UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 22.5 Group Permissions in a Directory with the setgid Bit Chapter 22
File Security, Ownership, and Sharing
Next: 22.7 Using chmod to Change File Permission
 

22.6 Protecting Files with the Sticky Bit

UNIX directory access permissions say that if a user has write permission on a directory, she can rename or remove files there–even files that don't belong to her (see article 22.11). Many newer versions of UNIX have a way to stop that. The owner of a directory can set its sticky bit (mode (1.23) 1000). The only people who can rename or remove any file in that directory are the file's owner, the directory's owner, and the superuser.

Here's an example: the user jerry makes a world-writable directory and sets the sticky bit (shown as t here):

jerry% mkdir share
jerry% chmod 1777 share
jerry% ls -ld share
drwxrwxrwt   2 jerry    ora           32 Nov 19 10:31 share

Other people create files in it. When jennifer tries to remove a file that belongs to ellie, she can't:

jennifer% ls -l
total 2
-rw-r--r--   1 ellie    ora          120 Nov 19 11:32 data.ellie
-rw-r--r--   1 jennifer ora         3421 Nov 19 15:34 data.jennifer
-rw-r--r--   1 peter    ora          728 Nov 20 12:29 data.peter
jennifer% rm data.ellie
data.ellie: 644 mode ? y
rm: data.ellie not removed.
Permission denied

- JP


Previous: 22.5 Group Permissions in a Directory with the setgid Bit UNIX Power ToolsNext: 22.7 Using chmod to Change File Permission
22.5 Group Permissions in a Directory with the setgid Bit Book Index22.7 Using chmod to Change File Permission

The UNIX CD Bookshelf NavigationThe UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System