Linux File Special Permissions - Sticky Bit

This is last of the three series posts regarding Linux special file permissions. We know that in addition to the basic file permission there are three more  special permissions. They are
  • Set User ID (SUID)
  • Set Group ID (SGID)
  • Sticky Bit
and in this post will cover Sticky Bit

Sticky Bit

Like SUID and SGID, Sticky bit is also an access rights flag set on a file/directory. Sticky bits are mainly used on directories to restrict users from deleting or renaming a file inside the directory unless they own the file. i.e With exception to root user,  the file created inside a directory enabled with sticky bit can only be  deleted or renamed by the owner of the file even though normal users have the permission to view, write and modify the file. Sticky bits are usually set on world-writable directories. /tmp/ is an example world-writable directory in *nix.
We can check whether a directory is set with sticky bit with ls -ld output






In the screenshot above you can see the other user's execute permission displaying 't' instead of 'x'. This means the the /tmp is set with sticky bit. In some cases you will see a 'T' (capital letter T) instead of  't' (small letter t). This means sticky bit is set even though the others don't have execute permission.

Using chmod command we can either add or remove Sticky Bit to a file. Sticky Bit can be set in two methods
  • symbolic method - chmod o+t <filename> or  chmod +t <filename> will set Sticky Bit on a file
  • numeric method - chmod 1xxx <filename> will set Sticky Bit on a file where 1 represents  Sticky Bit and xxx represents the access permissions of owner, group and other users in numeric method. 
Examples 

#1) Consider /data is a world-writable directory (rwxrwxrwx) similar to /tmp directory and owned by the root user. In order to enable sticky bit on /data, execute
chmod -v +t /data
or
chmod -v 1777 /data

Sample Output:
mode of ‘/data’ changed from 0777 (rwxrwxrwx) to 1755 (rwxrwxrwt)
Now lets consider that in addition to the root user there are two more user accounts named calypso and foo belonging to the group IT_Dept. /data directory contains file1.txt owned by the user calypso and group IT_Dept. Both user and group has read-write permission on the file. Keeping this scenario in mind lets check the below screenshot
In the above screenshot as you can see the user foo, also a member of the group IT_Dept,  is able to read and write data inside the file /data/file1.txt. But when user foo tries to remove the file, Sticky Bit enabled on the directory /data is denying the permission to perform the action. In the mean time owner calypso will be able to delete the file.

#2) Now lets see how to remove sticky bit from a file/directory. We will use the same files mentioned in the above scenario for this example. To remove sticky bit from /data directory, execute

chmod -v -t /data
or
chmod -v 0777 /data

Sample Output:
mode of ‘/data’ changed from 1777 (rwxrwxrwt) to 0755 (rwxrwxrwx)

Now lets see what happens when user foo tries to remove /data/file1.txt

 You can see that eventhough there is no change in files permission, user foo was able to delete /data/file1.txt once the sticky bit was removed from /data directory

Comments

Post a Comment

Popular posts from this blog

Understanding awk command with examples

Image
Awk is a simple and powerful programming language used for processing text files. It is widely used by system administrators as a data manipulation, extraction and reporting tool. Awk treats every file as a sequence of records and by default each records are separated by a new line. Each record consist of one or more fields which are by default separated by a space. The syntax for awk command is
Read more

what is an inode?

Image
In Unix/*nix every file has a data structure known as i-nodes (index nodes). Each i-node stores all the information regarding a file like File type File mode or permission Number of links User ID Group ID File size Time stamp File deletion time
Read more

Understanding sed command with example -Part 1

sed is a *nix stream editor command with the ability to filter and transform input text files line by line. sed command works very well with awk command and they are used together by System Administrators to simplify day to day activities. The syntax for sed command is sed [options] commands <input-file> One thing that distinguishes sed from other editors are its ability to filter text in a pipeline. In this first of the two post series on sed we will cover 3 of the most often used commands. They are Print (p) command Quit (q) command Delete (d) command
Read more