The sticky bit is a special permission flag in UNIX/Linux file systems that alters how files in directories are handled. Originally designed to keep frequently used programs ("sticky") in swap space for faster execution, its modern implementation primarily controls file deletion permissions in shared directories.
In UNIX systems, the sticky bit is represented by:
tin symbolic mode (when execute permission is present)Tin symbolic mode (when execute permission is absent)1000in octal notation
# Common use cases: 1. /tmp directory (standard on most systems) 2. Shared group directories where users need write access 3. Mail spool directories (/var/mail) 4. Any directory requiring collaborative write access
Using symbolic mode:
chmod +t /path/to/directory
Using octal notation:
chmod 1777 /path/to/directory
To verify:
ls -ld /path/to/directory # The permission string should show 't' or 'T' at the end # Example: drwxrwxrwt
# Create a shared directory sudo mkdir /shared sudo chgrp developers /shared sudo chmod 1770 /shared # Breakdown: # 1 = sticky bit # 7 = rwx for owner # 7 = rwx for group # 0 = no permissions for others
Important considerations when using the sticky bit:
- Does NOT prevent file modification by others, only deletion
- Should be used in conjunction with proper group permissions
- World-writable directories without sticky bit are security risks
- Always audit sticky bit directories for unusual files
If the sticky bit isn't working as expected:
# Verify filesystem support mount | grep no_sticky # Should return empty if supported # Check SELinux/AppArmor contexts ls -Z /path/to/directory
In UNIX-like systems, the sticky bit is a special permission flag assigned to files or directories. Originally designed to keep executable programs in swap space after execution (now obsolete), its modern implementation primarily affects directory behavior.
When set on a directory, the sticky bit ensures that only the file owner, directory owner, or root can delete or rename files within that directory - even if other users have write permissions. This is particularly useful in shared directories like /tmp.
The sticky bit is represented as:
tin symbolic mode (when execute permission is present)Tin symbolic mode (when execute permission is absent)1in the fourth digit of octal notation
Example of checking sticky bit status:
ls -ld /tmpTypical output showing the sticky bit:
drwxrwxrwt 10 root root 4096 Jan 10 09:45 /tmpSecuring Shared Directories
The most common application is for shared writable directories where:
- Multiple users need to create files
- Users shouldn't delete each other's files
- System services need temporary storage
Implementation Examples
Setting the sticky bit on a directory (symbolic method):
chmod +t /shared_directorySetting the sticky bit (octal method):
chmod 1777 /shared_directoryRemoving the sticky bit:
chmod -t /shared_directoryFor system administrators managing a multi-user environment, consider these scenarios:
Automating Sticky Bit Assignment
Create a script to enforce sticky bit on designated directories:
#!/bin/bash
STICKY_DIRS=("/shared/tmp" "/var/tmp/public" "/home/shared")
for dir in "${STICKY_DIRS[@]}"
do
if [ -d "$dir" ]; then
chmod 1777 "$dir"
echo "Set sticky bit on $dir"
fi
doneTroubleshooting Common Issues
When the sticky bit doesn't seem to work:
- Verify filesystem support (most modern UNIX filesystems support it)
- Check for ACLs that might override permissions
- Confirm the directory isn't mounted with
noexecornosuid
While the sticky bit enhances security in shared spaces:
- It doesn't prevent file content modification (only deletion/renaming)
- Shouldn't replace proper permission schemes
- Combine with other security measures like quotas and monitoring
Beyond traditional uses, the sticky bit can be employed for:
- Secure upload directories in web applications
- Collaborative project spaces in development environments
- Temporary build directories in CI/CD pipelines
Example for a web upload directory:
mkdir -p /var/www/uploads
chown www-data:www-data /var/www/uploads
chmod 1770 /var/www/uploads