Understanding the Sticky Bit (t) in UNIX/Linux Directory Permissions: Use Cases and Implementation


2 views

When you run ls -al / and see an entry like drwxrwxrwt for the /tmp directory, that final t represents the sticky bit - a special permission flag in UNIX/Linux systems.

The sticky bit serves a specific security purpose:

  • On directories: It restricts file deletion - only the file owner, directory owner, or root can delete files
  • On executables (legacy use): It kept the program in swap space after execution

The most common modern implementation is on world-writable directories:

/tmp
/var/tmp

This prevents users from deleting each other's temporary files while still allowing file creation.

There are two ways to apply the sticky bit:

Symbolic Notation

chmod +t /path/to/directory

Octal Notation

chmod 1777 /path/to/directory

The 1 in the first position sets the sticky bit while 777 gives full permissions.

Let's create a shared upload directory for web applications:

# Create directory
sudo mkdir /var/www/uploads

# Set permissions
sudo chmod 1777 /var/www/uploads

# Verify
ls -ld /var/www/uploads
# Output: drwxrwxrwt 2 root root 4096 Feb 26 09:00 /var/www/uploads

To find all sticky bit directories on your system:

find / -type d -perm -1000 -ls 2>/dev/null

While useful, the sticky bit has limitations:

  • Doesn't prevent file modification, only deletion
  • World-writable directories still pose security risks
  • Should be combined with other security measures

When examining directory permissions using ls -l, you may encounter an unusual t at the end of the permission string like drwxrwxrwt, particularly in system directories like /tmp. This character represents the sticky bit, a special permission flag in UNIX-like systems.

The sticky bit is a permission bit that:

  • Originally prevented files from being deleted by non-owners (hence "sticky")
  • When set on directories, restricts file deletion to file owners, directory owners, and root
  • Appears as t in the execute position for others (...rwt)

The most common modern use is for world-writable directories where you want to:

# Example: Setting sticky bit on /tmp
chmod +t /tmp
# or numerically:
chmod 1777 /tmp

This prevents users from deleting each other's temporary files while still allowing file creation.

The sticky bit is represented:

  • Symbolically: +t or t in the last position
  • Numerically: The 1 in the first digit (e.g., 1777)

Example of checking permissions:

ls -ld /tmp
# Output: drwxrwxrwt 12 root root 4096 Mar 1 10:00 /tmp
  1. System temporary directories (/tmp, /var/tmp)
  2. Shared group directories where multiple users need write access
  3. FTP upload directories where users shouldn't delete others' files

To set the sticky bit:

# Symbolic method
chmod +t directory_name

# Octal method (1000 sets sticky bit)
chmod 1777 directory_name

To verify:

stat -c "%a %A" /tmp
# Output: 1777 drwxrwxrwt

If you see T (uppercase) instead of t, it means:

  • The sticky bit is set (+t)
  • The execute permission for others is not set (-x)

Example fix:

chmod o+x /directory  # Fixes T to t