Skip to content

Linux Users and Permissions — Trivia & Interesting Facts

Surprising, historical, and little-known facts about Linux users and permissions.

The root user (UID 0) has existed since the first Unix in 1969

The superuser concept with UID 0 was built into the original Unix at Bell Labs. Ken Thompson and Dennis Ritchie designed Unix with a single all-powerful user who could bypass all permission checks. This model has survived over 55 years, though modern capabilities and MAC systems (SELinux, AppArmor) now allow splitting root's powers into individually grantable capabilities.

The permission bits (rwxrwxrwx) are stored as a 12-bit number

The 9 visible permission bits (3 for owner, 3 for group, 3 for others) plus 3 special bits (setuid, setgid, sticky) form a 12-bit integer stored in the inode. The octal notation (0755, 0644) maps directly to these bits. This encoding has been unchanged since Unix V1 in 1971, making it one of the most stable data formats in computing history.

The sticky bit was originally about keeping programs in swap

The sticky bit (chmod +t) was originally designed in 1974 to tell the kernel to keep a program's text segment in swap space after it exited, so the next execution would be faster. This original meaning is obsolete. Today, the sticky bit on directories (like /tmp) means only the file owner can delete their files, preventing users from deleting each other's temporary files.

/etc/shadow was invented because /etc/passwd was world-readable

In early Unix, password hashes were stored directly in /etc/passwd, which had to be world-readable so programs could look up usernames. Anyone could read the file and attempt to crack passwords offline. The shadow password system, introduced in the late 1980s, moved hashes to /etc/shadow (readable only by root), leaving /etc/passwd as a public user database.

Linux capabilities split root into 41 individual privileges

Instead of an all-or-nothing root model, Linux capabilities (introduced in kernel 2.2, 1999) divide root's powers into granular units like CAP_NET_BIND_SERVICE (bind to ports below 1024), CAP_SYS_PTRACE (trace processes), and CAP_NET_RAW (use raw sockets). As of kernel 6.x, there are 41 distinct capabilities. Docker and Kubernetes use capabilities to run containers with a minimal subset of root powers.

The nobody user (UID 65534) was designed to own nothing

The nobody user exists to run processes that should have minimal privileges. It traditionally has UID 65534 (which is -2 as a signed 16-bit integer). The design intention is that no files on the system should be owned by nobody, so processes running as nobody cannot modify anything. NFS historically mapped remote root users to nobody to prevent root-squashing exploits.

ACLs extend the Unix permission model without breaking compatibility

POSIX Access Control Lists (ACLs), supported in Linux since kernel 2.6, allow per-user and per-group permissions beyond the traditional owner/group/other model. You can grant user alice read access and user bob write access to the same file. The getfacl and setfacl commands manage ACLs, and ls -l shows a + indicator when ACLs are present.

sudo was written by a sysadmin who kept forgetting the root password

Bob Coggeshall and Cliff Spencer wrote the original sudo at SUNY Buffalo around 1980. The tool was later maintained by Todd Miller, who has been the lead developer since 1994. sudo logs every command executed with elevated privileges, providing an audit trail that direct root login does not. The sudoers file syntax is powerful but notoriously easy to misconfigure.

The umask determines default permissions for every new file

The umask is a bitmask subtracted from the maximum permissions (666 for files, 777 for directories) to determine defaults for newly created files. A umask of 022 means new files get 644 and new directories get 755. The umask is inherited from the parent process, which is why login shells set it in /etc/profile — a misconfigured umask can make every new file world-writable.

setuid programs are the oldest privilege escalation mechanism in Unix

The setuid bit (chmod u+s) makes a program run with the file owner's privileges rather than the invoking user's. Programs like passwd, ping, and su rely on setuid-root to perform privileged operations. However, setuid programs are a major attack surface — a bug in any setuid-root binary is a local root exploit. Modern Linux uses capabilities instead wherever possible.