Linux File permission & the sticky bit

hq4ever · 06-26-2004, 06:03 AM

i used to know in windows that a directory can inherit permission from its parent directory, same goes to files created inside the directory, that doesn't seem to work quite so in linux ext2 file system.
I'm working on mandrake 10.0 & doing this as root

i created in my /tmp [drwxrwxrwxt] a directory named stk
it got [drwxr-xr-x] why is that ?
where did the sticky [##########t] go ?

what does the sticky even mean to a directory ?

can i give 2 users different permission like in winz ?

why when i create a dir inside the stk dir, say <t> & do chmod 1777 /etc/stk/t it get [drwxrwxrwt] ? i mean where is the the x[ExECUTE] of the all group went ?

i'm lost!

SciYro · 06-26-2004, 06:19 AM

the umask settings determines what a newly created file gets for its permissions i do believe

the sticky bit for directory's was something like only suers that created the file can delete it, something like that i think

you can only give 1 user a permission setting, 1 group a permission setting and everyone a permission setting..... thats it, nothing else, unless you want to use rasbac (i think thats its name), it comes with security (at least role based access control thingy does), you can use that to create more complex permission settings if you want to take the time to set it up

as for that last one, the "t" probably hide it (thats why i don't exactly like ls, as it displays permissions in long letters, and not nice numbers that can be more accurate at times)

jschiwal · 06-26-2004, 06:20 AM

From `info coreutils`:
The permissions listed are similar to symbolic mode specifications
(*note Symbolic Modes::). But `ls' combines multiple bits into the
third character of each set of permissions as follows:
`s'
If the setuid or setgid bit and the corresponding executable
bit are both set.

`S'
If the setuid or setgid bit is set but the corresponding
executable bit is not set.

`t'
If the sticky bit and the other-executable bit are both set.

`T'
If the sticky bit is set but the other-executable bit is not
set.

`x'
If the executable bit is set and none of the above apply.

`-'
Otherwise.

shobhit · 06-26-2004, 06:20 AM

if user do nat have write permission (just read permission) in a directory, then they can create or delete file sin that directory. sticky bit is set to prevent users from doing that.

you can give two users diffrent permissions. just set them up in diffrent groups and change the file and directory owner ship and permissions according to your requirments.

the execute bit for a directory means that you can enter that directory. you really don't expect to execute a directory. so it just means that you can enter that directory.

jschiwal · 06-26-2004, 06:23 AM

The sticky bit prevents group users with write permissions in the directory from deleting files they do not own.

hq4ever · 06-26-2004, 07:44 AM

OK then,
if you follow linuxfromscrach 5.1.1 book (LFS 5.1.1: Part II. Preparing for the build) you will find that they suggest making $LFS/sources

Quote:

make this directory writable (and sticky) for your normal user

by using the command

Code:

chmod a+wt $LFS/sources

where is the logic in here? i mean if we give a(ll) the w(rite) permission then why do i need this stincky bit

?

hq4ever · 06-26-2004, 12:04 PM

OK i think i got this :

by doing as said above (my previous post) we give every one the permission to write & delete their own files in the folder
the sticky bit enforces that i will only temper with my own files, meaning that i can not read/write to files i'm not their owner, right ?

jschiwal · 06-26-2004, 08:57 PM

No, you would still be able to write to the file or even zero it out, just not delete it.

hq4ever · 07-02-2004, 03:46 PM

whatever ....
guess i'll be reading some linux admin books to get this straight (& to forget horror of being a MS admin)