Today, I want to dive into the realm of file permissions, specifically focusing on a character you may have encountered during your Linux journey: the weird “t” at the end of a drwxrwxrwt permission set.
In this post, I’ll explore the meaning and implications of this often overlooked, yet powerful, permission modifier that plays a vital role in enhancing the security and management of your Linux system. So, let’s get straight to the point and unravel the mystery behind the sticky bit!
What does the “t” stand for in drwxrwxrwt or rwxrwxrwt?
The ‘t’ at the end of drwxrwxrwt or -rwxrwxrwt stands for the “sticky bit.” The sticky bit is a permission modifier that provides additional control over the access and management of files within a directory. When the sticky bit is set on a directory, it ensures that only the owner of a file can delete or rename the file, even if other users have write permissions on the directory. This will prevent users from accidentally or intentionally deleting or modifying files that belong to others.
When to use the sticky bit?
One example of using the sticky bit is when you have a file that you want all users on your system to be able to edit. A shift schedule is an example. But you don’t want somebody to be able to accidentally delete the file and lose all the data. Then you would set the sticky bit, and both read and write permissions to the file. Now everyone can edit the file but only you, the owner, can delete it.
Another example would be a directory that holds data for an application that multiple users run. You may want to make sure that the application can make changes to its files when run by other users. But if the data would be deleted, the application might run into problems. So you set the sticky bit on the directory.
How to set the sticky bit
Setting the sticky bit is quite simple. You can use the chmod command to do this. Let’s create a file and allow everyone to read and write to the file.
linuxdigest@linuxdigest:~$ touch sticky_file linuxdigest@linuxdigest:~$ chmod g+rw,o+rw sticky_file linuxdigest@linuxdigest:~$ ls -lh total 0 -rw-rw-rw- 1 linuxdigest linuxdigest 0 Mar 25 17:29 sticky_file
As you can see the permission are: “-rw-rw-rw-“. Meaning that the file can be read and written by the owner, owner’s group, and others.
Now to set the sticky bit. The simplest way to do this is to use “+t” when running the chmod command.
chmod +t sticky_file
The exact same thing would apply to a directory when we run chmod with the “+t” argument.
chmod +t sticky_directory
Now the permissions on the directory show “drwxrwxrwt” in the permissions field:
linuxdigest@linuxdigest:~$ ls -lh total 4.0K drwxrwxrwt 2 linuxdigest linuxdigest 4.0K Mar 25 18:03 sticky_directory
When we run ls on the directory again we will see that the “t” has been added to the end of the permissions.
linuxdigest@linuxdigest:~$ ls -lh total 0 -rw-rw-rwT 1 linuxdigest linuxdigest 0 Mar 25 17:35 sticky_file
Of course, if you are more accustomed to using octal notation when running chmod you can do that as well. All you need to do is set the first attribute to 1.
In our example above we wanted everyone to have read and write permission. An absolute octal value would be 666. Which is the same as using a=rw. To add the sticky bit we will set the value to 1666. Like this:
chmod 1666 sticky_file
Now we have the same result as we did before:
linuxdigest@linuxdigest:~$ ls -lh total 0 -rw-rw-rwT 1 linuxdigest linuxdigest 0 Mar 25 17:35 sticky_file
How to remove the sticky bit
Removing the sticky bit is just as simple as adding it. Just substitute the “+” sign with a “-“ sign. So instead of using “+t” we will use “-t” when running chmod:
chmod -t sticky_file
In octal format, the absolute value for the permission would be 0666. That is read-write for everyone but no sticky bit.
chmod 0666 sticky_file
The difference between the lowercase and uppercase ‘T’
You may have noticed that the “t” in the permissions is sometimes represented with a lowercase “t” and sometimes with an uppercase “T”. This might seem confusing, but it is actually a pretty smart way to save space.
An uppercase “T” will tell you that the sticky bit is set but others do not have executable permission. But a lowercase “t” will tell you that the sticky bit is set and executable permission for others is also set.
Compare these two directories. One has the sticky bit and the other one does not:
drwxrwxrwx 2 linuxdigest linuxdigest 4.0K Mar 25 18:07 not_sticky_directory drwxrwxrwt 2 linuxdigest linuxdigest 4.0K Mar 25 18:07 sticky_directory
Notice how the last “x” (executable permission for others) is missing from the sticky directory? The sticky bit replaces the “x” so we need a way to see if the executable permission is set. Let’s try removing the executable permission on both directories:
chmod o-x *
Now when we run ls we will see this:
drwxrwxrw- 2 linuxdigest linuxdigest 4.0K Mar 25 18:07 not_sticky_directory drwxrwxrwT 2 linuxdigest linuxdigest 4.0K Mar 25 18:07 sticky_directory
The sticky bit is represented with an uppercase ‘T’ instead of a lowercase one. So we know that there is also no executable permission for others.
That is it for drwxrwxrwT
Congratulations! The next time you see “drwxrwxrwT” or “-rwxrwxrwt” in your ls output, you should be able to tell that the sticky bit is set and what that means. I hope you stick around and take a look at some of my other articles. Like an explanation of more standard permissions like “-rw-r–r–“.