Sticky bits

By Sachin
December 14, 2015

Sticky bits explained

sticky bits

  • It actually use to set setuid & setgid
  • setuid allows users to run an executable with the permissions of the file owner.
  • setgid allows users in the group to run an executable with the permissions of the file owner’s group.
  • They are used to prevent other users from altering files/directory in a common workspace like /var/share or /tmp
  • -t is used to protect files within a directory. This is also called *restricted deletion flag.

    Usage

      chmod +t /var/share
    
  • In some case you want all user to execute particular binary but keeping file ownership to yourself. Suppose the file is /usr/bin/bin2hex

    In such situation sticky bit is handy

      chmod +s /usr/bin/bin2hex
    

    This will set both setuid & setgid, if you want to have fine control, use u+s, or g+s

    Example: setuid ONLY

      chmod u+s /usr/bin/bin2hex
    

    Example: setgid ONLY

      chmod g+s /usr/bin/bin2hex
    

    or you can remove sticky bits using u-s, g-s

  • Binary implementation of Restrict file deletion flag

    chmod +t /var/share
    # is equivalent to
    chmod 1755 /var/share
    

    We can also set both setuid and Restrict file deletion flag

    chmod 5755 /var/share
    # is equivalent to
    chmod u+s,+t /var/share
    

Explanation

Say the permission on file is 5755

Lets break it as 5 and 755

5 = 4(setuid or +s) + 1(restrict file deletion flag or +t)

755 is rwx-r-x-r-x

Another example

7755 can be broke into 7 & 755

7 = 4(setuid) + 2(setgid) + 1(restrict file deletion bit)

Final note

A classic example of sticky bit is the permission set on binary file passwd. Although it is owned by root, setuid is set for normal users to execute the program in-order to change password. It was invented by Dennis Ritchie around 1972.