How to Use Sticky Bit to Manage Files on Shared Directories in Linux

Bg12

Since its inception, Linux was tailored to support a multi-user environment. With many users and groups on a working system, it is quite common to encounter directories shared between users of the same group, and issues arise from the sharing of files in the directories. In this article, we will discuss how you can make use of sticky bits to fine tune file access permission on shared directories.

For illustration purposes, we have a system with three users – john1, john2 and john3, all are members of the common group “johns”

Let’s say “john1” creates a new directory called “shared-dir” meant to be shared among all users of “johns” group.

ls command on shared directory

With the ls command, we can view the permission of the “shared-dir”, which can be interpreted in the following table:

linux folder permission

Only “john1” can read the directory’s contents and also write to the directory. Since we are working with a shared directory, we want all the users of the group to be able to write to “shared-dir”.

For this, we will modify the permissions using chmod command. We will add the “write” permissions to all the users of “johns” group as shown below.

grant group write permission for folder

We can view the updated permissions for “shared-dir” as shown below. The portion underlined in yellow shows that “johns” group has been given “write” permissions.

folder with group write permission

Adding files to the Shared Directory

Now “john1” adds two files (j1_file1.txt and j1_file2.txt) to “shared-dir”

adding files to shared directory

For easy understanding, the first two characters of the file name are synonymous with the user name.

adding second file to shared directory

Likewise, “john2” are also able to “write” to the directory “shared-dir”

second user adding file to directory
third user adding file to directory

There are four files in “shared-dir” now.

files in shared directory

Is there a problem with the current setup?

The file “j1_file1.txt” was created by “john1” making “john1” the file owner. Now “john2” logs in and attempts to delete this file, and he will be able to do so.

“john1” was the file owner, but “john2” was able to delete it because the “write” permission was given to all the members of “johns” group.

This scenario is not ideal. We want all the users to be able to write to the directory, but only the file owner must be able to delete a file. How can this be achieved?

Introducing Sticky Bit

The sticky bit is a special permission that can be set on a directory which has “write” permissions set for the group with access to it. This bit ensures that all members of the group can write to the directory, but only the person who created a file, that is the file owner, can delete the file.

chmod command with the +t flag can be used to set the sticky bit on a directory.

set sticky bit on directory

The updated permission can be seen below.

folder permission with sticky bit set

Now if “john2” attempts to delete the file “j1_file2.txt” that was created by “john1”, that operation is not permitted.

remove file not permitted

If you remove the “execute” permission for “others”, as shown below:

remove executable permission for other

the existence of sticky bit on the directory is represented by an upper case “T” in the “others” portion of the permission string. The sticky bit behavior on the directory remains the same.

file permission of folder without executable permission

Variant of “chmod” command

The numerical form of chmod command can also be used to set sticky bit on a directory.

where,

  • n = 1, referring to sticky bit. Other values of “n” refer to other special permissions.
  • x : permission given to file owner
  • y : permission given to group with access to the file
  • z : permission given to others

To set sticky bit on “shared-dir”, use the following command:

which produces the same result as using +t on existing default permissions.

The usage of sticky bit holds good only for directories, it would not make sense to use it for files.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.