Sticky bits
Sticky bits explained
sticky bits
- It actually use to set
setuid
&setgid
setuid
allows users to run an executable with the permissions of the file owner.setgid
allows users in the group to run an executable with the permissions of the file owner’s group.- They are used to prevent other users from altering files/directory
in a common workspace like
/var/share
or/tmp
-
-t
is used to protect files within a directory. This is also called *restricted deletion flag.Usage
chmod +t /var/share
-
In some case you want all user to execute particular binary but keeping file ownership to yourself. Suppose the file is
/usr/bin/bin2hex
In such situation sticky bit is handy
chmod +s /usr/bin/bin2hex
This will set both setuid & setgid, if you want to have fine control, use u+s, or g+s
Example: setuid ONLY
chmod u+s /usr/bin/bin2hex
Example: setgid ONLY
chmod g+s /usr/bin/bin2hex
or you can remove sticky bits using
u-s
,g-s
-
Binary implementation of Restrict file deletion flag
chmod +t /var/share # is equivalent to chmod 1755 /var/share
We can also set both
setuid
and Restrict file deletion flagchmod 5755 /var/share # is equivalent to chmod u+s,+t /var/share
Explanation
Say the permission on file is 5755
Lets break it as 5 and 755
5 = 4(setuid or +s) + 1(restrict file deletion flag or +t)
755 is rwx-r-x-r-x
Another example
7755 can be broke into 7 & 755
7 = 4(setuid) + 2(setgid) + 1(restrict file deletion bit)
Final note
A classic example of sticky bit is the permission set on binary
file passwd
. Although it is owned by root, setuid
is set for
normal users to execute the program in-order to change password. It
was invented by Dennis Ritchie around 1972.