Finally I understood sticky bit concept and I want to share this with all..
Best way to learn it is we shall try an example. We all might be aware of its definitions and theory:
RESTRICTED DELETION FLAG OR STICKY BIT(t)
- The restricted deletion flag or sticky bit is a single bit, whose interpretation depends on the file type.
- For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable directories like /tmp.
- For regular files on some older systems, the bit saves the program's textimage on the swap device so it will load more quickly when run; this is called the sticky bit.
In short, sticky bit prevents accidental deletion of a file or subdirectories initiated by any other user, inside a directory owned by a user/root. Lets try to understand the example below.
- We create a folder "afolder" with root or a previledged user.
[root@HYDBMW /]# whoami
root
[root@HYDBMW /]# pwd
/
[root@HYDBMW /]# mkdir afolder
[root@HYDBMW /]# ls -ld afolder/
drwxr-xr-x. 2 root root 4096 Feb 5 10:24 afolder/
- We want to experiment on this file as another user "shankar". Lets put the folder afolder into group "user" which "shankar" belongs to.
[root@HYDBMW /]# chgrp user afolder/
[root@HYDBMW /]# ls -ld afolder/
drwxr-xr-x. 2 root user 4096 Feb 5 10:27 afolder/
- Create some files inside that folder, say file1, file2 etc.
[root@HYDBMW /]# touch afolder/file1 afolder/file2
[root@HYDBMW /]# ls -l afolder/
total 0
-rw-r--r--. 1 root root 0 Feb 5 10:27 file1
-rw-r--r--. 1 root root 0 Feb 5 10:27 file2
- Now we login as user "shankar " and try to delete this file.
[shankar@HYDBMW /]$ cd afolder/
[shankar@HYDBMW afolder]$ ls -l
total 0
-rw-r--r--. 1 root root 0 Feb 5 10:45 file1
-rw-r--r--. 1 root root 0 Feb 5 10:45 file2
[shankar@HYDBMW afolder]$ rm file1
rm: remove write-protected regular empty file `file1'? y
[shankar@HYDBMW afolder]$ ls
file2
- And we notice that we are able to do this. Even the file has read permission only for other users, "shankar" is able to delete.
- Lets turn on the sticky bit now.
[root@HYDBMW /]# chmod o+t afolder/ (Symbolic mode)
[root@HYDBMW /]# ls -ld afolder/
or
[root@HYDBMW /]# chmod 1770 afolder/ (Octal mode)
[root@HYDBMW /]# ls -ld afolder/
drwxrwx--T. 2 root user 4096 Feb 5 10:53 afolder/
[root@HYDBMW /]#
- Now we switch to user "shankar" and try to delete the file inside folder "afolder".
[shankar@HYDBMW afolder]$ ls -l
total 0
-rw-r--r--. 1 root root 0 Feb 5 10:53 file1
-rw-r--r--. 1 root root 0 Feb 5 10:45 file2
[shankar@HYDBMW afolder]$ rm -rf file1
rm: cannot remove `file1': Operation not permitted
[shankar@HYDBMW afolder]$ rm -rf file2
rm: cannot remove `file2': Operation not permitted
- Ok, so now "shankar" is not able to delete the file (probably because of the syicky bit set on the folder "afolder" ). Bad... Lets give full permissions on these files to make him happy and let him delete the files.
[root@HYDBMW afolder]# chmod 777 file*
[root@HYDBMW afolder]# ls -l
total 0
-rwxrwxrwx. 1 root root 0 Feb 5 10:53 file1
-rwxrwxrwx. 1 root root 0 Feb 5 10:45 file2
- Now he can delete it, lets try.
[shankar@HYDBMW /]$ cd afolder/
[shankar@HYDBMW afolder]$ ls -l
total 0
-rwxrwxrwx. 1 root root 0 Feb 5 10:53 file1
-rwxrwxrwx. 1 root root 0 Feb 5 10:45 file2
[shankar@HYDBMW afolder]$ rm -rf file1
rm: cannot remove `file1': Operation not permitted
[shankar@HYDBMW afolder]$ rm -rf file2
rm: cannot remove `file2': Operation not permitted
- Again he is not able to delete the file!! why?
This is because of the sticky bit set on the folder afolder by the owner of the folder.
- Mostly sticky bit is set on world-writable folder /tmp where everyone can read write and execute but they must to banned if they want to delete any thing inside that folder.
[root@HYDBMW /]# ls -ld /tmp
drwxrwxrwt. 9 root root 4096 Feb 5 03:21 /tmp
[root@HYDBMW /]# stat /tmp
File: `/tmp'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fd00h/64768d Inode: 1044481 Links: 9
Access: (1777/drwxrwxrwt) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-01-21 17:42:48.000000000 +0530
Modify: 2016-02-05 03:21:05.000000000 +0530
Change: 2016-02-05 03:21:06.094002015 +0530
- Sticky bit is applicable to directories only to provide special permissions to files and sub directories inside.
|