Sticky bit

Sticky bit

I recently had an interview in which I got asked about the sticky bit. Honnestly, I can’t remember what this is. Of course I know it has something to do with access rights on a Linux filesystem, and I remember having checked Wikipedia or man at least 10 times about it but it just doesn’t stick in my head. So I’ll try to dig a little in its behaviour to make it stay up there !

How to set it

chmod +t somefile-or-dir
chmod 1xxx somefile-or-dir

Let’s play
I created 2 directories and 2 files, one with sticky bit set and one without for each type:

drwxrwxr-x  2 amandine amgrp 4,0K 2012-05-04 16:20 dirWithoutStickyBit
drwxrwxr-t  2 amandine amgrp 4,0K 2012-05-04 16:20 dirWithStickyBit
-rw-rw-r-T  1 amandine amgrp    0 2012-05-04 16:20 fileWithStickyBit
-rw-rw-r--  1 amandine amgrp    0 2012-05-04 16:20 fileWithoutStickyBit

First I noticed that the sticky bit on the directory is shown as “t” in place of the last x, and as “T” for the file. Maybe it’s because the file isn’t world executable? Let’s verify that :

amandine$ chmod +x fileWithStickyBit
amandine$ ls -lah
drwxrwxr-x  2 amandine amgrp 4,0K 2012-05-04 16:20 dirWithoutStickyBit
drwxrwxr-t  2 amandine amgrp 4,0K 2012-05-04 16:20 dirWithStickyBit
-rwxrwxr-t  1 amandine amgrp    0 2012-05-04 16:20 fileWithStickyBit
-rw-rw-r-x  1 amandine amgrp    0 2012-05-04 16:20 fileWithoutStickyBit

Ok, so “T” means sticky bit on but world executable off, “t” means both on.

The user “amandine” owns everything, and both users “amandine” and “test” belong to “amgroup”. Of course “amandine” can delete, rename and edit everything. What about user “test” ?

test$ mv dirWithoutStickyBit dirWithoutStickyBit2
test$ mv dirWithStickyBit dirWithStickyBit2
test$ mv fileWithoutStickyBit fileWithoutStickyBit2
test$ mv fileWithStickyBit fileWithStickyBit2
test$ echo test > fileWithoutStickyBit2
test$ echo test > fileWithStickyBit2
test$ touch dirWithoutStickyBit2/file1
test$ touch dirWithStickyBit2/file1

Ok. Nothing different, “test” can do everything too. Did I miss the point?? Let’s play more.

amandine$ touch dirWithoutStickyBit2/file2
amandine$ touch dirWithStickyBit2/file2
amandine$ ls -lah *
-rwxrwxr-x 1 amandine amgrp    5 2012-05-04 16:38 fileWithoutStickyBit2
-rwxrwxr-t 1 amandine amgrp    5 2012-05-04 16:38 fileWithStickyBit2

dirWithoutStickyBit2:
drwxrwxr-x 2 amandine amgrp    4,0K 2012-05-04 16:44 .
drwxrwxrwx 4 amandine amandine 4,0K 2012-05-04 16:38 ..
-rw-r--r-- 1 test     test        0 2012-05-04 16:43 file1
-rw-r--r-- 1 amandine amandine    0 2012-05-04 16:44 file2

dirWithStickyBit2:
drwxrwxr-t 2 amandine amgrp    4,0K 2012-05-04 16:44 .
drwxrwxrwx 4 amandine amandine 4,0K 2012-05-04 16:38 ..
-rw-r--r-- 1 test     test        0 2012-05-04 16:43 file1
-rw-r--r-- 1 amandine amandine    0 2012-05-04 16:44 file2

amandine$ rm dirWithoutStickyBit2/file1
rm: remove write-protected regular empty file 'dirWithoutStickyBit2/file1'? y
amandine$ rm dirWithStickyBit2/file1
rm: remove write-protected regular empty file 'dirWithStickyBit2/file1'? y

Now with user “test” :

test$ rm dirWithoutStickyBit2/file2
rm: remove write-protected regular empty file 'dirWithoutStickyBit2/file2'? y
test$ rm dirWithStickyBit2/file2
rm: remove write-protected regular empty file 'dirWithStickyBit2/file2'? y
rm: cannot remove 'dirWithStickyBit2/file2': Permission denied

Ha! Here’s one difference! I can’t delete another’s user file in a sticky bit enabled directory.

What about editing :

amandine$ ls -lah *
-rwxrwxr-x 1 amandine amgrp    5 2012-05-04 16:38 fileWithoutStickyBit2
-rwxrwxr-t 1 amandine amgrp    5 2012-05-04 16:38 fileWithStickyBit2

dirWithoutStickyBit2:
total 12K
drwxrwxr-x 2 amandine amgrp    4,0K 2012-05-04 16:56 .
drwxrwxrwx 4 amandine amandine 4,0K 2012-05-04 16:38 ..
-rw-rw-r-- 1 amandine amgrp       9 2012-05-04 16:56 file3

dirWithStickyBit2:
total 12K
drwxrwxr-t 2 amandine amgrp    4,0K 2012-05-04 16:56 .
drwxrwxrwx 4 amandine amandine 4,0K 2012-05-04 16:38 ..
-rw-rw-r-- 1 amandine amgrp       9 2012-05-04 16:56 file3
amandine$ cat dirWithoutStickyBit2/file3
that's amandine's file
amandine$ cat dirWithStickyBit2/file3
that's amandine's file

test$ echo "no, that's test's file" > dirWithoutStickyBit2/file3
test$ echo "no, that's test's file" > dirWithStickyBit2/file3
test$ cat dirWithoutStickyBit2/file3
no, that's test's file
test$ cat dirWithStickyBit2/file3
no, that's test's file

“test” can still edit both files.

test$ mv dirWithoutStickyBit2/file3 dirWithoutStickyBit2/file4
test$ mv dirWithStickyBit2/file3 dirWithStickyBit2/file4
mv: cannot move 'dirWithStickyBit2/file3' to 'dirWithStickyBit2/file4': Operation not permitted

but he can’t rename or delete them.

Ok for sticky bit on directories, but what’s the point of having a sticky bit switched on for a single file?

$ man chmod
[...]
RESTRICTED DELETION FLAG OR STICKY BIT
The restricted deletion flag or sticky bit is a single bit, whose
interpretation depends on the file type.  For directories, it prevents
unprivileged users from removing or renaming a file in the directory
unless they own the file or the directory; this is called the restricted
deletion flag for the directory, and is commonly found on world-
writable directories like /tmp.  For regular files on some older
systems, the bit saves the program's text image on the swap device
so it will load more quickly when run; this is called the sticky bit.
[...]

Ok, and on newer systems? Seems it’s just not used anymore on most systems :
From Wikipedia :
Linux : […] the Linux kernel ignores the sticky bit on files. […]
*BSD : […]The sticky bit can still be set on files, but without any effect.[…]
MAC OS X : […]the sticky bit has no effect on executable files[…]

except on solaris : […] Solaris (as of Solaris 2.5) defines special behavior when the sticky bit is set on non-executable files: those files, when accessed, will not be cached by the kernel. This is usually set on swap files to prevent access on the file from flushing more important data from the system cache. […]

Summary
The sticky bit on a directory allows users to create and modify their own files in it, edit other’s files if they are allowed to, but not delete or rename other’s files even if the classic rights allows them to normally do it. Typical usage of the sticky bit is /tmp .

That wasn’t so hard to learn after all ! 😉

4 thoughts on “Sticky bit

  1. Good Job! nice to know…

    I always thought about the sticky bit as being the root setuid!
    MBP17-John:Desktop lez$ touch yourscript.sh
    MBP17-John:Desktop lez$ sudo chown root yourscript.sh
    MBP17-John:Desktop lez$ sudo chmod 4755 yourscript.sh
    MBP17-John:Desktop lez$ ls -al yourscript.sh
    -rwsr-xr-x 1 root staff 0 5 mai 11:41 yourscript.sh

    it kinda sticks as well ^^

  2. haha … that’s typically the kind of questions that I like to ask in the technical interviews as it puts the credibility of the “knowledge” of the interviewed person in perspective …

  3. Thanks for the post! It helps clarifying it.

    @B3nj:
    It looks to me that the sticky bit concept is a detail on the broad knowledge a unix dev/admin needs in the daily life.
    Asking this questions in interviews doesn’t help to asses the real potential of a person. Usually you manage to let them fail a “simple” question and this means that from then on their just more nervous and their performance can only underestimate their ability in normal working conditions.
    Behave! 😀

Leave a Reply

Your email address will not be published. Required fields are marked *