Special Permissions (SUID,SGID and StickyBit ) In Linux :: STICKY...

Special Permissions (SUID,SGID and StickyBit ) In Linux :: STICKY Bit Part- 3/3

by -
1 1168

What is Sticky Bit?

Sticky Bit is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents accidentally or intentionally . If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.

Note:  Sticky bit usually applies on folders.

How can I setup Sticky Bit on  a Folder?

Sticky Bit can be set in two ways
1.    Symbolic way (t,represents sticky bit)
2.    Numerical/octal way (1, Sticky Bit bit as value 1)

Use chmod command to set Sticky Bit on Folder:  /data
Symbolic (octal) way:

#chmod o+t /data

Sticky Bit(+t)  is applied on folder /data.

Or we can use Numerical ways to implement sticky bit

Numerical way:

#chmod 1757 /data

Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Checking if a folder is set with Sticky Bit or not?

Use ls -l to check if the x in others permissions field is replaced by t or T

For example: /data  listing before and after Sticky Bit set

Before Sticky Bit set:

drwxr-xr-x    2 root root  4096 Jul  1 17:40 data
here permission shows  rwx ( for owner)    r-x ( for group)   r-x  ( for others)
force sticky bit now

# chmod  o+t  /data

Now status is

drwxr-xr-t    2 root root  4096 Jul  1 17:40  data  <—–  drwxr-xr-t  here  t  stand for sticky bit here

Difference between  t  and  T  here in sticky bit :

Here we created two folders data and data1

drwxr-xr-x    2 root root  4096 Jul  1 17:40 data
drw-r–r–    2 root root  4096 Jul  1 17:51 data1

now force command on both

[[email protected] /]# chmod o+t  data
[[email protected] /]# chmod o+t  data1

Now show list

drwxr-xr-t    2 root root  4096 Jul  1 17:40 data     <——- drwxr-xr-t
drw-r–r-T    2 root root  4096 Jul  1 17:51 data1    <—– -drw-r–r-

here small t means permission executive share with sticky bit ( x+ sticky bit = t) and capital T means  here no executive permission is available here ( – + sticky bit =T )

suppose you have permission 755 on directory  data and 644 on directory  data1 you can force sticky bit by numerical way too

[[email protected] /]# chmod 1755 data                 <———- here 1 represent sticky bit
[[email protected] /]# chmod 1644 data1               <——— here 1 represent sticky bit

Result will be same

drwxr-xr-t    2 root root  4096 Jul  1 17:40 data     <—— drwxr-xr-
drw-r–r-T    2 root root  4096 Jul  1 17:51 data1    <—– -drw-r–rT  

Test Sticky bit :

To test sticky bit here , I am creating two users  ( user1 and user2 )

[[email protected] /]# chmod 777  /data   <—— giving all permission to all
[[email protected] /]#
[[email protected] /]# chmod o+t /data      <——forcing sticky bit here

[[email protected] /]# su – user1
[[email protected] ~]$
[[email protected] ~]$ cd /data
[[email protected] data]$ touch file-by-user1
[[email protected] data]$ mkdir dir-by-user1
[[email protected] data]$ exit
logout
[[email protected] /]# su – user2
[[email protected] ~]$ cd /data
[[email protected] data]$ ls
dir-by-user1  file-by-user1
[[email protected] data]$
[[email protected] data]$ rm -rf file-by-user1
rm: cannot remove `file-by-user1′: Operation not permitted

[[email protected] data]$ rm -rf dir-by-user1
rm: cannot remove `dir-by-user1′: Operation not permitted
[[email protected] data]$ touch file-by-user2
[[email protected] data]$ mkdir dir-by-user2
[[email protected] data]$ ls -l
total 8
drwxrwxr-x 2 user1 user1 4096 Jul  1 18:08 dir-by-user1
drwxrwxr-x 2 user2 user2 4096 Jul  1 18:08 dir-by-user2
-rw-rw-r– 1 user1 user1    0 Jul  1 18:07 file-by-user1
-rw-rw-r– 1 user2 user2    0 Jul  1 18:08 file-by-user2
[[email protected] data]$

[[email protected] data]$ rm -rf file-by-user1
rm: cannot remove `file-by-user1′: Operation not permitted   <—-file by user1 can not deleted by user2
[[email protected] data]$ rm -rf file-by-user2 permitted   <—-file by user2 can be deleted by himself

[[email protected] data]$
[[email protected] data]$ ls -l
total 8
drwxrwxr-x 2 user1 user1 4096 Jul  1 18:08 dir-by-user1
drwxrwxr-x 2 user2 user2 4096 Jul  1 18:08 dir-by-user2
-rw-rw-r– 1 user1 user1    0 Jul  1 18:07 file-by-user1
[[email protected] data]$

Note:  Basic thing is that  in the shared folder like /data, if sticky bit is forced then owner of the file and folder can deleted by himself and can not delete others files and folders. This permission is very excellent, widely used in production.

Enjoy Linux …it works.

( Do comment and  share,  if you liked the post )

 

Download PDF

CEO, KV IT-Solutions Pvt. Ltd. | [email protected] | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

SIMILAR ARTICLES

0 1573

0 1205

0 1101

1 COMMENT

  1. Dear Vikas Sir,

    Please provide the basic command in pdf format……i try to download the pdf but i got some error, So please i request to you upload the pdf format in this portal..

    Thanks & Regards
    Tarun Singh

Leave a Reply