Most seasoned Linux users are already familiar with basic file permissions like read, write, and execute. These permissions exist on every file and administrators often need to edit such permissions in order to tighten up security or grant file access to certain users. A less common permission that you may not be as intimately familiar with is the “sticky bit.”
The sticky bit is a special type of Linux file permission. It works independently of the everyday read, write, and execute permissions, and is only found on directories – very few, by default – not on files. Ready to learn more? In this tutorial, we will explain the meaning behind the sticky bit permission on Linux, explain what it is used for, and also see how we can assign it on directories in a Linux system.
In this tutorial you will learn:
- What is the sticky bit in Linux file permissions used for?
- How to assign sticky bit permissions to a directory in Linux
- How to check for sticky bit permissions on a directory
|Requirements, Conventions or Software Version Used
|Any Linux distro
|ls, stat, chmod
|Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
The Linux Sticky Bit Permission Explained
The sticky bit is a special permission which has no effect on files. But when used on a directory, all of the files in that directory will be modifiable only by their owners.
We can see if a directory contains the sticky bit permission by running the ls command or
stat command to check the directory’s permissions:
$ ls -ld /tmp drwxrwxrwt 20 root root 4096 Oct 11 20:13 /tmp OR $ stat /tmp ... Access: (1777/drwxrwxrwt)
As we can see from the output, the
/tmp directory contains permissions
rwxrwxrwt. You should be used to seeing the read, write, and execute permissions – represented by
x, respectively – but the
t at the end of those permissions indicates that this directory has sticky bit permissions.
A typical case in which the sticky bit permission is used involves the
/tmp directory shown above. Typically this directory is writable by all users on the system, so to make it impossible for one user to delete the files of another one, the sticky bit is set.
Why Do We Need the Sticky Bit Permission?
There are certain directories on Linux which many users need access to. In order to grant users full access to a directory, they will need read, write, and execute permissions. This is true for the case of directories like
/tmp, where many users (including non human system user accounts) write temporary data to. However, at the same time, we do not want other users interfering with the files of other users in that directory. This is the kind of niche scenario where the sticky bit becomes useful.
For this reason, there is a need for some mechanism to prevent users who do not own the directory or the actual files within the directory from renaming or removing another user’s files. This mechanism is called “Sticky Bit”. Sticky bit only allows root, directory owner and file owner to rename and delete files.
How to Set Sticky Bit Permissions
Setting the sticky bit permission on a Linux directory is very simple and can be done using the chmod command.
$ sudo chmod +t /var/share/
Then, we can check the directory’s permissions to make sure the sticky bit is now set:
$ ls -ld /var/share/ drwxrwxrwt. 2 root root 4096 Mar 5 11:21 /var/share/
In this tutorial, we learned about the sticky bit permission used on a Linux file system. We also saw how to check for the permission and how to assign it on a directory with the
chmod command. The sticky bit is reserved for niche scenarios in which all users of a system need permissions on a directory, while still ensuring security over their owned files so that their content may not be modified and the files do not get deleted.