Special Permissions (SUID,SGID and StickyBit ) In Linux :: STICKY...

Special Permissions (SUID,SGID and StickyBit ) In Linux :: STICKY Bit Part- 3/3

by -
1 773

What is Sticky Bit?

Sticky Bit is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents accidentally or intentionally . If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.

Note:  Sticky bit usually applies on folders.

How can I setup Sticky Bit on  a Folder?

Sticky Bit can be set in two ways
1.    Symbolic way (t,represents sticky bit)
2.    Numerical/octal way (1, Sticky Bit bit as value 1)

Use chmod command to set Sticky Bit on Folder:  /data
Symbolic (octal) way:

#chmod o+t /data

Sticky Bit(+t)  is applied on folder /data.

Or we can use Numerical ways to implement sticky bit

Numerical way:

#chmod 1757 /data

Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Checking if a folder is set with Sticky Bit or not?

Use ls -l to check if the x in others permissions field is replaced by t or T

For example: /data  listing before and after Sticky Bit set

Before Sticky Bit set:

drwxr-xr-x    2 root root  4096 Jul  1 17:40 data
here permission shows  rwx ( for owner)    r-x ( for group)   r-x  ( for others)
force sticky bit now

# chmod  o+t  /data

Now status is

drwxr-xr-t    2 root root  4096 Jul  1 17:40  data  <—–  drwxr-xr-t  here  t  stand for sticky bit here

Difference between  t  and  T  here in sticky bit :

Here we created two folders data and data1

drwxr-xr-x    2 root root  4096 Jul  1 17:40 data
drw-r–r–    2 root root  4096 Jul  1 17:51 data1

now force command on both

[root@pc2 /]# chmod o+t  data
[root@pc2 /]# chmod o+t  data1

Now show list

drwxr-xr-t    2 root root  4096 Jul  1 17:40 data     <——- drwxr-xr-t
drw-r–r-T    2 root root  4096 Jul  1 17:51 data1    <—– -drw-r–r-

here small t means permission executive share with sticky bit ( x+ sticky bit = t) and capital T means  here no executive permission is available here ( – + sticky bit =T )

suppose you have permission 755 on directory  data and 644 on directory  data1 you can force sticky bit by numerical way too

[root@pc2 /]# chmod 1755 data                 <———- here 1 represent sticky bit
[root@pc2 /]# chmod 1644 data1               <——— here 1 represent sticky bit

Result will be same

drwxr-xr-t    2 root root  4096 Jul  1 17:40 data     <—— drwxr-xr-
drw-r–r-T    2 root root  4096 Jul  1 17:51 data1    <—– -drw-r–rT  

Test Sticky bit :

To test sticky bit here , I am creating two users  ( user1 and user2 )

[root@pc2 /]# chmod 777  /data   <—— giving all permission to all
[root@pc2 /]#
[root@pc2 /]# chmod o+t /data      <——forcing sticky bit here

[root@pc2 /]# su – user1
[user1@pc2 ~]$
[user1@pc2 ~]$ cd /data
[user1@pc2 data]$ touch file-by-user1
[user1@pc2 data]$ mkdir dir-by-user1
[user1@pc2 data]$ exit
logout
[root@pc2 /]# su – user2
[user2@pc2 ~]$ cd /data
[user2@pc2 data]$ ls
dir-by-user1  file-by-user1
[user2@pc2 data]$
[user2@pc2 data]$ rm -rf file-by-user1
rm: cannot remove `file-by-user1′: Operation not permitted

[user2@pc2 data]$ rm -rf dir-by-user1
rm: cannot remove `dir-by-user1′: Operation not permitted
[user2@pc2 data]$ touch file-by-user2
[user2@pc2 data]$ mkdir dir-by-user2
[user2@pc2 data]$ ls -l
total 8
drwxrwxr-x 2 user1 user1 4096 Jul  1 18:08 dir-by-user1
drwxrwxr-x 2 user2 user2 4096 Jul  1 18:08 dir-by-user2
-rw-rw-r– 1 user1 user1    0 Jul  1 18:07 file-by-user1
-rw-rw-r– 1 user2 user2    0 Jul  1 18:08 file-by-user2
[user2@pc2 data]$

[user2@pc2 data]$ rm -rf file-by-user1
rm: cannot remove `file-by-user1′: Operation not permitted   <—-file by user1 can not deleted by user2
[user2@pc2 data]$ rm -rf file-by-user2 permitted   <—-file by user2 can be deleted by himself

[user2@pc2 data]$
[user2@pc2 data]$ ls -l
total 8
drwxrwxr-x 2 user1 user1 4096 Jul  1 18:08 dir-by-user1
drwxrwxr-x 2 user2 user2 4096 Jul  1 18:08 dir-by-user2
-rw-rw-r– 1 user1 user1    0 Jul  1 18:07 file-by-user1
[user2@pc2 data]$

Note:  Basic thing is that  in the shared folder like /data, if sticky bit is forced then owner of the file and folder can deleted by himself and can not delete others files and folders. This permission is very excellent, widely used in production.

Enjoy Linux …it works.

( Do comment and  share,  if you liked the post )

 

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 1037

0 697

1 COMMENT

  1. Dear Vikas Sir,

    Please provide the basic command in pdf format……i try to download the pdf but i got some error, So please i request to you upload the pdf format in this portal..

    Thanks & Regards
    Tarun Singh

Leave a Reply

Required Captcha *