RHCSA Certification Complete Study Guide 2025 – Red Hat Certified System Administrator

Last Updated: December 2025 | Exam Version: RHCSA EX200 (RHEL 9) | Reading Time: 60 minutes

The Red Hat Certified System Administrator (RHCSA) certification validates your ability to perform core system administration tasks in Red Hat Enterprise Linux environments. This comprehensive study guide covers all RHCSA EX200 exam objectives with practical examples, commands, and hands-on exercises to help you pass the exam on your first attempt.

About the RHCSA Certification

The RHCSA is a foundational certification for Linux system administrators. Key details:

• Exam Code: EX200
• Duration: 2.5 hours
• Format: Performance-based (hands-on tasks)
• Passing Score: 210/300 (70%)
• Prerequisites: None (but experience recommended)
• RHEL Version: Red Hat Enterprise Linux 9

Prerequisites for This Guide

• Access to RHEL 9 or compatible system (Rocky Linux, AlmaLinux)
• Basic Linux command line knowledge
• A lab environment for practice (VM or cloud server)
• Recommended: Set up a practice lab on Linode or DigitalOcean

Exam Objective 1: Understand and Use Essential Tools

Access a Shell Prompt and Issue Commands

# Access local console or SSH
ssh user@server

# Use virtual terminals
Ctrl+Alt+F1 through F6    # Switch TTY
chvt 2                     # Switch to tty2

# Exit shell
exit
logout
Ctrl+D

Use Input-Output Redirection

# Standard output redirection
ls > file.txt        # Overwrite
ls >> file.txt       # Append

# Standard error redirection
command 2> error.txt

# Redirect both stdout and stderr
command &> all.txt
command > output.txt 2>&1

# Input redirection
sort < unsorted.txt

# Pipes
cat /etc/passwd | grep root | cut -d: -f7

# Here documents
cat << EOF > /etc/myconfig
Setting1=value1
Setting2=value2
EOF

Use grep and Regular Expressions

# Basic grep
grep "pattern" file.txt

# Case insensitive
grep -i "pattern" file.txt

# Recursive search
grep -r "pattern" /etc/

# Show line numbers
grep -n "pattern" file.txt

# Invert match
grep -v "pattern" file.txt

# Extended regex
grep -E "pattern1|pattern2" file.txt

# Regex examples
grep "^root" /etc/passwd      # Lines starting with root
grep "bash$" /etc/passwd      # Lines ending with bash
grep "r..t" /etc/passwd       # r followed by any 2 chars then t
grep "[0-9]\+" file.txt       # One or more digits

Access Remote Systems Using SSH

# Basic SSH connection
ssh user@hostname

# SSH with specific port
ssh -p 2222 user@hostname

# SSH with key file
ssh -i /path/to/key user@hostname

# Generate SSH keys
ssh-keygen -t ed25519

# Copy public key to server
ssh-copy-id user@hostname

# Execute remote command
ssh user@hostname "command"

Archive, Compress, and Transfer Files

# Create tar archive
tar -cvf archive.tar files/

# Create compressed archive
tar -czvf archive.tar.gz files/
tar -cjvf archive.tar.bz2 files/
tar -cJvf archive.tar.xz files/

# Extract archives
tar -xvf archive.tar
tar -xzvf archive.tar.gz -C /destination/

# List archive contents
tar -tvf archive.tar

# gzip/gunzip
gzip file
gunzip file.gz

# Secure copy
scp file.txt user@server:/path/
scp -r directory/ user@server:/path/

# Rsync
rsync -avz source/ destination/
rsync -avz -e ssh source/ user@server:/path/

Exam Objective 2: Create Simple Shell Scripts

Conditionally Execute Code (if, test, [])

#!/bin/bash

# Basic if statement
if [ condition ]; then
    command
elif [ condition ]; then
    command
else
    command
fi

# File tests
if [ -f /etc/passwd ]; then
    echo "File exists"
fi

if [ -d /var/log ]; then
    echo "Directory exists"
fi

# String comparisons
if [ "$var" = "value" ]; then
    echo "Match"
fi

# Numeric comparisons
if [ "$num" -gt 10 ]; then
    echo "Greater than 10"
fi

# -eq (equal), -ne (not equal)
# -lt (less than), -le (less or equal)
# -gt (greater than), -ge (greater or equal)

# Logical operators
if [ "$a" -gt 5 ] && [ "$b" -lt 10 ]; then
    echo "Both conditions true"
fi

Use Looping Constructs

#!/bin/bash

# For loop
for i in 1 2 3 4 5; do
    echo "Number: $i"
done

# For loop with range
for i in {1..10}; do
    echo "Number: $i"
done

# For loop with files
for file in /etc/*.conf; do
    echo "Config file: $file"
done

# While loop
count=1
while [ $count -le 5 ]; do
    echo "Count: $count"
    ((count++))
done

# Read file line by line
while read line; do
    echo "$line"
done < /etc/passwd

Process Script Inputs

#!/bin/bash

# Positional parameters
echo "Script name: $0"
echo "First argument: $1"
echo "Second argument: $2"
echo "All arguments: $@"
echo "Number of arguments: $#"

# Exit status
echo "Last command exit status: $?"

# Read user input
read -p "Enter your name: " name
echo "Hello, $name"

# Example script
#!/bin/bash
if [ $# -lt 1 ]; then
    echo "Usage: $0 filename"
    exit 1
fi

if [ -f "$1" ]; then
    wc -l "$1"
else
    echo "File not found: $1"
    exit 1
fi

Exam Objective 3: Operate Running Systems

Boot, Reboot, and Shut Down a System

# Reboot system
sudo systemctl reboot
sudo reboot

# Shutdown system
sudo systemctl poweroff
sudo shutdown -h now

# Schedule shutdown
sudo shutdown -h +10 "System shutting down in 10 minutes"

# Cancel scheduled shutdown
sudo shutdown -c

# Set default boot target
sudo systemctl set-default multi-user.target
sudo systemctl set-default graphical.target

# Boot into specific target (at boot)
# Add to kernel line: systemd.unit=rescue.target

Boot Systems into Different Targets

# View current target
systemctl get-default

# List available targets
systemctl list-units --type=target

# Common targets:
# multi-user.target - equivalent to runlevel 3
# graphical.target - equivalent to runlevel 5
# rescue.target - single user mode
# emergency.target - minimal environment

# Change default target
sudo systemctl set-default multi-user.target

# Switch target without reboot
sudo systemctl isolate rescue.target

Interrupt the Boot Process to Gain Access

To reset the root password or access a system when locked out:

# 1. Reboot the system
# 2. At GRUB menu, press "e" to edit
# 3. Find the line starting with "linux"
# 4. Add: rd.break
# 5. Press Ctrl+X to boot

# In the emergency shell:
mount -o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
exit
exit

Start, Stop, and Check Status of Services

# Start service
sudo systemctl start httpd

# Stop service
sudo systemctl stop httpd

# Restart service
sudo systemctl restart httpd

# Reload configuration
sudo systemctl reload httpd

# Check status
systemctl status httpd

# Enable at boot
sudo systemctl enable httpd

# Disable at boot
sudo systemctl disable httpd

# Enable and start
sudo systemctl enable --now httpd

# Mask service (prevent starting)
sudo systemctl mask httpd

# Unmask service
sudo systemctl unmask httpd

# List all services
systemctl list-units --type=service
systemctl list-unit-files --type=service

Locate and Interpret System Log Files

# View journal logs
journalctl

# Follow logs in real-time
journalctl -f

# Logs since boot
journalctl -b

# Logs for specific unit
journalctl -u httpd

# Logs since time
journalctl --since "1 hour ago"
journalctl --since "2024-01-01" --until "2024-01-02"

# Priority levels
journalctl -p err    # Error and above
journalctl -p warning

# Traditional log files
/var/log/messages    # General system logs
/var/log/secure      # Authentication logs
/var/log/boot.log    # Boot logs
/var/log/cron        # Cron job logs

Exam Objective 4: Configure Local Storage

Create and Configure Partitions

# List block devices
lsblk

# Create partitions with fdisk (MBR)
sudo fdisk /dev/sdb
# n - new partition
# p - primary
# 1 - partition number
# Enter - default first sector
# +1G - size
# w - write and exit

# Create partitions with gdisk (GPT)
sudo gdisk /dev/sdb

# Create partitions with parted
sudo parted /dev/sdb
(parted) mklabel gpt
(parted) mkpart primary xfs 1MiB 1GiB
(parted) quit

# Verify partition table
sudo partprobe /dev/sdb
lsblk

Create and Configure File Systems

# Create XFS filesystem (RHEL default)
sudo mkfs.xfs /dev/sdb1

# Create ext4 filesystem
sudo mkfs.ext4 /dev/sdb1

# Create with label
sudo mkfs.xfs -L "mydata" /dev/sdb1

# View filesystem info
xfs_info /dev/sdb1
tune2fs -l /dev/sdb1    # for ext4

# Mount filesystem
sudo mkdir /mnt/data
sudo mount /dev/sdb1 /mnt/data

# Mount by UUID
sudo mount UUID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" /mnt/data

# Mount by label
sudo mount LABEL="mydata" /mnt/data

# Find UUID
blkid /dev/sdb1
lsblk -f

Configure Systems to Mount File Systems at Boot

# Edit /etc/fstab
sudo nano /etc/fstab

# fstab format:
# device    mount_point    fstype    options    dump    fsck

# Examples:
UUID=xxxxx    /mnt/data    xfs       defaults   0 0
/dev/sdb1     /mnt/backup  ext4      defaults   0 2
LABEL=mydata  /data        xfs       defaults   0 0

# Test fstab entry (mount all)
sudo mount -a

# Verify mounts
df -h
mount | grep /mnt/data

Configure and Manage Swap Space

# Create swap partition
sudo fdisk /dev/sdb
# Create partition and set type to 82 (Linux swap)

# Format as swap
sudo mkswap /dev/sdb2

# Enable swap
sudo swapon /dev/sdb2

# View swap info
swapon --show
free -h

# Disable swap
sudo swapoff /dev/sdb2

# Add to fstab for persistence
# /dev/sdb2    swap    swap    defaults    0 0

# Create swap file
sudo dd if=/dev/zero of=/swapfile bs=1M count=1024
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Exam Objective 5: Create and Configure File Systems

Create and Configure LVM

# Create physical volumes
sudo pvcreate /dev/sdb1 /dev/sdc1

# View physical volumes
sudo pvs
sudo pvdisplay

# Create volume group
sudo vgcreate myvg /dev/sdb1 /dev/sdc1

# View volume groups
sudo vgs
sudo vgdisplay

# Create logical volume
sudo lvcreate -n mylv -L 5G myvg

# Create LV using percentage
sudo lvcreate -n mylv -l 100%FREE myvg

# View logical volumes
sudo lvs
sudo lvdisplay

# Create filesystem on LV
sudo mkfs.xfs /dev/myvg/mylv

# Mount LV
sudo mount /dev/myvg/mylv /mnt/lvmdata

# Extend volume group
sudo vgextend myvg /dev/sdd1

# Extend logical volume
sudo lvextend -L +5G /dev/myvg/mylv
sudo lvextend -l +100%FREE /dev/myvg/mylv

# Resize filesystem
sudo xfs_growfs /mnt/lvmdata      # XFS
sudo resize2fs /dev/myvg/mylv     # ext4

Configure Systems to Mount File Systems by UUID or Label

# Find UUID
sudo blkid /dev/sdb1
lsblk -f

# Set label (XFS)
sudo xfs_admin -L "mydata" /dev/sdb1

# Set label (ext4)
sudo e2label /dev/sdb1 "mydata"

# Mount by UUID in fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /mnt/data xfs defaults 0 0

# Mount by label in fstab
LABEL=mydata /mnt/data xfs defaults 0 0

Exam Objective 6: Deploy, Configure, and Maintain Systems

Schedule Tasks Using cron

# Edit user crontab
crontab -e

# List crontab
crontab -l

# Crontab format:
# MIN HOUR DOM MON DOW command
# * * * * * /path/to/script.sh

# Examples:
# Run at 2:30 AM daily
30 2 * * * /scripts/backup.sh

# Run every 15 minutes
*/15 * * * * /scripts/check.sh

# Run at 9 AM on weekdays
0 9 * * 1-5 /scripts/report.sh

# Run on first of each month
0 0 1 * * /scripts/monthly.sh

# System cron directories
/etc/cron.d/
/etc/cron.daily/
/etc/cron.weekly/
/etc/cron.monthly/

# Restrict cron access
/etc/cron.allow
/etc/cron.deny

Start and Stop Services and Configure at Boot

# Enable service at boot
sudo systemctl enable httpd

# Disable service at boot
sudo systemctl disable httpd

# Enable and start immediately
sudo systemctl enable --now httpd

# Check if enabled
systemctl is-enabled httpd

# List all enabled services
systemctl list-unit-files --state=enabled

Configure Time Service Clients

# View current time settings
timedatectl

# Set timezone
sudo timedatectl set-timezone America/New_York

# List timezones
timedatectl list-timezones

# Enable NTP synchronization
sudo timedatectl set-ntp true

# Configure chronyd
sudo nano /etc/chrony.conf
# Add NTP servers:
# server time.server.com iburst

# Restart chronyd
sudo systemctl restart chronyd

# Check sync status
chronyc sources
chronyc tracking

Install and Update Software Packages

# Search for packages
dnf search httpd

# Get package info
dnf info httpd

# Install package
sudo dnf install httpd

# Remove package
sudo dnf remove httpd

# Update all packages
sudo dnf update

# List installed packages
dnf list installed

# List available packages
dnf list available

# Install package group
sudo dnf group install "Development Tools"

# List package groups
dnf group list

# Clean cache
sudo dnf clean all

# View repository list
dnf repolist

# Enable/disable repository
sudo dnf config-manager --enable repo-name
sudo dnf config-manager --disable repo-name

Exam Objective 7: Manage Basic Networking

Configure IPv4 and IPv6 Addresses

# View network connections
nmcli connection show

# View device status
nmcli device status

# Configure static IP
sudo nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24
sudo nmcli connection modify eth0 ipv4.gateway 192.168.1.1
sudo nmcli connection modify eth0 ipv4.dns "8.8.8.8 8.8.4.4"
sudo nmcli connection modify eth0 ipv4.method manual

# Apply changes
sudo nmcli connection up eth0

# Configure DHCP
sudo nmcli connection modify eth0 ipv4.method auto

# Add secondary IP
sudo nmcli connection modify eth0 +ipv4.addresses 192.168.1.101/24

# Interactive editor
sudo nmcli connection edit eth0

# View IP addresses
ip addr show

# Configure hostname
sudo hostnamectl set-hostname myserver.example.com

# DNS configuration
/etc/resolv.conf
/etc/hosts

Configure Hostname Resolution

# Set hostname
sudo hostnamectl set-hostname myserver.example.com

# View hostname
hostnamectl

# Configure /etc/hosts
sudo nano /etc/hosts
# Add entries:
192.168.1.100    myserver.example.com myserver

# Test resolution
getent hosts myserver
ping myserver

Configure Firewall Using firewall-cmd

# Check firewall status
sudo firewall-cmd --state

# List all zones
sudo firewall-cmd --get-zones

# Get active zone
sudo firewall-cmd --get-active-zones

# List all rules in zone
sudo firewall-cmd --zone=public --list-all

# Add service (temporary)
sudo firewall-cmd --zone=public --add-service=http

# Add service (permanent)
sudo firewall-cmd --zone=public --add-service=http --permanent

# Remove service
sudo firewall-cmd --zone=public --remove-service=http --permanent

# Add port
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

# Reload firewall
sudo firewall-cmd --reload

# List available services
sudo firewall-cmd --get-services

# Rich rules (advanced)
sudo firewall-cmd --zone=public --add-rich-rule="rule family=ipv4 source address=192.168.1.0/24 service name=ssh accept" --permanent

Exam Objective 8: Manage Users and Groups

Create, Delete, and Modify Local User Accounts

# Create user
sudo useradd username

# Create user with options
sudo useradd -m -d /home/user -s /bin/bash -c "Full Name" username

# Set password
sudo passwd username

# Modify user
sudo usermod -aG wheel username    # Add to group
sudo usermod -s /bin/zsh username  # Change shell
sudo usermod -d /home/newdir username  # Change home

# Lock user
sudo usermod -L username

# Unlock user
sudo usermod -U username

# Delete user
sudo userdel username

# Delete user with home directory
sudo userdel -r username

# View user info
id username
getent passwd username

Create, Delete, and Modify Groups

# Create group
sudo groupadd developers

# Create group with specific GID
sudo groupadd -g 2000 developers

# Delete group
sudo groupdel groupname

# Add user to group
sudo usermod -aG developers username

# Remove user from group
sudo gpasswd -d username developers

# View group members
getent group developers
groups username

Configure Superuser Access

# Edit sudoers file safely
sudo visudo

# Add user to wheel group (default sudo)
sudo usermod -aG wheel username

# Allow specific command without password
username ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart httpd

# Allow group sudo access
%developers ALL=(ALL) ALL

# View sudo privileges
sudo -l

Exam Objective 9: Manage Security

Configure Firewall Settings

See firewall-cmd section above.

Manage Default File Permissions

# View current umask
umask

# Set umask (subtract from 777 for dirs, 666 for files)
umask 022    # Files: 644, Dirs: 755
umask 027    # Files: 640, Dirs: 750

# Set permanent umask in ~/.bashrc or /etc/profile

# Special permissions
chmod u+s file    # SUID
chmod g+s dir     # SGID
chmod +t dir      # Sticky bit

# Numeric special permissions
chmod 4755 file   # SUID + 755
chmod 2755 dir    # SGID + 755
chmod 1777 dir    # Sticky + 777

Configure Key-Based Authentication for SSH

# Generate SSH key pair
ssh-keygen -t ed25519

# Copy public key to server
ssh-copy-id user@server

# Verify key-based login
ssh user@server

# Disable password authentication
sudo nano /etc/ssh/sshd_config
# PasswordAuthentication no

# Restart sshd
sudo systemctl restart sshd

Set Enforcing and Permissive Modes for SELinux

# Check SELinux status
getenforce
sestatus

# Set mode temporarily
sudo setenforce 0    # Permissive
sudo setenforce 1    # Enforcing

# Set mode permanently
sudo nano /etc/selinux/config
# SELINUX=enforcing

# View SELinux context
ls -Z /var/www/html

# Change context
sudo chcon -t httpd_sys_content_t /var/www/html/file

# Restore default context
sudo restorecon -Rv /var/www/html

# SELinux booleans
getsebool -a
sudo setsebool -P httpd_can_network_connect on

Exam Objective 10: Manage Containers

Find and Retrieve Container Images

# Search for images
podman search httpd

# Pull image
podman pull registry.access.redhat.com/ubi9/httpd-24

# List local images
podman images

# Remove image
podman rmi image_id

Run Containers

# Run container
podman run -d --name myhttp -p 8080:80 httpd

# Run with volume mount
podman run -d --name myhttp -p 8080:80 -v /mydata:/var/www/html:Z httpd

# List running containers
podman ps

# List all containers
podman ps -a

# View container logs
podman logs myhttp

# Execute command in container
podman exec -it myhttp /bin/bash

# Stop container
podman stop myhttp

# Start container
podman start myhttp

# Remove container
podman rm myhttp

Configure Containers to Start at Boot

# Generate systemd unit file
podman generate systemd --name myhttp --files

# Move to systemd directory
mkdir -p ~/.config/systemd/user/
mv container-myhttp.service ~/.config/systemd/user/

# Enable the service
systemctl --user daemon-reload
systemctl --user enable container-myhttp.service

# Enable lingering for user services to start at boot
loginctl enable-linger username

Exam Tips and Strategies

1. Practice hands-on - The exam is entirely performance-based
2. Use man pages - They are available during the exam
3. Manage your time - Dont spend too long on one question
4. Verify your work - Test that services start, mounts work, etc.
5. Make changes persistent - Use fstab, systemctl enable, etc.
6. Dont forget SELinux - Many tasks require correct contexts
7. Reboot to test - Ensure changes survive reboot

Recommended Resources

• Official Red Hat Training (RH124, RH134)
• Udemy RHCSA Courses - Search for highly-rated RHCSA prep courses
• Practice labs on Linode or DigitalOcean

Conclusion

The RHCSA certification is achievable with dedicated practice. Focus on hands-on experience with RHEL 9 or compatible distributions. Work through each objective until you can perform the tasks confidently without referring to documentation. Good luck on your exam!

Disclosure: This article contains affiliate links. If you purchase through these links, we may earn a commission at no additional cost to you. This helps support TheLinuxClub and allows us to continue creating free tutorials.