|
|
September
22, 2003 -
Special Purpose Access Modes (Permissions)
- Part III - The Sticky Bit
|
|
This
week's tip will conclude our series on the
special purpose access modes
(permissions). SUID (set user ID)
was covered the first week, SGID (set
group ID) last week, and the sticky bit is
the topic of this week's tip.
Historically, the sticky bit was applied
to an executable program to instruct the
operating system to keep it loaded in
memory even after the process that was
using it had exited. This was set on
large programs that were frequently used
to increase system performance, but is not
necessary today due to modern virtual
memory techniques. Even though it's
not often used in this manner today, it
can be used to create an additional layer
of security on directories.
Normally, when a directory has write
permission enabled for a user, that user
may add and delete files from it. If
the sticky bit is set on a directory,
files in it may only be deleted if the
user is...
|
· the
owner of the directory
· the owner of the file
· root (superuser)
|
This
functionality is useful when a group of
users need to have the ability to create
and modify files in a shared directory,
but need to be prevented from deleting
each other's files. A system-level
example of this is the /tmp directory:
|
drwxrwxrwt
4 root sys
188 Sep 20 15:22 tmp
|
When
looking at this output, the "t"
in the third position of the other
permission set should stand out from the
basic file access modes (read, write, and
execute). This indicates that the
sticky bit has been set on /tmp, and all
system users can create, modify, and
delete their own files in this directory,
but are not permitted to delete files
created by other users.
Using chmod, there are two methods for
enabling the sticky bit on a
directory. In symbolic mode, the
format would be:
|
chmod
u+t <directory>
|
See
if you are able to figure out how to enable
the sticky bit on a directory using absolute
mode (Hint: man chmod).
|
|
|
Learn
more...
If you are new to the UNIX or Linux
operating system and would like to learn
more, you may want to consider
registering for LiveFire Labs' UNIX
and Linux Operating System Fundamentals
online training course.
Our
innovative hands-on training model allows
you to learn
UNIX by completing hands-on
exercises on real servers in our Internet
Lab.
More
Tips...
· Popular
UNIX Tips from the Past
|
|
|
|
 |
 |
| |
Receive
the UNIX Tip, Trick, or Shell Script of the
Week by Email
|
|
|
|
