What is the "t" letter in the output of "ls -ld /tmp"?
So what is the sticky bit?
A sticky bit is a permission bit that is set on a directory that allows only the owner of the file within that directory, the owner of the directory or the root user to delete or rename the file. No other user has the needed privileges to delete the file created by some other user.
This is a security measure to avoid deletion of critical folders and their content (sub-directories and files), though other users have full permissions.
Why does /tmp
have the t
sticky bit?
The /tmp
directory can be used by different Linux users to create temporary files. Now, what if an user deletes/rename a file created by some other user in this directory?
Well, to avoid these kind of issues, the concept of sticky bit is used. So for that a 777
is given but preserving the sticky bit is not a bad idea.
How can I setup the sticky bit for a directory?
I'll set a sticky bit on a directory called test
on my Desktop.
Symbolic way (t
represents the sticky bit):
chmod o+t ~/Desktop/test
or
chmod +t ~/Desktop/test
Numerical/octal way (1, sticky bit bit as value 1 in the first position)
chmod 1757 ~/Desktop/test
Now let us test the results:
ls -li ~/Desktop/test
1551793 drwxrwxrwt 45 hadi hadi 20485 Mar 11 14:35 ~/Desktop/test
To delete/Remove a sticky bit
chmod o-t ~/Desktop/test
Now let us test the results:
ls -li ~/Desktop/test
1551793 drwxrwxrwx 45 hadi hadi 20485 Mar 11 14:35 ~/Desktop/test
Source: “What is a sticky Bit and how to set it in Linux?” at The Linux Juggernaut
A Sticky bit is a permission bit that is set on a file or a directory that lets only the owner of the file/directory or the root user to delete or rename the file. No other user is given privileges to delete the file created by some other user.
Sometime it happens that you need Linux directory that can be used by all the users of the Linux system for creating files. Users can create, delete or rename files according to their convenience in this directory.
Now, what if an user accidentally or deliberately deletes (or rename) a file created by some other user in this directory?
Well, to avoid these kind of issues, the concept of sticky bit is used. Since /tmp is used for this purpose. So to avoid the above scenario, /tmp use sticky bit.
For example:
mkdir demo
chmod 777 demo
I also created two file with different user in this folder having permission 777.
ls -ld demo
drwxrwxrwx 2 guru guru 4096 Mar 11 18:17 demo
ls -l demo
-rwxrwxrwx 1 abhi abhi 0 Mar 11 17:11 file1
-rwxrwxrwx 1 anshu anshu 0 Mar 11 18:15 file2
Now turn on the sticky bit on this
chmod +t demo/
ls -ld demo
drwxrwxrwt 2 guru guru 4096 Mar 11 18:17 demo
Now what happens if one user(abhi) want to rename the 2nd user(anshu)
mv /home/guru/demo/file2 /home/guru/demo/file3
mv: cannot move '/home/guru/demo/file2' to '/home/guru/demo/file3': Operation not permitted
The origin of the sticky bit
On Linux, the sticky bit only has the use described above, on directories. Historically, it was used for something completely different on regular files, and this is where the name comes from.
When a program is executed, it takes time to load the program into memory before the user can actually start using it. If a program, for example an editor is used frequently by users the the start-up time delay was an overhead back then.
To improve this time delay, the sticky bit was introduced. The OS checked that if sticky bit on an executable is ON, then the text segment of the executable was kept in the swap space. This made it easy to load back the executable into RAM when the program was run again thus minimizing the time delay.
Modern systems such as Linux manage their cache of executables and other files automatically and don't need the sticky bit for that.
Source: “Linux Sticky Bit Concept Explained with Examples” at The Geek Stuff
A stickybit is a workaround method for shared directories not to be deleted accidentally. When a directory has a stickybit then only the owner or the root can delete it even that every user can take the full other permissions.
/tmp
is the most shared directory between processes and users and for that it contains the stickybit to ensure that no user can delete the directory, even that the permission is 777
, and it must be so to give the ability to the users and processes to use the directory without conflict in permissions.