sticky bit
What is the sticky bit?
The sticky bit is a special permission bit on Unix that you apply to directories to ensure only the directory’s owner or the user root can delete or rename files inside that directory, even if other users have write permissions on the directory.
Example usage of the sticky bit
Suppose you have a /shared folder that you want to be accessible and writeable by the group devs:
drwxrwxrwt 2 root devs 4096 Oct 2 20:00 /sharedIf a user creates a file or folder inside the /shared directory, you want only that user or root to be able rename or delete the file/folder, not anyone else.
But because the group devs has read, write, and execute permissions (rwx), the following can happen:
- UserA creates a
/shared/this-file-is-awesome.txtfile. - UserB renames
/shared/this-file-is-awesome.txtto/shared/this-file-sucks.txt
To ensure only UserA or the owner of the /shared directory (root) can delete or rename files created by UserA, you can set the sticky bit on the /shared directory:
chmod +t /sharedNow, when UserA creates a file like /shared/this-file-is-awesome.txt, UserB cannot rename or delete that file. Only the file’s owner (UserA) or the /shared directory’s owner (root) can rename or delete the file.
Recipes
Add the sticky bit to a directory
chmod +t <dir>Remove the sticky bit from a directory
chmod -t <dir>Check if sticky bit is set
ls -la <dir>You know if the sticky bit is set if you see t or T at the end of the permissions string instead of x:
drwx---rwt: The lowercasetat the end means the sticky bit is set and “others” have execute permissions.drwx---rwT: The uppercaseTat the end means the sticky bit is set and “others” don’t have execute permissions.