Today we will see how to set Sticky Bit in Linux. This is next to SGID in our ongoing File and Folder permissions series in Linux. We already discussed about CHMOD, UMASK, CHOWN, CHGRP, SGID and SUID file and folder permissions etc in our the previous posts. In this post we will see
- What is Sticky Bit?
- Why we require Sticky Bit?
- Where we are going to implement Sticky Bit?
- How to implement Sticky Bit in Linux?
What is Sticky Bit?
Sticky Bit is mainly used on folders in order to avoid deletion of a folder and it’s content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.
Learn Sticky Bit with examples:
Example: Create a project(A folder) where people will try to dump files for sharing, but they should not delete the files created by other users.
How can I setup Sticky Bit for a Folder?
Sticky Bit can be set in two ways
- Symbolic way (t,represents sticky bit)
- Numerical/octal way (1, Sticky Bit bit as value 1)
Use chmod command to set Sticky Bit on Folder: /opt/dump/
chmod o+t /opt/dump/ or chmod +t /opt/dump/
Let me explain above command, We are setting Sticky Bit(+t) to folder /opt/dump by using chmod command.
chmod 1757 /opt/dump/
Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.
Checking if a folder is set with Sticky Bit or not?
Use ls -l to check if the x in others permissions field is replaced by t or T
For example: /opt/dump/ listing before and after Sticky Bit set
Before Sticky Bit set:
-rwxr-xrwx 1 xyz xyzgroup 148 Dec 22 03:46 /opt/dump/
After Sticky Bit set:
ls -l total 8 -rwxr-xrwt 1 xyz xyzgroup 148 Dec 22 03:46 /opt/dump/
Some FAQ’s related to Sticky Bit:
Now sticky bit is set, let us check if user “temp” can delete this folder which is created xyz user.
$ rm -rf /opt/dump rm: cannot remove `/opt/dump': Operation not permitted $ ls -l /opt total 8 drwxrwxrwt 4 xyz xyzgroup 4096 2012-01-01 17:37 dump $
if you observe other user is unable to delete the folder /opt/dump. And now content in this folder such as files and folders can be deleted by their respective owners who created them. No one can delete other users data in this folder though they have full permissions.
I am seeing “T” ie Capital s in the file permissions, what’s that?
After setting Sticky Bit to a file/folder, if you see ‘T’ in the file permission area that indicates the file/folder does not have executable permissions for all users on that particular file/folder.
Sticky bit without Executable permissions:
so if you want executable permissions, Apply executable permissions to the file.
chmod o+x /opt/dump/
-rwxr-xrwt 1 xyz xyzgroup 0 Dec 5 11:24 /opt/dump/
Sticky bit with Executable permissions:
you should see a smaller ‘t’ in the executable permission position.
How can I find all the Sticky Bit set files in Linux/Unix.
find / -perm +1000
The above find command will check all the files which is set with Sticky Bit bit(1000).
Can I set Sticky Bit for files?
Yes, but most of the time it’s not required.
How can I remove Sticky Bit bit on a file/folder?
chmod o-t /opt/dump/
Post your thoughts on this.