU usage in RHEL systems.

100. How do you prioritize a process in RHEL?

Use nice to set process priority or renice to adjust running processes. This allocates CPU resources effectively, ensuring critical tasks perform optimally in RHEL systems under varying workloads.

101. What does the dnf command do?

The dnf command manages software packages, installing, updating, or removing them while resolving dependencies. Replacing yum in newer RHEL versions, it ensures systems stay updated with security patches, maintaining performance.