Does the root account always have UID/GID 0?

On all the Linux systems I've managed, the root account has a GID and UID of 0. Is this guaranteed, or is it possible that the system will give root a different ID?


There are actually two parts to your question.

Does the superuser account always have uid/gid 0/0 on Linux?

Yes. As is pointed out by Rich Homolka in a comment, there's code in the kernel which explicitly checks for uid 0 when needing to check for the root user, which means that root always has at least uid 0.

Is the name of the user account with uid 0 always root?

No. root is just a name, listed in /etc/passwd or some other authentication store. You could just as well call the account admin, and the OS itself won't care, but some applications might not quite like it because they expect there to exist a privileged account named root. Calling the uid 0 account on a *nix root is a very strongly held convention, but it isn't required by the system (though it may be required by certain userland software, possibly including system administration utilities).

It's also worth noting that, as pointed out by Simon Richter, on BSDs there often exists a second uid 0 account, by convention named toor (which is "root" spelled backwards, and also lexically comes after root in a list sorted alphabetically). For example, FreeBSD uses it to provide a root user with a customized shell setting, leaving the root user with a default shell which is guaranteed to exist on the system's root partition (useful for recovery purposes).


1) the administrator is always uid == 0. This is coded in the kernel. It would take some coding in the kernel to change this. There's not much point to this, so it's not done. For example, it would be inconsistent for other unixes sharing the same NFS for example.

2) uid 0 does not necessarily map to root. The best example is FreeBSD. It has two uid == 0 accounts, the difference being the shell. root has shell /bin/sh, which is a simple shell, useful for when your disks are bad and you need fsck /usr. toor uses tcsh, which is much more useful in non-emergency situations,since it has things like history, etc.

Another, more personal example; one job I had where they had a root equiv (i.e. uid=0) account over NIS. The password, blank! Because the new sysadmin couldn't remember the root password on the machines. I yelled about this for obvious reasons (NIS passwords by definition can not hide their blankness). I was not happy about this account.

And it really isn't the system that gives uid 0 is root, it's you. You change this my using passwd files, or other naming directories (NIS, ldap) but it's not compiled in. Though you should have at least one uid 0 account in /etc/passwd, since you may not have networking when you really need it.

So root is always uid 0, but uid 0 is not necessarily always root.


Well for systems that use the nonStop server, ROOT_UID is not 0 but 65535.

OSS users and groups The OSS environment does not provide common UNIX default user names and user IDs unless they are explicitly created by a site administrator. However, equivalent OSS user names and user IDs do exist. For example, the privileges normally associated with the UNIX user name root and the user ID of 0 exist for the OSS user ID (UID) of 65535 (the super ID), which is the user SUPER.SUPER and its aliases.

See https://h20195.www2.hpe.com/V2/GetPDF.aspx/4AA4-6316ENW.pdf

In coreutils, you can find that root-uid.h header file:

/* The user ID that always has appropriate privileges in the POSIX sense.

   Copyright 2012-2016 Free Software Foundation, Inc.

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.

   Written by Paul Eggert.  */

#ifndef ROOT_UID_H_
#define ROOT_UID_H_

/* The user ID that always has appropriate privileges in the POSIX sense.  */
#ifdef __TANDEM
# define ROOT_UID 65535
#else
# define ROOT_UID 0
#endif

#endif