Sticky bits explained
- It actually use to set
setuidallows users to run an executable with the permissions of the file owner.
setgidallows users in the group to run an executable with the permissions of the file owner’s group.
- They are used to prevent other users from altering files/directory
in a common workspace like
-tis used to protect files within a directory. This is also called *restricted deletion flag.
chmod +t /var/share
In some case you want all user to execute particular binary but keeping file ownership to yourself. Suppose the file is
In such situation sticky bit is handy
chmod +s /usr/bin/bin2hex
This will set both setuid & setgid, if you want to have fine control, use u+s, or g+s
Example: setuid ONLY
chmod u+s /usr/bin/bin2hex
Example: setgid ONLY
chmod g+s /usr/bin/bin2hex
or you can remove sticky bits using
Binary implementation of Restrict file deletion flag
chmod +t /var/share # is equivalent to chmod 1755 /var/share
We can also set both
setuidand Restrict file deletion flag
chmod 5755 /var/share # is equivalent to chmod u+s,+t /var/share
Say the permission on file is 5755
Lets break it as 5 and 755
5 = 4(setuid or +s) + 1(restrict file deletion flag or +t)
7755 can be broke into 7 & 755
7 = 4(setuid) + 2(setgid) + 1(restrict file deletion bit)
A classic example of sticky bit is the permission set on binary
passwd. Although it is owned by root,
setuid is set for
normal users to execute the program in-order to change password. It
was invented by Dennis Ritchie around 1972.