Linux Gotchas

Permission Traps

• chmod 777 fixes nothing, breaks everything — find the actual owner/group issue
• Setuid on scripts is ignored for security — only works on binaries
• chown -R follows symlinks outside target directory — use --no-dereference
• Default umask 022 makes files world-readable — set 077 for sensitive systems
• ACLs override traditional permissions silently — check with getfacl

Process Gotchas

• kill sends SIGTERM by default, not SIGKILL — process can ignore it
• nohup doesn't work if process already running — use disown instead
• Background job with & still dies on terminal close without disown or nohup
• Zombie processes can't be killed — parent must call wait() or be killed
• kill -9 skips cleanup handlers — data loss possible, use SIGTERM first

Filesystem Traps

• Deleting open file doesn't free space until process closes it — check lsof +L1
• rm -rf /path / with accidental space = disaster — use rm -rf /path/ trailing slash
• Inodes exhausted while disk shows space free — many small files problem
• Symlink loops cause infinite recursion — find -L follows them
• /tmp cleared on reboot — don't store persistent data there

Disk Space Mysteries

• Deleted files held open by processes — lsof +L1 shows them, restart process to free
• Reserved blocks (5% default) only for root — tune2fs -m 1 to reduce
• Journal eating space — journalctl --vacuum-size=500M
• Docker overlay eating space — docker system prune -a
• Snapshots consuming space — check LVM, ZFS, or cloud provider snapshots

Networking

• localhost and 127.0.0.1 may resolve differently — check /etc/hosts
• Firewall rules flushed on reboot unless saved — iptables-save or use firewalld/ufw persistence
• netstat deprecated — use ss instead
• Port below 1024 requires root — use setcap for capability instead
• TCP TIME_WAIT exhaustion under load — tune net.ipv4.tcp_tw_reuse

SSH Traps

• Wrong permissions on ~/.ssh = silent auth failure — 700 for dir, 600 for keys
• Agent forwarding exposes your keys to remote admins — avoid on untrusted servers
• Known hosts hash doesn't match after server rebuild — remove old entry with ssh-keygen -R
• SSH config Host blocks: first match wins — put specific hosts before wildcards
• Connection timeout on idle — add ServerAliveInterval 60 to config

Systemd

• systemctl enable doesn't start service — also need start
• restart vs reload: restart drops connections, reload doesn't (if supported)
• Journal logs lost on reboot by default — set Storage=persistent in journald.conf
• Failed service doesn't retry by default — add Restart=on-failure to unit
• Dependency on network: After=network.target isn't enough — use network-online.target

Cron Pitfalls

• Cron has minimal PATH — use absolute paths or set PATH in crontab
• Output goes to mail by default — redirect to file or /dev/null
• Cron uses system timezone, not user's — set TZ in crontab if needed
• Crontab lost if edited incorrectly — crontab -l > backup before editing
• @reboot runs on daemon restart too, not just system reboot

Memory and OOM

• OOM killer picks "best" victim, often not the offender — check dmesg for kills
• Swap thrashing worse than OOM — monitor with vmstat
• Memory usage in free includes cache — "available" is what matters
• Process memory in /proc/[pid]/status — VmRSS is actual usage
• cgroups limit respected before system OOM — containers die first

Commands That Lie

• df shows filesystem capacity, not physical disk — check underlying device
• du doesn't count sparse files correctly — file appears smaller than disk usage
• ps aux memory percentage can exceed 100% (shared memory counted multiple times)
• uptime load average includes uninterruptible I/O wait — not just CPU
• top CPU percentage is per-core — 400% means 4 cores maxed