Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
sticky bit
- Thread starter unixkid
- Start date
cfsalmeida
IS-IT--Management
The sticky bit is primarily used on shared directories. It is useful for shared directories such as /var/tmp because users can create files, read and execute files owned by other users, but are not allowed to remove files owned by
other users. Of course, users can remove their own files.
From man sticky:
The sticky bit (file mode bit 01000, see chmod(2)) is used to indicate special treatment of certain files and directories. A directory for which the sticky bit is set restricts deletion of files it contains. A file in a sticky directory may only be removed or renamed by a user who has write permission on the directory, and either owns the file, owns the directory, or is the super-user. This is useful for directories such as /tmp, which
must be publicly writable, but should deny users permission to arbitrarily delete or rename the files of others.
Identifying sticky permissions:
#ls -ld /var/tmp
drwxrwxrwt 2 sys sys 512 May 26 11:02 /var/tmp
See the "t"? That tells us that the sticky bit is set.
A "T" refers to when the execute permissions are OFF.
A "t" refers to when the execute permissions are ON.
Setting sticky bit permissions:
The leading "1" in the "chmod" command sets the sticky bit.
#chmod 1771 <path_to_directory> (permissions for "other" have execute bit ON)
drwxrwx--t
#chmod 1770 <path_to_directory> (permissions for "other" have execute bit OFF)
drwxrwx--T
From man ls:
t the 1000 (octal) bit, or sticky bit, is on (see chmod(1)), and execution is on
T the 1000 bit is turned on, and execution is off
(undefined bit-state)
Regards,
Carlos Almeida,
other users. Of course, users can remove their own files.
From man sticky:
The sticky bit (file mode bit 01000, see chmod(2)) is used to indicate special treatment of certain files and directories. A directory for which the sticky bit is set restricts deletion of files it contains. A file in a sticky directory may only be removed or renamed by a user who has write permission on the directory, and either owns the file, owns the directory, or is the super-user. This is useful for directories such as /tmp, which
must be publicly writable, but should deny users permission to arbitrarily delete or rename the files of others.
Identifying sticky permissions:
#ls -ld /var/tmp
drwxrwxrwt 2 sys sys 512 May 26 11:02 /var/tmp
See the "t"? That tells us that the sticky bit is set.
A "T" refers to when the execute permissions are OFF.
A "t" refers to when the execute permissions are ON.
Setting sticky bit permissions:
The leading "1" in the "chmod" command sets the sticky bit.
#chmod 1771 <path_to_directory> (permissions for "other" have execute bit ON)
drwxrwx--t
#chmod 1770 <path_to_directory> (permissions for "other" have execute bit OFF)
drwxrwx--T
From man ls:
t the 1000 (octal) bit, or sticky bit, is on (see chmod(1)), and execution is on
T the 1000 bit is turned on, and execution is off
(undefined bit-state)
Regards,
Carlos Almeida,
Just to add to Carlos's note - the sticky bit was originally used to pin (or stick) code in memory, hence the name. Nowadays the sticky is not required for this purpose (memory is not quite as precious as it once was!) and it has no meaning applied to _files_.
- Status
Similar threads