Think of a scenario where you create a Linux directory that can be used by all the users of the Linux system for creating files. Users can create, delete or rename files according to their convenience in this directory. For all those who think that why would such a directory be created? There exists, for example, /tmp directory in the Linux system that can be used by different Linux users to create temporary files.
Now, what if an user accidentally or deliberately deletes (or rename) a file created by some other user in this directory?
Well, to avoid these kind of issues, the concept of sticky bit is used.
A Sticky bit is a permission bit that is set on a file or a directory that lets only the owner of the file/directory or the root user to delete or rename the file. No other user is given privileges to delete the file created by some other user.
History of Sticky Bit
Before explaining the sticky bit further, lets discuss the history of sticky bit as this information is worth discussing.
The sticky bit is not a new concept. In fact, it was first introduced in in 1974 in the Unix operating system. The purpose of sticky bit back then was different. It was introduced to minimize the time delay introduced every time when a program is executed.
When a program is executed, it takes time to load the program into memory before the user can actually start using it. If a program, for example an editor is used frequently by users the the start-up time delay was an overhead back then.
To improve this time delay, the sticky bit was introduced. The OS checked that if sticky bit on an executable is ON, then the text segment of the executable was kept in the swap space. This made it easy to load back the executable into RAM when the program was run again thus minimizing the time delay.
Though this method proved successful in minimizing the start-up time delay but there was a major problem that surfaced due to this operation. The problem was that if some kind of patch was applied to the executable as a bug fix or a new feature then the following steps were to be carried to out :
- First remove the sticky bit from the executable
- Now, run the executable and exit it so that the existing text segment from the swap is flushed
- Now, again set the sticky bit on the executable and re-run the executable so that new text segment is stored in swap memory
The above steps were required so that the program reflect the new features or bug fixes that were added to the executable.
So this was one of the main problems. Also, with the evolution of technology, fast memory access techniques evolved which kind of obsoleted the requirement of sticky bit for this purpose.
Sticky bit Examples
In this section, we will discuss how to set and unset sticky bit using some examples.
A basic example
Create a directory and provide all the users read-write-execute access to it :
# mkdir allAccess # chmod 777 allAccess/ # ls -ld allAccess/ drwxrwxrwx 2 himanshu himanshu 4096 Oct 24 15:43 allAccess/
So we see that a directory named ‘allAccess’ is created and read-write-execute access to this directory is given to all the users through chmod command.
Now, create multiple files in this directory (with different users) such that all users have read-write-execute access to them.
# ls -l allAccess/ total 0 -rwxrwxrwx 1 himanshu himanshu 0 Oct 24 15:48 user1 -rwxrwxrwx 1 guest guest 0 Oct 24 16:11 user_file_0 -rwxrwxrwx 1 guest-2 guest-2 0 Oct 24 16:15 user_file_1
The files user_file_0 and user_file_1 are created by different users but have read-write-execute access on for all the users. This means that the user ‘guest’ can delete or rename the file created by user ‘guest-2’.
In order to avoid this, sticky bit can be set on the directory allAccess.
Now, turn ON the sticky bit on the directory by using +t flag of chmod command.
# chmod +t allAccess/ # ls -ld allAccess/ drwxrwxrwt 2 himanshu himanshu 4096 Oct 24 16:19 allAccess/
As can be observed, a permission bit ‘t’ is introduced in the permission bits of the directory.
Now, if the user ‘guest’ tries to rename the file ‘user_file_1’, here is what happens :
$ mv /home/himanshu/allAccess/user_file_1 /home/himanshu/allAccess/user_file_0 mv: cannot move `/home/himanshu/allAccess/user_file_1' to `/home/himanshu/allAccess/user_file_0': Operation not permitted
So we see that the operation was not permitted.
Remove sticky bit using -t option
Sticky bit can be removed from a directory permissions through the -t option of the chmod command.
Here is an example :
# chmod -t allAccess/ # ls -ld allAccess/ drwxrwxrwx 2 himanshu himanshu 4096 Oct 24 16:19 allAccess/
So we see that the permission bit ‘t’ is removed from directory.
Different OS behave differently with sticky bits as explained in this wikipedia article. For example, Linux only looks for sticky bit if a user tries to rename a file. It will not check the sticky bit if a file is being deleted.