The sticky bit in Linux is a special permission flag that primarily enhances security and access control for files and, more commonly, directories. It is sometimes referred to as the "restricted deletion flag" or "saved text attribute."
What is the Sticky Bit?
The sticky bit is a type of permission flag available in Linux and other Unix-like operating systems. While it has historical uses related to executable files, its most significant and relevant application today is on directories.
Purpose and Functionality
When the sticky bit is set on a directory, it modifies the standard behavior of file deletion and renaming within that directory. Even if a user has write permissions to the directory, they are only allowed to delete or rename files if they are:
- The owner of the file.
- The owner of the directory.
- The root user.
This prevents users from accidentally or maliciously deleting or renaming files that belong to others in a shared directory where multiple users have write access.
Historical Context
Historically, the sticky bit was also used on executable files. When set on an executable, it instructed the operating system to keep the program's text segment (code) in swap space or memory after the process exited. This was intended to speed up subsequent executions of the same program by reducing disk I/O. However, with modern memory management, faster disk drives, and caching mechanisms, this use case is largely obsolete, and the sticky bit's primary relevance is for directories.
Practical Applications and Examples
The most prominent example of the sticky bit's use is on the /tmp directory (and often /var/tmp) in Linux systems. These directories are designed to be globally writable, allowing any user to create temporary files. Without the sticky bit, any user could delete or rename files created by other users, leading to system instability and security vulnerabilities.
Identifying the Sticky Bit
You can check for the sticky bit using the ls -l command. When the sticky bit is set on a directory, it appears as a t or T in the last position of the permission string (where the "others' execute" bit typically resides).
For example, checking /tmp:
ls -ld /tmpOutput often looks like this:
drwxrwxrwt. 12 root root 4096 Apr 28 10:00 /tmpNotice the t at the end of drwxrwxrwt.
Here's a breakdown of its representation:
| Sticky Bit Status | "Others" Execute Bit | Representation in ls -l |
Example | Meaning |
|---|---|---|---|---|
| Set | Set (x) |
t |
rwxrwxrwt |
Sticky bit active, others can execute the directory (i.e., traverse it). |
| Set | Not Set (-) |
T |
rwxrwxrwT |
Sticky bit active, others cannot execute the directory. |
| Not Set | Set (x) |
x |
rwxrwxrwx |
No sticky bit, standard execute permission for others. |
| Not Set | Not Set (-) |
- |
rwxrwxrw- |
No sticky bit, no execute permission for others. |
Setting and Removing the Sticky Bit
The chmod command is used to manage the sticky bit:
-
Setting the Sticky Bit:
- Octal Mode: Use
1as the leading digit for special permissions. For example, to set permissions torwxrwxrwt:chmod 1777 /path/to/your/directory - Symbolic Mode: Use
+tto add the sticky bit.chmod +t /path/to/your/directory
- Octal Mode: Use
-
Removing the Sticky Bit:
- Octal Mode: Remove the leading
1. For example, to change from1777to0777:chmod 0777 /path/to/your/directory - Symbolic Mode: Use
-tto remove the sticky bit.chmod -t /path/to/your/directory
- Octal Mode: Remove the leading
Importance in Linux Security
The sticky bit is a fundamental part of Linux's multi-user security model. By preventing unauthorized deletion or renaming of files in shared spaces, it helps maintain system integrity, prevents data loss, and ensures a stable environment for all users.
