(O+P)ut

OutPut Log by SE in SIer



(O+P)ut

OutPut Log by SE in SIer

Why need Sticky Bit ?

スポンサーリンク

Reasons Why You Need Sticky Bit

Sticky Bit is described as following sentence,

When a directory's sticky bit is set, the filesystem treats the files in such directories in a special way so only the file's owner, the directory's owner, or root user can rename or delete the file. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of the file's owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files.

This explain is not suitable for beginners.

It should be most emphasized is
"any user with write and execute permissions for the directory can rename or delete contained files".

Let't try it.

Test

For example, I granted write access right in "test" directory to others.

# ls -ld /test
drwxrwxrwx XX root system XX ... /test

So, all user can make file in test directory.

root user made file "a".

# touch a
# ls -l /test/a
-rw------- XX root system XX ... a

Just by looking, it seemed that only root can read, write, and delete this file "a".

However, all user can delete this file.

Change user, and try catechorm.

$ cat a
cat:  Cant Open a 

$ echo hoge >> a
You do not have access to files in the specified action.

$ rm a
rm : Do you delete a? y

$ ls -l /test/a
ls: file /test/a doesn't exist

You can't open file, can't write file, but can delete file.
*1

Result

I think you can understand this sentence easily than 5 minutes ago's you.

When a directory's sticky bit is set, the filesystem treats the files in such directories in a special way so only the file's owner, the directory's owner, or root user can rename or delete the file. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of the file's owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files.

If there are any problems in english, please point them out casually.
Thank you.

*1:This reason is involved with i-node information