Home » 2016 » February » 5 » Lets try to understand sticky bit concept in Linux!

10:10 AM
Lets try to understand sticky bit concept in Linux!

Finally I understood sticky bit concept and I want to share this with all..

Best way to learn it is we shall try an example. We all might be aware of its definitions and theory:

RESTRICTED DELETION FLAG OR STICKY BIT(t)
 

  • The restricted deletion flag or sticky bit is a single bit, whose interpretation depends  on  the  file  type.  
  • For directories,  it  prevents  unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the  directory,  and  is  commonly  found  on world-writable  directories  like  /tmp.  
  • For regular files on some older systems, the bit saves the program's textimage on the swap device so it will load more quickly when run; this is called the sticky bit.
     

In short, sticky bit prevents accidental deletion of a file or subdirectories initiated by any other user, inside a directory owned by a user/root. Lets try to understand the example below.

  • We create a folder "afolder" with root or a previledged user.

[root@HYDBMW /]# whoami
root
[root@HYDBMW /]# pwd
/
[root@HYDBMW /]# mkdir afolder
[root@HYDBMW /]# ls -ld afolder/
drwxr-xr-x. 2 root root 4096 Feb  5 10:24 afolder/

 

  •  We want to experiment on this file as another user "shankar". Lets put the folder afolder into group "user" which "shankar" belongs to.

[root@HYDBMW /]# chgrp user afolder/
[root@HYDBMW /]# ls -ld afolder/
drwxr-xr-x. 2 root user 4096 Feb  5 10:27 afolder/

  • Create some files inside that folder, say file1, file2 etc.

[root@HYDBMW /]# touch afolder/file1 afolder/file2
[root@HYDBMW /]# ls -l afolder/
total 0
-rw-r--r--. 1 root root 0 Feb 5 10:27 file1
-rw-r--r--. 1 root root 0 Feb 5 10:27 file2

  • Now we login as user "shankar " and try to delete this file.

[shankar@HYDBMW /]$ cd afolder/
[shankar@HYDBMW afolder]$ ls -l
total 0
-rw-r--r--. 1 root root 0 Feb  5 10:45 file1
-rw-r--r--. 1 root root 0 Feb  5 10:45 file2
[shankar@HYDBMW afolder]$ rm file1
rm: remove write-protected regular empty file `file1'? y
[shankar@HYDBMW afolder]$ ls
file2

  • And we notice that we are able to do this. Even the file has read permission only for other users, "shankar" is able to delete.
  • Lets turn on the sticky bit now.

[root@HYDBMW /]# chmod o+t afolder/   (Symbolic mode)
[root@HYDBMW /]# ls -ld afolder/

or

[root@HYDBMW /]# chmod 1770 afolder/    (Octal mode)
[root@HYDBMW /]# ls -ld afolder/

drwxrwx--T. 2 root user 4096 Feb  5 10:53 afolder/
[root@HYDBMW /]#

  • Now we switch to user "shankar" and try to delete the file inside folder "afolder".

[shankar@HYDBMW afolder]$ ls -l
total 0
-rw-r--r--. 1 root root 0 Feb  5 10:53 file1
-rw-r--r--. 1 root root 0 Feb  5 10:45 file2
[shankar@HYDBMW afolder]$ rm -rf file1
rm: cannot remove `file1': Operation not permitted
[shankar@HYDBMW afolder]$ rm -rf file2
rm: cannot remove `file2': Operation not permitted

 


  •  Ok, so now "shankar" is not able to delete the file (probably because of the syicky bit set on the folder "afolder" ). Bad... Lets give full permissions on these files to make him happy and let him delete the files.

[root@HYDBMW afolder]# chmod 777 file*
[root@HYDBMW afolder]# ls -l
total 0
-rwxrwxrwx. 1 root root 0 Feb  5 10:53 file1
-rwxrwxrwx. 1 root root 0 Feb  5 10:45 file2

  • Now he can delete it, lets try. 

[shankar@HYDBMW /]$ cd afolder/
[shankar@HYDBMW afolder]$ ls -l
total 0
-rwxrwxrwx. 1 root root 0 Feb  5 10:53 file1
-rwxrwxrwx. 1 root root 0 Feb  5 10:45 file2
[shankar@HYDBMW afolder]$ rm -rf file1
rm: cannot remove `file1': Operation not permitted
[shankar@HYDBMW afolder]$ rm -rf file2
rm: cannot remove `file2': Operation not permitted

  • Again he is not able to delete the file!! why?

This is because of the sticky bit set on the folder afolder by the owner of the folder.


  • Mostly sticky bit is set on world-writable folder /tmp where everyone can read write and execute but they must to banned if they want to delete any thing inside that folder.

[root@HYDBMW /]# ls -ld /tmp
drwxrwxrwt. 9 root root 4096 Feb  5 03:21 /tmp
[root@HYDBMW /]# stat /tmp
  File: `/tmp'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd00h/64768d    Inode: 1044481     Links: 9
Access: (1777/drwxrwxrwt)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-01-21 17:42:48.000000000 +0530
Modify: 2016-02-05 03:21:05.000000000 +0530
Change: 2016-02-05 03:21:06.094002015 +0530

  • Sticky bit is applicable to directories only to provide special permissions to files and sub directories inside.
 
 

Category: Open System-Linux | Views: 968 | Added by: shanky | Tags: how to set sticky bit in Linux., deletion restriction flag, sticky bit, file permissions in linux, sticky bit in linux | Rating: 0.0/0

Related blogs


You may also like to see:


[2014-10-04][Open System-Linux]
SYSCTL : A command to configure kernel parameters at runtime in linux
[2015-07-18][Open System-Linux]
Creating and Managing Logical Volume Manager in Linux
[2014-03-25][Open System-Linux]
Create a new user in Linux system: useradd
[2014-02-19][Open System-Linux]
Shift Key is not working!! Mapping keyboard keys from one to another
[2015-06-13][Open System-Linux]
XRANDR command : a command line interface to RandR extension, set screen size and orientation

Total comments: 0
avatar