Archive for January, 2009

The Sticky Bit

January 20th, 2009

Just about any linux user is familiar with the unix permission system. You have three categories of users (user, group, other) and three different permission options (read, write execute). However, most users don’t know about several advanced permissions, one of which is the sticky bit.

Besides having a cool name, the sticky bit provides a very useful function: when set as a directory permission it lets anyone add things the the directory (write access), but they can only delete things they own. Normally, allowing all users write access also allows all users to delete anything (yeah, that’s dangerous).

In particular, users can only remove files if at least one of the following is true:
-The user is the owner of the file
-The user is the owner of the parent directory
-The user has write permissions on the file

When is this useful? It’s commonly found in var directories, when everyone needs to be able to create files, but shouldn’t modify files for other users. It’s also common in mailbox directories for the same reason. I found it particularly useful for a media folder that is shared between users. Users can add Pictures and Videos to the folder, but can’t delete those belonging to others.

So how do you set it?
-For chmod in relative mode, the sticky bit is designated by a “t”

# chmod t filename

-For chmod in absolute mode, the sticky bit can be added by prepending a “1” the the permission.

#chmod 1777 dirname

Cool huh?