INFO: What is a "Sticky Bit"?

At a recent job interview, I was asked this question. I was able to satisfactorily answer the question but failed to answer the follow-up question -- what is the difference between the sticky bit "t" (small letter) and the sticky bit "T" (bold letter)? This experience led me to improve my knowledge further. This post is dedicated to the experience I had, and to share the knowledge to those who quest for it.

What is the "Sticky Bit"? ("t" and "T"). The sticky bit is primarily used on shared directories with open permissions, such as /var/tmp and /tmp. Directories with open permissions (or publicly writable) present a lot of problems because users **CAN CREATE** files, **READ/EXECUTE** files owned by other users, and at the same time are **ALLOWED EDIT/REMOVE** privileges to files owned by other users.

With sticky bit set on publicly writable directories, users **CAN CREATE** files, **READ/EXECUTE** those files as well as files owned by other users, but are **NOT ALLOWED EDIT/REMOVE** privileges to files they don't own. The only exception to this is the super-user root which can edit or remove files.

In simple terms, sticky bit is used to indicate special treatment of certain directories. A directory for which the sticky bit is set restricts deletion or modification of files it contains. A file in a sticky bit set directory may only be removed, modified or renamed by a user who has write permission on the directory, and either owns the file, owns the directory, or is the super-user. This is useful for directories such as /tmp, which must be publicly writable, but should deny users permission to arbitrarily delete or rename the files of others.

It is worthy to note here that the directories with open permissions (or publicly writable) can be any arbitrary directory, not just limited to /tmp and /var/tmp. Its just that /tmp and /var/tmp exist by default on the system.

Which directory has sticky permissions? How do you identify a directory that has sticky bit set? To illustrate further see the example below.

user@host# ls -ld /sticky/directory
drwxrwxrwt  2   user   group   512   Jun 20 11:02  /sticky/directory

On the output of the "ls" command, see the "t" (on drwxrwxrwt)? That tells us that the sticky bit is set.
A "T" refers to when the execute permissions are OFF.
A "t" refers to when the execute permissions are ON.

How to set sticky bit permissions. The leading "1" in the "chmod" command sets the sticky bit.
user@host# chmod 1777 /sticky/directory (permissions for "other" have execute bit ON) 
drwxrwxrwt
user@host# chmod 1776 /sticky/directory (permissions for "other" have execute bit OFF)
drwxrwxrwT

The equivalent of the above commands in another syntax.
user@host# chmod o+t /sticky/directory
user@host# chmod o+x /sticky/directory
drwxrwxrwt        
user@host# chmod o+t /sticky/directory
user@host# chmod o-x /sticky/directory
drwxrwxrwT
Or..
user@host# chmod o=rwxt /sticky/directory
drwxrwxrwt        
user@host# chmod o=rwt /sticky/directory
drwxrwxrwT

There you go, more information regarding sticky bit. To my knowledge, sticky bit for files are not supported by any modern implementation of Unix or Linux. It is only significant and applicable to directories.

You might also be interested in:

Feedback

We at pimp-my-rig strive to keep on improving, help us reach that goal by leaving comments or constructive criticisms. Don't miss out on our next feature -- subscribe via RSS (What is RSS?).

Share This

0 comments: