Introduction to Linux - A Hands on Guide | Linux Bible | Linux From Scratch | A Newbie's Getting Started Guide to Linux | Linux Command Line Cheat Sheet | More Linux eBooks



Monday, 17 March 2014

Introduction to Sticky Bit in Linux

linux-sticky-bit


    The concept of Sticky Bits is not very new to Linux/Unix; it was introduced in early 1970s. The main intention behind invention of sticky bits was to speed up the execution of programs by minimizing the delays occurring while they were executed. Whenever programs were executed, it would take considerable amount of time for the program to load into the memory. So, whenever frequently used programs were executed, it would add to time delay overheads of the operating system.

    To minimize this time delay, sticky bits were brought into use. When the program is executed, the operating system would check whether the sticky bit on that program is set or not. If it is set, the text segment of the corresponding program is copied in the swap memory. So that, whenever the program is launched on the next occasion, it was loaded back into the RAM easily reducing the time delays those were occurring earlier.

    Although the concept is helpful in fastening the program execution, it introduced difficulties when the patches were created for the executable in the form of updates or new features or bug fixes. As a remedy, sticky bit from the executable has to be removed and executable is run. This would flush the text segment of the program present in the swap memory. Now in order to store new version of text segment into the swap memory, set the sticky bit and execute the program.

    Nowadays, the purpose behind using sticky bits is totally different. Whenever you create a file/directory, most of the times, it is accessible to other users of the system. They can read, write, rename or even delete the file created by you, which is not at all desirable. To avoid this, sticky bit on that particular file is set, so that only the owner of the file and the root user are allowed to rename or delete the file.

    So, in short, with sticky bit, owner can set permission on the file created by him in such a way that, no other user (except root user) than him has the authority to rename or delete the file. Pretty much secure!


How to Set and Clear Sticky Bits..?

Before going through this section, all we need is to have basic knowledge of chmod command. You can read our article on chmod command – Basics of Files/Directories Permissions and Use of CHMOD.

To begin with, create a file 'testfile' and give some permissions to it, say 744.


$ touch testfile

$ chmod 744 testfile

$ ls -l testfile
-rwxr--r-- 1 mandar users 1024 Mar 17 15:08 testfile
Now set the sticky bit on the above file as follows:

$ chmod +t testfile
or

$ chmod 1744 testfile
Let us now check the permissions on the file.

$ ls -l testfile
-rwxr--r-T 1 mandar users 1024 Mar 17 15:09 testfile
If you observe, for the users in 'Others' category, permissions are changed to r-T indicating that sticky bit is set on the said file.

Now, using below command, lets make the file executable for every user and set the sticky bit on the file at the same time.

$ chmod 1777 testfile

$ ls -l testfile
-rwxrwxrwt 1 mandar users 1024 Mar 17 15:12 testfile
Here, permissions for 'Others' are changed to rwt, where 't' is in small caps. The small 't' and the BIG 'T' help us to identify whether the executable permissions for the 'Other' users of the concerned file are enabled or not.

To clear the sticky bit for the file, use the following command:

$ chmod -t testfile
or

$ chmod 0744 testfile
And now, we can see that the sticky bit is cleared from the file.

$ ls -l testfile
-rwxr--r-- 1 mandar users 1024 Mar 17 15:14 testfile
That's all about Sticky Bits !


3 comments:

  1. nice one.. cleared my concepts.

    ReplyDelete
  2. Thanks for the history on the sticky bit. Now when you apply it to today, you are correct in the functionality of the sticky bit but your explanation of the implementation and reasoning behind it are unclear. Your statement:

    "Whenever you create a file/directory, most of the times, it is accessible to other users of the system. They can read, write, rename or even delete the file created by you, which is not at all desirable."

    This is not true in the majority of cases. What this would apply to is a directory like /tmp where everyone would need the ability to write and remove files. Therefore to avoid someone else or a program executed by someone else from altering the files created by your account in this directory the sticky bit would be set. It almost sounds like something got mistakenly removed in editing.

    Unless the sticky bit is set, or you are in a group that owns the directory or file in question, you do not have the ability to rename or delete a file created by another person. If that file is in the user's home directory you do not even have the permission to see the file (unless the owner gave this permission or your file system is messed up).

    Keep up the great work.

    ReplyDelete
  3. Wow... I didn't knew this. Perfect for critical files on server. Very helpful for me.

    ReplyDelete