The most common use of the sticky bit today is on directories. When the sticky bit is set, only the item's owner, the directory's owner, or the superuser can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files. This feature was introduced in 4.3BSD in 1986 and today it is found in most modern Unix systems.(Source : Wikipedia http://en.wikipedia.org/wiki/Sticky_bit).
How to check if the sticky bit is set or not?
Consider /tmp directory.
# ls -ld /tmp
drwxrwxrwt 3 root root 4096 Oct 4 00:22 /tmp
# ls -ld /var/tmp
drwxrwxrwt 2 root root 4096 Sep 24 03:41 /var/tmp
here d- stands for directory
rwx-permissions for root user
rwx-permission for group
rwx-permission for other user.
t- sticky bit.
This mean any user can read,write and execute files to and from/tmp but he cant modify or delete files of other users.
Make sure The /tmp and /var/tmp filesystems, must be owned by root and have permissions 1777.
No comments:
Post a Comment