InterviewStack.io LogoInterviewStack.io

Linux User and Group Administration Questions

Administration of user accounts and groups on Linux systems, covering the full user lifecycle including creation, modification, deletion, and archiving. Topics include command line management with useradd, usermod, userdel, groupadd and groupdel; understanding and managing /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow; UID and GID planning; default shells and home directory configuration; password policies and aging; sudoers configuration and fine grained privilege escalation; SSH access management including key based authentication, ssh agent usage and ssh configuration; file and directory permissions (user, group, other), symbolic and octal chmod notation, chown, umask; access control lists, setuid, setgid, and the sticky bit; SELinux or AppArmor basics and how they affect access; and enterprise integration points such as LDAP, Active Directory, or RADIUS for centralized authentication. Emphasis is on secure, least privilege practices and scalable account lifecycle management for production environments.

HardTechnical
143 practiced
An attacker has replaced a user's ~/.ssh/authorized_keys across multiple servers to maintain persistent access. Describe how you would identify which keys were added and when, what logs and artefacts you would inspect across systems (including auditd, filesystem timestamps, configuration management), and how you would coordinate an automated, auditable rotation of that user's keys across the fleet.
MediumTechnical
91 practiced
Describe best practices for UID/GID planning across a fleet of Linux servers and shared resources (NFS, Ceph). How would you reserve ranges for system accounts, service accounts, human users, and containerized workloads to avoid collisions? Explain how you would document, enforce, and audit these assignments at scale.
MediumTechnical
78 practiced
Explain how ssh-agent and agent forwarding work. What are the security risks of enabling agent forwarding to remote hosts, and what best practices should a systems administrator follow when using agent-based authentication in an environment that includes bastion/jump hosts?
HardTechnical
103 practiced
A daemon running as user 'svcuser' cannot write to /var/lib/app despite correct Unix permissions; audit logs show SELinux AVC denials. Describe the commands and steps you would use to diagnose the SELinux denial, how to craft a minimal policy to allow the required action, and how to apply it safely with minimal privilege expansion. Mention tools like ausearch, audit2allow, semodule and semanage.
EasyTechnical
75 practiced
Provide a one-liner that lists all accounts with UID 0 on a host (including accounts from local files and from NSS sources such as LDAP). Explain why having multiple UID 0 accounts is a risk in production and how you would handle an exception where a UID 0 account is required for legacy reasons.

Unlock Full Question Bank

Get access to hundreds of Linux User and Group Administration interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.