by Jerry Peek
01/27/2000
Unix directory access permissions say that if a user has write permission on a directory, she can rename or remove files there–even files that don’t belong to her. Many newer versions of Unix have a way to stop that. The owner of a directory can set its sticky bit. The only people who can rename or remove any file in that directory are the file’s owner, the directory’s owner, and the superuser.
an example: the user jerry makes a world-writable directory and sets the sticky bit (shown as t here):
jerry%mkdir sharejerry%chmod 1777 sharejerry%ls -ld sharedrwxrwxrwt 2 jerry ora 32 Nov 19 10:31 share
Other people create files in it. When jennifer tries to remove a file that belongs to ellie, she can’t:
jennifer%ls -ltotal 2 -rw-r--r-- 1 ellie ora 120 Nov 19 11:32 data.ellie -rw-r--r-- 1 jennifer ora 3421 Nov 19 15:34 data.jennifer -rw-r--r-- 1 peter ora 728 Nov 20 12:29 data.peter jennifer%rm data.elliedata.ellie: 644 mode ?yrm: data.ellie not removed. Permission denied
Commonly known as the “sticky bit,” the save-text-mode flag is a special type of file permission. If a file has this flag set, that file will be kept in cache memory, for quicker access. [2] If set on a directory, it restricts write permission. Setting the sticky bit adds a t to the permissions on the file or directory listing.
drwxrwxrwt 7 root 1024 May 19 21:26 tmp/ |
If a user does not own a directory that has the sticky bit set, but has write permission in that directory, he can only delete files in it that he owns. This keeps users from inadvertently overwriting or deleting each other’s files in a publicly accessible directory, such as /tmp. (The owner of the directory or root can, of course, delete or rename files there.)
