Certain directories in Linux have write access to everyone, such as the /tmp directory (which is world-writable). The problem with that is that anyone can intentionally or accidentally modify/delete files created by other users within that directory. Indeed, this is where the "sticky bit" comes into play in Linux and other Unix-like systems.
In this tutorial, we will learn about the sticky bit and how to set it.
What is Sticky Bit in Linux
The sticky bit is an authorization bit that you can set on a directory to ensure that only the item owner, directory owner, or root user can rename or delete files within that directory, regardless of the permissions of the files themselves. Setting the sticky bit on a file typically has no effect. It's primarily used when set on directories. The sticky bit is a security feature that makes the file system treat the directories differently.
Basically, it makes your publicly writable directories secure by preventing other users from modifying or deleting any files that are not owned by the user who is performing the operation.
On Linux, you can set the sticky bit on the directory using the chmod command which can be verified using ls -l command.
Check Stick Bit Permission
You can check the sticky bit permission of the directory using ls -ld directory-name command.
$ ls -ld /tmp
In the output, the
t at the end of
drwxrwxrwt indicates that the sticky bit is set. This prevents a user from deleting or renaming files in /tmp that are owned by other users or processes, enhancing the security and stability of the system.
If the sticky bit is set but the directory doesn't have execute permissions for others, you will see a
T instead of
If the directory doesn't have a sticky bit there won't be any t or T at the end of the permission string.
Setting Sticky Bit using Chmod
Chmod allows two modes to set permissions for files and directories. Those are octal and symbolic modes. Let's look into how to set the sticky bit using those two chmod modes.
Here we set sticky bit /tmpdir1 directory using chmod octal method.
sudo chmod 1755 /tmpdir1
In octal mode, the sticky bit is represented by the number 1 at the leftmost of the three-digit permission representation.
Here we set sticky bit /tmpdir2 directory using chmod symbolic method.
chmod +t /tmpdir2
In symbolic mode, +t option with the chmod command enables sticky bit. The benefit of the symbolic method is that the command adds the sticky bit without changing other existing permissions.
Remove Sticky Bit Permission
You can either choose the octal or symbolic mode to remove sticky bit permission.
Using Octal (Numeric) mode:
We have used 1 to denote the sticky bit in the permission. Just remove it.
chmod 755 /tmpdir1
This command changes the permission along with removes the sticky bit permission on /tmpdir1 directory.
Using Symbolic mode:
You can unset the sticky bits by using the -t symbol with the chmod.
chmod -t /tmpdir2
Instead of changing the permission, -t remove sticky bit permission on /tmpdir2 directory.
Like the sticky bit, Linux has other special types of permissions such as SUID and SGID, it's worth understanding.