Set and Then Clear the Sticky Bit
chmod [+-]tBesides being a fun phrase that rolls off the tongue, what's the sticky bit? In the old days of Unix, if the sticky bit was set for an executable file, the OS knew that the file was going to be run constantly, so it was kept in swap space so it could be quickly and efficiently accessed. Linux is a more modern system, so it ignores the sticky bit when it's set on files. That means that the sticky bit is used on directories. After it is set on a folder, users cannot delete or rename files in that folder unless they are that file's owner or the owner of the directory that has the sticky bit set on it. If the sticky bit isn't set and the folder is writable for users, that also means that those users can delete and rename any files in that directory. The sticky bit prevents that from happening. The most common place you'll see it is in your /tmp directory, which is world-writable by design, but the individual files and folders within /tmp are protected from other users by the sticky bit. $ ls -l / drwxrwxrwt 12 root root ... tmp [Results truncated for length] Note You may see both a t and a T to indicate that the sticky bit is set. You see a t if the world already had execute permissions (x) before you set the sticky bit, and a T if the world didn't have execute set before the sticky bit was put in place. The end result is the same, but the capitalization tells you what was in place originally. Like so many other examples using chmod in this chapter, it's possible to set the sticky bit with either letters or numbers. $ ls -lF drwxrwxr-x 2 scott family ... libby_pix/ $ chmod +t libby_pix $ ls -lF drwxrwxr-t 2 scott family ... libby_pix/ Two things might be a bit confusing here. First, although previous uses of the alphabetic method for setting permissions required you to specify who was affected by typing in a u, g, or o, for instance, that's not necessary with the sticky bit. A simple +t is all that is required. Second, note that the t appears in the world's execute position, but even though the directory isn't world-writable, it still allows members of the family group to write to the directory, while preventing those members from deleting files unless they own them. Removing the sticky bit is about as straightforward as you could hope. $ ls -lF drwxrwxr-t 2 scott family ... libby_pix/ $ chmod -t libby_pix $ ls -lF drwxrwxr-x 2 scott family ... libby_pix/ Setting the sticky bit using octal permissions involves the fourth digit already covered in "List All Available Printers" and "Set and Then Clear sgid." Where suid uses 4 and sgid uses 2, the sticky bit uses 1 (see a pattern?). $ ls -lF drwxrwxr-x 2 scott family ... libby_pix/ $ chmod 1775 libby_pix $ ls -lF drwxrwxr-t 2 scott family ... libby_pix/ Once again, a 0 cancels out the sticky bit. $ ls -lF drwxrwxr-t 2 scott family ... libby_pix/ $ chmod 0775 libby_pix $ ls -lF drwxrwxr-x 2 scott family ... libby_pix/ The sticky bit isn't something you'll be using on many directories on your workstation, but on a server it can be incredibly handy. Keep it in mind, and you'll find that it solves some otherwise thorny permission problems. Tip In the interest of speeding up your time on the command line, it's possible to set combinations of suid, sgid, and the sticky bit at the same time. In the same way that you add 4 (read), 2 (write), and 1 (execute) together to get the numeric permissions for users, you can do the same for suid, sgid, and the sticky bit.
Be sure to note that using a 0 removes suid, sgid, and the sticky bit all at the same time. If you use 0 to remove suid but you still want the sticky bit set, you need to go back and reset the sticky bit. |
