Sticky Bit is mainly used on folders in order to avoid deletion of a folder and it’s content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.
01. Set sticky bit permission on files and directories :
As it is a permission , we set it using chmod command.
Represented in Symbolic way with letter ( t ).
Represented in binary way with number ( 1 ).
Sticky bit applied only on Others (all users) permissions, so
chmod +t testfile IS THE SAME AS chmod o+t testfile
OR add (1) before permissions in binary way, for example if current permissions for a file is 755 , so to add sticky bit use: chmod 1755 filename.
02. Verify if sticky bit is set :
Like any permissions: use ls -l to list contents with permissions.
Sticky bit permissions replaces execute ( x ) with small letter ( t ) if others have execute permissions and replace it with capital letter ( T ) if others don’t have execute permissions.
03. Examples:
Show current permissions.
~ $ ls -ld test/ drwxr-xr-x 1 akm akm 0 Apr 25 23:59 test/
Add sticky bit permissions and show new permissions.
~ $ chmod +t test/ ~ $ ls -ld test/ drwxr-xr-t 1 akm akm 0 Apr 25 23:59 test/
Remove execute permission to show capital (T)
~ $ chmod o-x test/ ~ $ ls -ld test/ drwxr-xr-T 1 akm akm 0 Apr 25 23:59 test/
Set new permissions with all granted
~ $ chmod 777 test/ ~ $ ls -ld test/ drwxrwxrwx 1 akm akm 0 Apr 25 23:59 test/
Set new permissions and add sticky bit.
~ $ chmod 1777 test/ ~ $ ls -ld test/ drwxrwxrwt 1 akm akm 0 Apr 25 23:59 test/
Login with another user which is not owner user or group of test directory.
~ $ ls -l test/ total 0 -rw-r--rwx 1 akm akm 0 Apr 26 00:38 file1 -rw-r--rwx 1 akm akm 0 Apr 26 00:38 file2
Notice that sticky bit doesn’t seem to be set on files and others have read/write permissions, so should we be able to remove it? , let’s see …
$ rm file1 rm: cannot remove 'file1': Operation not permitted
No we couldn’t remove the file .. why ? because of inheritance , the parent directory have sticky bit set and by default inherited to sub files, so setting sticky bit on files will affect only this files, but on directory will affect all sub files, Don,t forget that.
$ ls -ld test/ drwxrwxrwt 1 akm akm 20 Apr 26 00:38 test/
In abbreviation , write permission allow to modify and delete , but sticky bit remove deletion capability from write permission for all users (Others).
That is it , thanks for reading this , i hope it was simple.
Enjoy !.
One comment on “Linux Sticky bit permission”