linux internals

How do Linux permissions work, and what does "chmod 741" do?

How do you check running process on a system? How would you force-kill a program that is totally unresponsive? And what happens if the program doesn't respond to a "kill "?

Briefly describe the TCP/IP stack.

How would you check file sizes using the command line and how would you make the results "human readable?"

How would you list all the files that start with the letter "t" in a directory and all subdirectories with one command?

What commands would you use to check your internet connection, and how would you go about "debugging" your internet connection?

How would you set a static IP?

If you were setting up a new installation of Linux for a personal computer, how would you set the partitions?

TCP/IP:Describe 3-way handshake. Syn, Syn/Ack, Ack. I also mentioned sequence numbers and since I did (it seemed), he asked me what other information was exchanged. I mentioned destination & source IP addresses and port numbers and he asked me if there was anything else in there. He even prompted me with "MSS", but I didn't know that acronym. I found out later it stands for "Maximum Segment Size" and is what is negotiated at session initiation, ala MTU, typically 1500 bytes. He asked me about switch versus hubs, asking what the difference was. I fumbled my way through that one, saying at one point a hub would blindly blast each packet out each interface whereas a switch would only send it to the right port. A hub would have more contention than a switch would. He then asked me if a switch would ever blast a packet out each interface. He wanted to hear "Yes, if the switch's CAM table entry timed out" (similar to an ARP entry timing out). HTTPD config for Virtual Domains. Use IP names, which is what I do with Are there other ways to get httpd to run handle multiple domains? Yes, by port # and by having multiple IP addresses on a NIC. What if you use ssl? Then you'd need multiple certificates. (This was wrong!) He asked me what the name of the line in the HTTP header was for that node name. The answer was "HOST", but what he was trying to do, is to lead me to the right answer. You cannot do SSL with virtual domains because virtual domains rely on reading the HOST HTTP header and with SSL, the HTTP headers are encrypted! What is PID number 1? "The mother of all processes". Responsible for initializing the system through /etc/inittab and for reaping child ending status. What is its PPID? Also 1. What are zombie processes? Already killed processes that typically have not been reaped by their parent yet, but it's also possible that they are blocked by something else. I gave the example of the TCP/IP stack trying to sever active connections, where a FIN would go out, but no FIN/ACK ever came back. I've seen multiple ftpd processes hanging around in this state 'till IBM fixed their AIX. So how do you kill a zombie? Kill its parent, continuing if need by, up the line to init. What's the difference between a hard Link and a soft link. I got this one mostly right, saying hard links have the same inode number, soft links don't. Hard links need to be in the same file system, soft links don't. Hard links increment a counter in the target's inode, keeping the file around if it got erased, 'till all hard links are also erased. Soft link targets get erased leaving dangling soft links. Also, a soft link's target is in the link's inode, which got me thinking that there must be some "smallish" limit to the length of a soft link's target. Since an inode is only 128 bytes, a soft link's target must be limited to something like 70 bytes. What's in an inode? Type (directory, link, file, b=block or c=character), name, atime=last accessed time (ls -lu), mtime=last modified time (ls -l) ctime=time the file's inode was last changed (ls -lc), pointers to where it is on disk (or target if it's a link), permission bits. Note the ctime is the time the inode was last changed. It is NOT the creation time. For example, A chmod or a chown command will change the ctime only. A touch command changes all 3 times to now, but A touch -t command to some time in the past, changes both the mtime & atime to the past time, but ctime is set to now. A cat command changes just the atime to now. Note in this case, the inode does change, but this change doesn't count as far as the ctime goes. A > command, changes the ctime & mtime, but not the atime, which is curious. Evidently, atime is the last time the file was read, not written. What is DNS/Bind's Default port? 53. Does DNS use UDP or TCP? Usually UDP, but for long queries, like zone transfers, will use TCP. How do you get nslookup to use TCP? I tried looking this up quickly by getting to my Linux system and typing "man nslookup", but didn't get it in time to answer the question. I don't know if there is a way. I later found the -T option to the host command (not nslookup) that will force TCP instead of UDP. He also asked me about recursive queries, but I couldn't answer anything there.

What happens when a process forks? The child gets a copy of the stack & program, and there are two processes running. You differentiate the child from the parent by fork's ending status. If zero, you're in the child. If not, you're in the parent and the ending status is the PID of the child. What happens when one uses exec? I said "the slate is wiped clean and a new program replaces the old." He asked me about the "clean slate" statement, asking if the slate is really wiped clean, or is there anything that's kept? He had to prompt me a bit, but the answer is environment variables and file descriptors are inherited, so no, the "slate" isn't really wiped clean. How does traceroute work? Uses ICMP and has a counter to say "Only go this many hops". Each router decrements the counter and if zero, will return an answer. The client keeps incrementing the counter in successive packets 'till it reaches its intended destination. Since I mentioned the counter, he asked me where that counter was, in which header. I fumbled and guessed the level 3, ICMP header. ssh config. How do you set up ssh to not require a password when you ssh/scp someplace? Use ssh-keygen and distribute the public key. Is there any way to protect the private key from root? Yes, encrypt that with a passphrase, but then you have to type in that passphrase each time you use it. However, see my notes on SSH keys, especially the part on using keychain.

The rest of these questions are ones Sandy asked me that Mike didn't. Describe what you know about the Unix boot process. Uhhh. I started with the kernel getting loaded, then init, then the device scan, then init going through /etc/inittab. She asked me "How does init get loaded." Another uhhhhhh. I said I always thought init was just part of the kernel, that it established itself with PID=PPID=1 and she was apparently satisfied with that. How do you find a file given an inode number. I said there's some command to do that, but I never remember what it is. I always use find . -inum nnnn. Describe what you know about RAID. I told her what RAID 1 and 5 were, but forgot that RAID 0 was striping. Which would you rather do with say 6 disks, stripe first then mirror, or mirror first then stripe. I thought about it and didn't see any difference when reading or writing to the disks. She prodded me by asking about when disks die. I initially answered wrong. If you stripe then mirror and lose one disk, you have 2/5 chances of surviving a second disk failure. If you mirror then stripe, you have a 4/5 chance of surviving a second disk failure. So it's best to mirror then stripe. She asked me what the numbers meant in the uptime command. I answered it was the number of processes that are waiting to use the processor over three different time periods, something like the last 1, 3, and 5 minutes (or 3, 5, 10). The real answer is The uptime command prints the current time, the length of time the system has been up, the number of users online, and the load average. The load average is the number of runnable processes over the preceding 5-, 10-, 15-minute intervals. She asked me how I would interact with/test/exercise SMTP. I said you can telnet there using port 25 and type HELO but I thought it was your (the client's) node name, not the host's. Then you type in from/to/subject, etc and have to type in a null line to terminate it. That's actually wrong. You type in a . on a line all by itself. I told her that it's taking a lot of self control right now to not look it up. I have notes on that, which said telnet 25 helo mail rcpt data From: To: Subject: Anything you want

This is line 1 of the e-mail This is line 2 This is line 3

blah, blah, blah

and this is the last line, followed by a period on a line all by itself. . quit If I were to rate myself, I'd give me a 80% grade for the SRE interview. 90% for Sandi. Is that good enough? I don't know. We'll have to see. Another possible interview question could relate to the HTTP protocol. See this Wikipedia page, which showed this example telnet session, telnet 80 GET /index.html HTTP/1.1 Host: (followed by a blank line!!) The "Host" header distinguishes between various DNS names sharing a single IP address, allowing name-based virtual hosting. While optional in HTTP/1.0, it is mandatory in HTTP/1.1. The above example will get you Melanie's home page. The server's response:

HTTP/1.1 200 OK Date: Thu, 28 Sep 2006 22:58:04 GMT Server: Apache/2.0.55 (Win32) Accept-Ranges: bytes Content-Length: 845 Content-Type: text/html (this BTW is the line CGIs need to emit first) (blank line delineates header from body) Followed by the HTML of the requested page. Other interesting questions include Write a Perl program that given a group name, will find all users that belong to that group. See my answer here. Write a Perl program to return all userids with a given letter/pattern in it. See my answer here. When paging space gets low and you're lucky enough to have a root shell, but you can't spawn anything, what can you do? The answer is, only shell built-in commands. So what can you do with shell built-in commands? IE, how do you reboot the system? Answer: Send a kill command to init, which is always PID 1, ie kill -2 1

You are trying to to daemonize an unknown, black-box binary executable. The binary executable returns no output to STDOUT or STDERR. Assume that the mystery binary return code is non-zero. What troubleshooting steps might you take to learn more about what the binary is supposed to do, and why it is failing?

TCP three-way handshake

how you can delete a file starting with a dash as well as basic networking – how does a switch work.

You will need to know how the malloc() works and how the memory allocator is implemented in, say, glibc, how the processes are started and pass the data between themselves on the low level.

Last edited by Artem Dudarev, 2013-10-13 02:01:37. Edit