Linux is a multi-user operating system, which enables you to create multiple users and can assign user-level permissions to all files and directories. Certain files and directories can be used by all the users on your system, such as the /tmp directory. The problem with such directories is that any user can intentionally or accidentally modify/delete files created by other Linux users. To avoid such problems, Linux supports sticky bit that allows only the owner or the root to modify/delete files.
In this tutorial, we will learn about the sticky bit and how to set it.
What is Sticky Bit in Linux
The sticky bit is an authorization bit that you can set on a file or a directory to ensure that only the file/directory owner or the root user can modify or delete the file. Other users can not modify or delete the file or directory.
When you set the sticky bit for a directory, all the files in that particular directory can be modified or deleted only by the owner of the file or the root user. If the sticky bit is not set, any user who has the write and execute permissions can modify or delete the file.
Advantages of Sticky Bit
The sticky bit is a security feature that makes the file system treat the files and directories differently. It makes your publicly writeable directories secure by preventing other users from modifying or deleting any files that are not owned by the user who is performing the operation.
The biggest advantage of setting the sticky bit using symbolic method is that you do not have to update existing regular file permissions. You can simply set or unset sticky bit permissions.
If a directory has rwx------ or rwxr-xr-x permissions, then only an owner can create multiple files in that directory. If a directory has rwxrwx--- permissions, then any user can modify or delete any files in that directory, irrespective of the file ownership. If a directory has rwxrwx--T permissions, then any user that is member of the group can create files, but only the owners can modify or delete files.
Sticky Bit Examples
The shared directories like /tmp and /var/tmp are the perfect candidates for the sticky bit. Any user on your Linux system can create files in these directories. These directories have read, write, and execute permissions for everyone.
When you set the sticky bit for any directories:
- The write permission for the directory are changed.
- Only the file owners can now modify or delete the files.
- Any user can add a file to the directory, but you can not overwrite another user’s file.
The following example shows if stick bit is set for a directory:
ls -ld /tmp
The t in the drwxrwxrwt permissions indicates that the sticky bit is set for the directory.
How to Set Sticky Bit
You can set the sticky bit in Linux by using two methods:
The following steps show you how to create a directory and set the sticky bit for the directory using the Octal method:
1. Add a new group named shared with group id 321:
sudo groupadd -g 321 shared
2. Add the user bob to the shared group for updating the Linux file permissions:
sudo usermod -aG shared bob
3. Create a new directory named code:
4. Assign the code directory to the shared group:
sudo chgrp shared /tmp/code/
5. Change the permissions to 1777 using the chmod command to set the sticky bit on the directory:
sudo chmod 1777 /tmp/code
6. Verify if the sticky bits is set:
ls -ld /tmp/code
The following steps show you how to create a directory and set the sticky bits for the directory using the symbolic method:
1. Create a new directory under the /tmp directory:
2. Use the +t flag with the chmod command to enable the sticky bits:
chmod +t /tmp/files
3. Verify the directory permissions:
ls -ld /tmp/files
The permission bit is set for the directory as a result of the above procedures.
How to know Sticky Bit is Set
The easiest way to verify if a directory has set a stick bit is to check the directory permissions using the ls -ld command.
ls -ld /tmp
How to Remove Sticky Bit
You can unset the sticky bits by using the -t symbol with the chmod command:
chmod -t /tmp/code
Verify if the sticky bits are unset on the directory:
ls -ld /tmp/code
As you can see in the output, the t bit in the permissions is removed. Similarly, you can unset the permissions bit for “others” by using the o-t option.
Sticky bits are an important part of Linux file permissions. Although you do not use sticky bits frequently, it is very important to understand how they work and how can you set them. The sticky bit works like the SUID and SGID which enables you to control permissions for the executable files.
If you have any questions or feedback about this tutorial, please add a comment below.