In a standard Linux environment, directory permissions can sometimes be counterintuitive. By default, any user with write access to a directory has the power to delete or rename any file within that directory, regardless of who owns the file or what the file’s individual permissions are. This creates a significant security risk in collaborative or public spaces. The sticky bit is a special permission designed specifically to solve this problem by restricting file deletion to the file’s owner.
Table of Contents
What is the Sticky Bit?
The sticky bit is considered a fourth permission type, supplementing the basic read, write, and execute permissions. While it historically had different functions for executable files, in modern Linux systems, it is almost exclusively used on directories to protect files from being deleted by unauthorized users.
When the sticky bit is set on a directory:
- Users with write access can still create files and modify their own files.
- Only the owner of a specific file (or the root user) is permitted to delete or rename that file.
- Other users are blocked from removing or forcing saves to files they do not own.
Real-World Example: The /tmp Directory
The most common application of the sticky bit is the /tmp directory. Because /tmp is a world-writable space intended for temporary files from all users and processes, it requires the sticky bit to ensure that one user cannot maliciously or accidentally delete another user’s temporary data.
You can view the permissions of /tmp using the ls -ld command: [user@host ~]$ ls -ld /tmp Output: drwxrwxrwt. 39 root root 4096 Feb 8 20:52 /tmp
How to Identify the Sticky Bit
In a long directory listing (ls -l), the sticky bit is represented by the letter t in the “other” execute permission slot (the very last character of the permission string).
- Lowercase “t”: Indicates the sticky bit is set and the “other” category already has execute permissions.
- Uppercase “T”: Indicates the sticky bit is set, but the “other” category does not have execute permissions.
How to Set the Sticky Bit
Administrators can apply the sticky bit using the chmod command through either the symbolic or numeric method.
1. The Symbolic Method To add the sticky bit to a directory, use the o+t syntax: sudo chmod o+t /path/to/directory
2. The Numeric Method When using the four-digit octal representation, the sticky bit is represented by the value 1 in the first (preceding) digit: sudo chmod 1777 /path/to/directory (In this example, 1 sets the sticky bit, and 777 provides full read, write, and execute permissions to everyone.)
Summary of Special Permissions
| Special Permission | Symbol | Numeric Value | Effect on Directory |
|---|---|---|---|
| SUID (Set User ID) | u+s | 4 | No effect. |
| SGID (Set Group ID) | g+s | 2 | New files inherit the directory’s group owner. |
| Sticky Bit | o+t | 1 | Only file owners can delete their files. |
By implementing the sticky bit, system administrators can maintain a more secure environment in shared directories, ensuring that file permissions are respected and that users’ data remains protected from unauthorized deletion by peers.
See also: Mastering the Linux Command Line — Your Complete Free Training Guide
