You would set the sticky bit primarily on directories in UNIX / Linux.
If you set the sticky bit to a directory, other users cannot delete or rename the files (or subdirectories) within that directory.
When the sticky bit is set on a directory, only the owner and the root user can delete / rename the files or directories within that directory.
1. Set the sticky bit on Directory
The example below enables the sticky bit on a directory.
Use chmod command to set the sticky bit. If you are using the octal numbers in chmod, give 1 before you specify other numbered privileges, as shown below. The example below, gives rwx permission to user, group and others (and also adds the sticky bit to the directory).
$ chmod 1777 dir
Or, you can assign only sticky bit to an existing directory (without touching any other user, group and other privileges) using chmod command as shown below.
$ chmod +t dir
Once the sticky bit is assigned to a directory, you’ll see (t) as the last character in the permission. In this example, it is drwxrwxrwt.
$ ls -ld /home/bala/dir drwxrwxrwt 2 bala bala 4096 2011-01-28 14:09 /home/bala/dir $ ls -l dir total 8 -rwxrwxrwx 1 bala bala 20 2011-01-28 14:12 bala.txt -rwxrwxrwx 1 guest guest 41 2011-01-28 14:13 guest.txt
In the above example, as dir has rwx permission to everybody, all other users are allowed to do create their files or directories under this directory. However, even when the sub-directories or files under dir is having rwx permission to everybody, only the owner of those can delete or rename those files and directory. Other users cannot delete or rename it because of sticky bit.
In the above example, bala.txt has rwx to users, groups, and others. But, when guest user is trying to delete the file bala.txt, he’ll see the “Operation not permission” message as shown below.
$ su guest Password: $ cd /home/bala/dir1 $ rm bala.txt rm: cannot remove `bala.txt': Operation not permitted
Please note that /tmp has sticky bit enabled by default. You might have not noticed that until now. Now you know why /tmp directory is supposed to have sticky bit enabled.
$ ls -ld /tmp drwxrwxrwt 3 root root 4096 Jan 31 08:29 /tmp
To remove the sticky bit from a directory, do the following.
$ chmod -t dir
2. Set the sticky bit on File
Setting the sticky bit on a file is pretty much useless, and it doesn’t do anything. On some of the older *nix flavors, a sticky bit enabled executable file will be loaded to the swap memory after 1st execution, which speeds up all subsequent execution. This is not true anymore.
From Wikipedia:
Currently, this behavior is only operative in HP-UX, NetBSD, and UnixWare. Solaris appears to have abandoned this in 2005.[citation needed] The 4.4-Lite release of BSD retained the old sticky bit behavior but it has been subsequently dropped from OpenBSD (as of release 3.7) and FreeBSD (as of release 2.2.1); it remains in NetBSD. No version of Linux has ever supported the traditional behavior.
My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about
Comments on this entry are closed.
thanks, great article. I known that alredy but its good to refresh memory 🙂
oh, I forgot. Are you sure about sticy bit on files? I thought that on modern Linux distros it do nothing, is just ignored or forbidden.
A very good refresher. These are very important basics for any *nix user. Thanks, Bala.
Nice article.
It`s very clarifying.
Keep more coming, dude!
From FreeBSD’s man 8 sticky:
DESCRIPTION
A special file mode, called the sticky bit (mode S_ISTXT), is used to indicate special treatment for directories. It is ignored for regular files.
STICKY(8) BSD System Manager’s Manual STICKY(8)
NAME
sticky — sticky text and append-only directories
DESCRIPTION
A special file mode, called the sticky bit (mode S_ISVTX), is used to indicate special treatment for shareable executable files and directories. See
chmod(2) or the file /usr/include/sys/stat.h for an explanation of file modes.
STICKY TEXT EXECUTABLE FILES
The sticky bit has no effect on executable files. All optimization on whether text images remain resident in memory is handled by the kernel’s virtual mem-
ory system.
@chmurli, @SaveTheRbtz, @rod,
Thanks for pointing it out. I have updated the article accordingly.
Hi sir,
I just want to say one thing after reading your book linux 101 hacks and that is “Hats off ” really its intresting book.
Can you give me any suggestions /instructions to increase my knowldege furthur more in linux
Thanks,
Magesh Bhaskaran
Hi
This is very useful info, thanks for this.
But I tried this technique in my system.. where this is the dir hierarchy..
/atul (drwxrwxrwx)
/atul/dir1 (drwxdrwxdrwxt)
another user, who is my grp mate, is not able to remove my dir when he use
rm /atul/dir1
but he deleted my dir when he uses..
rm -rf /atul/dir1
now, what is the use of “Sticky Bit” ????
If I m doing wrong somewhere please let me know
thanks
Atul Singh
Hi Ramesh,
Nice article on Sticky bit. I am waiting for article on set userid and group id from you.
Atul: You must set the sticky bit on /atul if you want /atul/dir1 to be irremovable.
: Felix : Thanks Felix, this worked… 🙂
Knowledgeable
Thanks
Your blogs are always helpful….:)
good one
really i am very thank full to you . Could you please tell me how inode will map to a file ?
/filesystems
all i am using sunsolaris platform in that i have my glassfish server. My question is my server creates some dynamic folders and files under one main folder. how can i give permission to all the files and folders created by glassfish server permanently to rwx rwx rw i am really worried can some one help me.
thanks in advance.
Sticky bit gives security to our unix direbtory. Thanks sir…
The information about the sticky bit on files isn’t entirely correct:
> gunzip somefile
gzip: somefile has the sticky bit set – file ignored
Great , was useful thanks Bala
Hi, i’ve one query. how to assign sticky bit automatically when creating new folder..
1) i have create one folder called “test” and assign the stick bit for that folder. but when users create the new folder under the “test” folder, sticky bit will not applicable for the new folder. so when create files into that new folder whoever will be deleted that files.
so any idea where we can set sticky bit automatically when users create new folder ??
Any idea how to automatically set the sticky bit on new folders?
Using ACLs and setting a default ACL for others with
setfacl -d -m o::–T folder
does unfortunately not work!
Hi Sri
I am the owner on a directory(taste) having sticks bit I and I want to delete a file but I am unable to delete files can any one tell me the answer
qmail uses sticky bit on home directory to temporarily pause delivery