Last modified: April 27, 2026
This article is written in: πΊπΈ
The Linux Foundation Certified System Administrator (LFCS) certification validates your ability to perform core system administration tasks on a live Linux system. Like the RHCSA, it's a performance-based exam β you don't answer multiple-choice questions, you complete real tasks on a real system. What sets it apart is that you can choose your exam distribution (Ubuntu or CentOS), making it a solid choice if you work in environments that aren't Red Hat-centric.
This guide covers the exam domains, the commands and skills you need to master, and hands-on exercises that prepare you for what you'll face on exam day.
| Detail | Information |
| Exam Code | LFCS |
| Provider | Linux Foundation |
| Format | Performance-based (hands-on tasks on a live system) |
| Duration | 2 hours |
| Number of Tasks | Typically 15β20 tasks |
| Passing Score | 66% |
| Cost | Approximately $395 USD (includes one free retake) |
| Prerequisites | None required |
| Validity | 3 years |
| Distribution Choice | Ubuntu or CentOS/RHEL (you choose at registration) |
The LFCS exam tests five major domains, each weighted differently:
LFCS Exam Domains (approximate weights)
βββ Essential Commands ~25%
β βββ Log into local and remote consoles
β βββ Search for files
β βββ Evaluate and compare file system features
β βββ Compare and manipulate file content
β βββ Use input/output redirection
β βββ Analyze text using basic regular expressions
β βββ Archive, backup, compress, unpack, and decompress files
β βββ Create, delete, copy, and move files and directories
βββ Operation of Running Systems ~20%
β βββ Boot, reboot, and shut down a system safely
β βββ Boot or change system into different operating modes
β βββ Install, configure, and troubleshoot bootloaders
β βββ Diagnose and manage processes
β βββ Locate and analyze system log files
β βββ Schedule tasks to run at a set date and time
β βββ Verify completion of scheduled jobs
β βββ Update software to provide required functionality
β βββ Verify the integrity of filesystems
βββ User and Group Management ~15%
β βββ Create, delete, and modify local user accounts
β βββ Create, delete, and modify local groups
β βββ Manage system-wide environment profiles
β βββ Manage template user environment
β βββ Configure user resource limits
β βββ Manage user privileges (sudo)
βββ Networking ~15%
β βββ Configure networking and hostname resolution
β βββ Configure network services to start at boot
β βββ Implement packet filtering (iptables/nftables)
β βββ Start, stop, and check the status of network services
β βββ Statically route IP traffic
β βββ Synchronize time using network peers
βββ Service Configuration ~10%
β βββ Configure a caching DNS server
β βββ Maintain a DNS zone
β βββ Configure email aliases
β βββ Configure SSH servers and clients
β βββ Restrict access to HTTP proxy servers
β βββ Configure an IMAP and IMAPS service
β βββ Query and modify the behavior of system services
β βββ Configure an HTTP server
β βββ Configure HTTP server log files
β βββ Restrict access to a web page
βββ Storage Management ~15%
βββ List, create, delete, and modify storage partitions
βββ Manage and configure LVM storage
βββ Create and configure encrypted storage
βββ Configure systems to mount file systems on demand
βββ Create and manage RAID devices
βββ Create, manage, and diagnose advanced file system permissions
βββ Setup user and group disk quotas
βββ Create and configure file systemsThis domain carries the most weight. You need to be fast and accurate with these skills.
# Find files by name
find / -name "*.conf" -type f 2>/dev/null
# Find files by ownership
find /home -user student
# Find files by size
find / -size +100M -type f 2>/dev/null
# Find files modified in the last 7 days
find /var -mtime -7 -type f
# Find files by permission
find / -perm 777 -type f 2>/dev/null
find / -perm -u=s -type f 2>/dev/null # find SUID files
# Locate files using the locate database
updatedb
locate httpd.conf# Compare two files
diff file1.txt file2.txt
diff -u file1.txt file2.txt # unified format (easier to read)
# Sort file contents
sort /etc/passwd
sort -t: -k3 -n /etc/passwd # sort by UID numerically
# Remove duplicate lines
sort file.txt | uniq
sort file.txt | uniq -c # count occurrences
# Extract columns
cut -d: -f1,3 /etc/passwd # username and UID
# Count lines, words, characters
wc -l /etc/passwd
wc -w /var/log/syslog
# Display specific parts of files
head -20 /var/log/syslog
tail -f /var/log/syslog # follow in real-time
sed -n '10,20p' largefile.txt # lines 10 through 20# Basic grep patterns
grep "error" /var/log/syslog
grep -i "warning" /var/log/messages
# Extended regular expressions
grep -E "^root|^admin" /etc/passwd
grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" /var/log/auth.log
# Invert match (show lines that DON'T match)
grep -v "^#" /etc/ssh/sshd_config | grep -v "^$"
# Count matches
grep -c "Failed" /var/log/auth.log# Create a gzipped tar archive
tar czf backup.tar.gz /etc /home
# Create a bzip2 archive
tar cjf backup.tar.bz2 /etc /home
# Create an xz archive
tar cJf backup.tar.xz /etc /home
# Extract archives
tar xzf backup.tar.gz -C /restore/
tar xjf backup.tar.bz2
tar xJf backup.tar.xz
# List archive contents
tar tzf backup.tar.gz
# Use cpio for archiving
find /etc -name "*.conf" | cpio -o > configs.cpio
cpio -id < configs.cpio# View current target
systemctl get-default
# Change default boot target
systemctl set-default multi-user.target # no GUI
systemctl set-default graphical.target # with GUI
# Switch target immediately
systemctl isolate rescue.target
systemctl isolate emergency.target
# View available targets
systemctl list-units --type=target# View processes with details
ps aux
ps -ef
# Real-time process monitoring
top
htop # if installed
# Find a specific process
ps aux | grep nginx
pgrep -a nginx
# Check process resource usage
ps -o pid,ppid,cmd,%mem,%cpu --sort=-%mem | head
# Send signals to processes
kill -15 <PID> # graceful termination (SIGTERM)
kill -9 <PID> # forced termination (SIGKILL)
# Background and foreground jobs
command & # run in background
jobs # list background jobs
fg %1 # bring job 1 to foreground
bg %1 # resume job 1 in background# View system logs (systemd journal)
journalctl
journalctl -u sshd # logs for specific service
journalctl --since "1 hour ago"
journalctl -p err # only error-level messages
journalctl -f # follow new entries
# Traditional log files
tail -f /var/log/syslog # Debian/Ubuntu
tail -f /var/log/messages # CentOS/RHEL
# Make journal persistent across reboots
mkdir -p /var/log/journal
systemctl restart systemd-journaldThe commands differ based on your chosen distribution:
# Debian/Ubuntu (apt)
apt update
apt install nginx
apt remove nginx
apt search "web server"
apt list --installed
# CentOS/RHEL (dnf/yum)
dnf update
dnf install httpd
dnf remove httpd
dnf search "web server"
dnf list installed# Create a user with specific properties
useradd -m -s /bin/bash -G developers,sudo jsmith
passwd jsmith
# Modify existing user
usermod -aG docker jsmith # add to group
usermod -s /bin/zsh jsmith # change shell
usermod -L jsmith # lock account
usermod -U jsmith # unlock account
# Delete a user and their home directory
userdel -r jsmith
# Create and manage groups
groupadd developers
groupmod -n devs developers # rename group
groupdel devs
# Configure password aging
chage -M 90 -W 14 -I 7 jsmith
chage -l jsmith # view aging info
# Configure sudo access
visudo
# Add: jsmith ALL=(ALL) ALL
# Or: %developers ALL=(ALL) NOPASSWD: ALL# View current limits
ulimit -a
# Set limits in /etc/security/limits.conf
# <domain> <type> <item> <value>
# student soft nproc 100
# student hard nproc 150
# @developers soft nofile 4096Files in /etc/skel/ are copied to every new user's home directory:
# Add a default .bashrc customization for all new users
echo 'alias ll="ls -la"' >> /etc/skel/.bashrc
# Add default directories
mkdir -p /etc/skel/{Documents,Projects,Scripts}
# New users created after this will get these files automatically
useradd -m newuser
ls -la /home/newuser/ # will contain the skeleton files# View network interfaces and addresses
ip addr show
ip link show
# Configure a static IP (using nmcli on CentOS/RHEL)
nmcli con mod "eth0" ipv4.addresses 192.168.1.100/24
nmcli con mod "eth0" ipv4.gateway 192.168.1.1
nmcli con mod "eth0" ipv4.dns "8.8.8.8"
nmcli con mod "eth0" ipv4.method manual
nmcli con up "eth0"
# Configure using netplan (Ubuntu)
# Edit /etc/netplan/01-netcfg.yaml
# Then apply:
netplan apply
# Configure hostname
hostnamectl set-hostname myserver.example.com
# Hostname resolution
# Edit /etc/hosts
echo "192.168.1.50 dbserver.example.com dbserver" >> /etc/hosts
# View routing table
ip route show
# Add a static route
ip route add 10.0.0.0/8 via 192.168.1.1 dev eth0
# Make static route persistent (CentOS/RHEL)
nmcli con mod "eth0" +ipv4.routes "10.0.0.0/8 192.168.1.1"# Using firewalld (CentOS/RHEL)
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-port=8443/tcp
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" service name="ssh" accept'
firewall-cmd --reload
firewall-cmd --list-all
# Using ufw (Ubuntu)
ufw enable
ufw allow ssh
ufw allow 80/tcp
ufw allow from 10.0.0.0/8 to any port 22
ufw status verbose
# Using iptables directly
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT
iptables -L -n -v# Check current time settings
timedatectl
# Enable NTP synchronization
timedatectl set-ntp true
# Configure NTP server (using chronyd)
# Edit /etc/chrony.conf or /etc/chrony/chrony.conf
# Add: server ntp.example.com iburst
systemctl restart chronyd
# Verify synchronization
chronyc sources
chronyc tracking# List block devices and partitions
lsblk
fdisk -l
# Create a partition (MBR)
fdisk /dev/sdb
# Commands: n (new), p (primary), enter defaults, w (write)
# Create a partition (GPT)
gdisk /dev/sdb
# Or use parted:
parted /dev/sdb mklabel gpt
parted /dev/sdb mkpart primary xfs 1MiB 500MiB
# Create a filesystem
mkfs.xfs /dev/sdb1
mkfs.ext4 /dev/sdb2# Create physical volumes
pvcreate /dev/sdb1 /dev/sdc1
# Create a volume group
vgcreate datavg /dev/sdb1 /dev/sdc1
# Create logical volumes
lvcreate -L 1G -n datalv datavg
lvcreate -l 100%FREE -n loglv datavg # use all remaining space
# Create filesystem and mount
mkfs.xfs /dev/datavg/datalv
mkdir /mnt/data
mount /dev/datavg/datalv /mnt/data
# Add to /etc/fstab for persistence
echo "/dev/datavg/datalv /mnt/data xfs defaults 0 0" >> /etc/fstab
mount -a # test the fstab entry
# Extend a logical volume
lvextend -L +500M /dev/datavg/datalv
xfs_growfs /mnt/data # for xfs
# resize2fs /dev/datavg/datalv # for ext4
# Display LVM information
pvdisplay
vgdisplay
lvdisplay# Create an encrypted partition
cryptsetup luksFormat /dev/sdb1
# You'll be prompted for a passphrase
# Open the encrypted device
cryptsetup open /dev/sdb1 secret_data
# Create a filesystem on the encrypted device
mkfs.ext4 /dev/mapper/secret_data
# Mount it
mkdir /mnt/secure
mount /dev/mapper/secret_data /mnt/secure
# Close when done
umount /mnt/secure
cryptsetup close secret_data# Create a RAID 1 array (mirror)
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdc1
# Check RAID status
cat /proc/mdstat
mdadm --detail /dev/md0
# Create filesystem on RAID device
mkfs.xfs /dev/md0
# Save RAID configuration
mdadm --detail --scan >> /etc/mdadm/mdadm.conf # Debian/Ubuntu
mdadm --detail --scan >> /etc/mdadm.conf # CentOS/RHEL# Enable quotas on a filesystem
# Add usrquota,grpquota to mount options in /etc/fstab
# Example: /dev/sdb1 /data ext4 defaults,usrquota,grpquota 0 0
# Remount and initialize quotas
mount -o remount /data
quotacheck -cugm /data
quotaon /data
# Set quota for a user (soft/hard limits)
edquota -u jsmith
# Or set directly:
setquota -u jsmith 100M 120M 0 0 /data
# View quota usage
quota -u jsmith
repquota -a# Edit SSH configuration
vi /etc/ssh/sshd_config
# Common security settings:
# PermitRootLogin no
# PasswordAuthentication yes
# PubkeyAuthentication yes
# Port 2222
# Restart to apply changes
systemctl restart sshd
# Set up key-based authentication
ssh-keygen -t ed25519
ssh-copy-id user@remote_server# Install and start Apache
# Ubuntu/Debian:
apt install apache2
systemctl enable --now apache2
# CentOS/RHEL:
dnf install httpd
systemctl enable --now httpd
# Create a virtual host (Apache on CentOS)
cat > /etc/httpd/conf.d/mysite.conf << 'EOF'
<VirtualHost *:80>
ServerName mysite.example.com
DocumentRoot /var/www/mysite
<Directory /var/www/mysite>
AllowOverride None
Require all granted
</Directory>
ErrorLog /var/log/httpd/mysite-error.log
CustomLog /var/log/httpd/mysite-access.log combined
</VirtualHost>
EOF
mkdir -p /var/www/mysite
echo "<h1>Welcome</h1>" > /var/www/mysite/index.html
systemctl restart httpd
# Open firewall
firewall-cmd --permanent --add-service=http
firewall-cmd --reloadSince you choose your distribution at registration, know the differences that matter:
| Task | Ubuntu/Debian | CentOS/RHEL |
| Package install | apt install |
dnf install |
| Package search | apt search |
dnf search |
| Service management | systemctl (same) |
systemctl (same) |
| Firewall tool | ufw |
firewall-cmd |
| Web server package | apache2 |
httpd |
| Network config | netplan / nmcli |
nmcli |
| SELinux/AppArmor | AppArmor (default) | SELinux (default) |
| Default filesystem | ext4 | xfs |
| Config location | /etc/apache2/ |
/etc/httpd/ |
| Log location | /var/log/syslog |
/var/log/messages |
I. Set up your lab:
II. Master essential commands:
find, grep, sort, cut, wc, and diff until they're second naturetar (create, extract, list) using all compression typesIII. System administration tasks:
journalctl with various filtersIV. Networking and services:
V. Storage challenges:
VI. Timed practice exam:
man pages aggressively β they contain answers to most questions
- Verify persistence by checking /etc/fstab, enabled services, and reboot behavior
**Common mistakes:**
- Forgetting to make changes persistent (fstab, firewall, service enable)
- Mixing up Ubuntu and CentOS commands under pressure
- Not reading task requirements carefully (e.g., specific mount options or user properties)
- Skipping filesystem verification with mount -a or fstab syntax checks
- Forgetting to restart services after configuration changes
**Useful exam shortcuts:**
- man -k keyword to find relevant commands
- systemctl list-unit-files | grep enabled to check enabled services
- lsblk for a quick overview of disk layout
- ss -tlnp to see listening ports and associated processes
After earning the LFCS, consider advancing your career with:
Ready to start studying? Set up your practice lab with your chosen distribution, then work through each exam domain systematically. The Linux Certification Overview can help you confirm that LFCS is the right choice for your goals.
find, grep, and tar to search for and archive files. Time yourself to simulate exam conditions and identify areas where you need more practice./etc/fstab and verify the configuration after a reboot.ping, ip, and ss. Troubleshoot a simulated network issue (such as an incorrect gateway) and document the resolution steps.iptables or firewalld. Set up rules to allow SSH and HTTP traffic while blocking all other incoming connections. Test the configuration by attempting to connect on allowed and blocked ports, and make the rules persistent across reboots.systemctl. Enable, start, stop, and check the status of services. Create a custom systemd service unit that runs a simple script, and configure it to start automatically at boot.