LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-19-2013, 05:37 AM   #1
Spruce_Moose
LQ Newbie
 
Registered: Mar 2013
Location: Australia
Distribution: Slackware
Posts: 9

Rep: Reputation: Disabled
Sticky bit directory


G'day all,

First post here, and I'm sure not the last.

I was just wondering specifically about a directory that is tagged with a sticky bit, as in with the permissions below.

Code:
drwxrwxrwt
As far as I understand, this means that the directory in question can have files added to it by anyone, but each file in that directory can only be deleted or moved by the file's owner, directory owner or the root. My question, and I hope I don't come across as stupid, is what about editing files within the directory? I am guessing that the same rules as above also apply to modifying a file, but I have been unable to find any online resources that explicitly state the rules of file modification as apposed to simple deletion or renaming.

Any help appreciated.

Thanks
 
Old 03-19-2013, 06:17 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,254

Rep: Reputation: 314Reputation: 314Reputation: 314Reputation: 314
Modyfing file is controlled by write permission on that file. Permissions of directory containing this file has no influence on that. Of course some programs can do modification of file, by copy contents to memory, modyfy it, delete orginal and paste to new file, which is not treated as modification by permissions system.
 
1 members found this post helpful.
Old 03-19-2013, 06:42 AM   #3
Spruce_Moose
LQ Newbie
 
Registered: Mar 2013
Location: Australia
Distribution: Slackware
Posts: 9

Original Poster
Rep: Reputation: Disabled
Thank you for the reply.

You state that directory permissions have no influence on the files' permissions within that directory, but as stated by the documentation on Sticky Bit found online, for example here, when this option is added to the permissions of a directory, it affects all the write permissions (indirectly) for all files within that directory depending on the user, with respect to deleting and moving.
 
Old 03-19-2013, 06:43 AM   #4
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
As you can see the permission on the directory i.e. drwxrwxrwt

The part marked in green is actual permissions on the directory, i.e. anybody can read/write files or sub-directories within this directory. But the part mentioned in red i.e. t, which means no one can delete a file or sub-directory, except file's owner, directory owner or the root.

Rest, modification on individual files within this directory depends upon what permissions that file or sub-directory has.

Last edited by shivaa; 03-19-2013 at 06:44 AM.
 
Old 03-19-2013, 06:51 AM   #5
Spruce_Moose
LQ Newbie
 
Registered: Mar 2013
Location: Australia
Distribution: Slackware
Posts: 9

Original Poster
Rep: Reputation: Disabled
So although no one else but the owner or root can delete the file, anyone could edit say a text file and wipe the contents, if they have write permission for the file, they could just not delete? If that's correct the sticky bit doesn't seem that useful if all file contents can be wiped.
 
Old 03-19-2013, 07:57 AM   #6
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
Sticky bit is useful for public directories or for big projects, where lots of users work together and use same directory for saving their data.

However, in order to protect the directory's content, you should either change the permissions of files (just think, how can you say a file is secured when everyone has read/write/execute permissions on it?). Or moreover, use the concept of SGID, which actually protects files from unauthorized modifications.
 
1 members found this post helpful.
Old 03-19-2013, 08:16 AM   #7
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
The sticky bit is actually there to allow for lock files. It makes directory operations atomic, and prevents unauthorized removal of the file/directory. Lock files either exist, or don't - you can't fake them if someone else cannot remove them.

It isn't perfect. If used for lock files, then the test is to create the file.. if an error occurs, then you didn't get the lock. Using lock files doesn't occur as often as it used to (semaphores are much faster), but it is relatively easy to use within a shell script where performance is less important.

Files created are done using the umask flags to block default write.. (a good umask for that is 077 - no one other than the user has access). This will protect any file/directory created.

Changing the access mode after the file is created causes a race condition - any process may open the file, then, even if permissions are changed, that process may continue reading/writing the file/directory (though some directory operations may not work...).

Last edited by jpollard; 03-19-2013 at 08:19 AM.
 
Old 03-19-2013, 01:57 PM   #8
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,118

Rep: Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339
Quote:
Originally Posted by Spruce_Moose View Post
So although no one else but the owner or root can delete the file, anyone could edit say a text file and wipe the contents, if they have write permission for the file, they could just not delete? If that's correct the sticky bit doesn't seem that useful if all file contents can be wiped.
You would have to have write permission for the file in order to modify or wipe its content. Without the sticky bit on the mode 777 directory, anyone could delete or rename a file regardless of that file's permission bits.
 
1 members found this post helpful.
Old 03-20-2013, 05:05 AM   #9
Spruce_Moose
LQ Newbie
 
Registered: Mar 2013
Location: Australia
Distribution: Slackware
Posts: 9

Original Poster
Rep: Reputation: Disabled
Thanks for the replies guys.

Had the night to think it over and I think I get it now. So with a sticky bit on a directory, you can add to the directory tree, but not remove. But if I wanted to, I could wipe the contents of a file in the directory as explained, as long as I have write permission for that file, however, I could not delete it. Is this correct? So the sticky bit on it's own does not make a totally secure shared directoy, users still need to be mindful of individual file permissions.

The sticky bit is necessary for a folder shared accross users because without it if people have write permission to the directory, they could just delete everything within it if they chose, even if they don't have write permission on the files. If this is all correct it makes sense now.

By the way, it is correct that I cannot delete a file within a directory without directory write permission, regardless of file permissions, isn't it?

I re-read what you said eSelix and it makes perfect sense now. Cheers.
 
Old 03-20-2013, 06:23 AM   #10
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
Quote:
By the way, it is correct that I cannot delete a file within a directory without directory write permission, regardless of file permissions, isn't it?
Yes it's correct, if you do not have write permission on parant directory, then you cannot delete it's content, even if the directory contents i.e. file or sub-directories have full permissions.

Second, sticky bit it useful only when you do not assign write permissions to files inside the directory. Else, there will be no meaning of setting sticky bit. You can not blame Unix, if one of it's utility isn't enough to handle the situation, but you will need to combine one or more utilities to accomplish your job and to protect your data. So in conjugation with sticky bit, you will need to assign proper permissions on files. Or you will need to assign SGID on file, so data can be protected from 'others'.

Have good luck!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sticky Bit ! bala.linuxtech Linux - Newbie 6 12-03-2012 10:47 AM
Sticky bit fakie_flip Linux - Software 3 10-31-2012 10:55 AM
Sticky situation bcos of sticky bit Voyager7 Linux - Newbie 4 03-01-2011 12:29 AM
About Sticky bit... masudur_iiu General 4 09-13-2006 11:23 AM
sticky bit motiram Linux - General 1 08-01-2001 01:34 PM


All times are GMT -5. The time now is 10:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration