Sticky bit

Last updated December 29, 2023

In computing, the sticky bit is a user ownership access right flag that can be assigned to files and directories on Unix-like systems.

For files, particularly executables, superuser could tag these as to be retained in main memory, even when their need ends, to minimize swapping that would occur when another need arises, and the file now has to be reloaded from relatively slow secondary memory.^[1] This function has become obsolete due to swapping optimization.

For directories, when a directory's sticky bit is set, the filesystem treats the files in such directories in a special way so only the file's owner, the directory's owner, or root user can rename or delete the file. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of the file's owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files.

The modern function of the sticky bit refers to directories, and protects directories and their content from being hijacked by non-owners; this is found in most modern Unix-like systems. Files in a shared directory such as /tmp belong to individual owners, and non-owners may not delete, overwrite or rename them.

History

The sticky bit was introduced in the Fifth Edition of Unix (in 1974) for use with pure executable files.^[2] When set, it instructed the operating system to retain the text segment of the program in swap space after the process exited. This speeds up subsequent executions by allowing the kernel to make a single operation of moving the program from swap to real memory. Thus, frequently-used programs like editors would load noticeably faster. One notable problem with "stickied" programs was replacing the executable (for instance, during patching); to do so required removing the sticky bit from the executable, executing the program and exiting to flush the cache, replacing the binary executable, and then restoring the sticky bit.

Subsequently, this behavior became operative only in HP-UX and UnixWare. Solaris appears to have abandoned this in 2005.^{[ citation needed ]} The 4.4-Lite release of BSD retained the old sticky bit behavior, but it has been subsequently dropped from OpenBSD (as of release 3.7) and FreeBSD (as of release 2.2.1). No version of Linux has ever supported this traditional behavior; Linux performs caching of executable files in the same way as all files, so re-executing the program to flush the cache is not necessary.

Usage

The most common use of the sticky bit is on directories residing within filesystems for Unix-like operating systems. When a directory's sticky bit is set, the filesystem treats the files in such directories in a special way so only the file's owner, the directory's owner, or root can rename or delete the file. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of the file's owner. Typically, this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files. This feature was introduced in 4.3BSD in 1986, and today it is found in most modern Unix-like systems.

In addition, Solaris (as of Solaris 2.5) defines special behavior when the sticky bit is set on non-executable files: those files, when accessed, will not be cached by the kernel. This is usually set on swap files to prevent access on the file from flushing more important data from the system cache. It is also used occasionally for benchmarking tests.^{[ citation needed ]}

The sticky bit is also set by the automounter to indicate that a file has not been mounted yet. This allows programs like ls to ignore unmounted remote files.

Excerpts from man pages about the sticky bit's effect on directories and files
Operating System	Directories	Files
AIX 5.2^[3]	indicates that only file owners can link or unlink files in the specified directory.	sets the save-text attribute.
Solaris 11^[4]	If a directory is writable and has S_ISVTX (the sticky bit) set, files within that directory can be removed or renamed only if one or more of the following is true (see unlink(2) and rename(2)): the user owns the file, the user owns the directory, the file is writable by the user, the user is a privileged user.	If a regular file is not executable and has S_ISVTX set, the file is assumed to be a swap file. In this case, the system's page cache will not be used to hold the file's data. If [...] set on any other file, the results are unspecified.
HP-UX^[5]	If [...] set on a directory, an unprivileged user cannot delete or rename others' files in that directory.	[...] prevents the system from abandoning the swap-space image of the program-text portion of the file when its last user terminates. Then, when the next user of the file executes it, the text need not be read from the file system but can simply be swapped in, thus saving time.
Linux^[6]^[7]	When [...] set on a directory, files in that directory may only be unlinked or renamed by root or the directory owner or the file owner. The fs.protected_fifos, fs.protected_regular, and fs.protected_symlinks sysctls further restrict the creation of FIFOs, creation of regular files, and the following of symlinks respectively within directories with the sticky bit set.	the Linux kernel ignores the sticky bit on files.
FreeBSD^[8]	If [...] set on a directory, an unprivileged user may not delete or rename files of other users in that directory.	The FreeBSD VM system totally ignores the sticky bit (S_ISVTX) for executables.
IRIX^[9]	If [...] set on a directory, then any files created in that directory will take on the group ID of the directory rather than the group ID of the calling process. mount(1M) may be used to enable this feature regardless of the mode of the directory.	If the sticky bit, S_ISVTX, is set on a file that is a dynamic loader for an ELF executable, then when the executable is exec'ed the old process's read only address spaces will be made available to the dynamic loader in the new process. This can improve program start up time considerably. The setting of the sticky bit on any other file has no effect.
Mac OS X (Leopard)^[10]	A directory whose 'sticky bit' is set becomes an append-only directory [...] in which the deletion of files is restricted. A file in a sticky directory may only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the super-user. This feature is usefully applied to directories such as /tmp which must be publicly writable but should deny users the license to arbitrarily delete or rename each other's files. Any user may create a sticky directory.	The sticky bit has no effect on executable files. All optimisation on whether text images remain resident in memory is handled by the kernel's virtual memory system.
NetBSD^[11]	A directory whose "sticky bit" is set becomes a directory in which the deletion of files is restricted. A file in a sticky directory may only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the super-user. This feature is usefully applied to directories such as /tmp which must be publicly writable but should deny users the license to arbitrarily delete or rename each other's files.	NetBSD does not currently treat regular files that have the sticky bit set specially, but this behavior might change in the future.
OpenBSD^[12]	A directory with the "sticky bit" set places restrictions on file deletion: a file in a sticky directory may only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the superuser. This feature is usefully applied to directories such as /tmp which must be publicly writable but should deny users the license to arbitrarily delete or rename each other's files. Any user may create a sticky directory. See chmod(1) for details about modifying file modes.	Historically, an executable shareable file which had the sticky bit set was not immediately discarded from swap space after execution. The kernel hoarded the text segment of the file for future reuse, thus avoiding having to reload the program. This is no longer true on modern systems; the current virtual memory system keeps track of recently used executables, making the sticky bit for files redundant. The sticky bit can still be set on files, but without any effect. Only the superuser can set the sticky bit on a file, though the owner of the file may clear the sticky bit.
SCO UnixWare^[13]	If a directory is writable and the sticky bit, S_ISVTX, is set on the directory, a process may remove or rename files within that directory only if one or more of the following is true: the effective user ID of the process is the same as that of the owner ID of the file the effective user ID of the process is the same as that of the owner ID of the directory the process has write permission for the file the process has the P_OWNER privilege	If a 0410 a.out executable file has the sticky bit (mode bit 01000) set, the operating system will not delete the program text from the swap area when the last user process terminates. If a 0413 a.out or ELF executable file has the sticky bit set, the operating system will not delete the program text from memory when the last user process terminates. In either case, if the sticky bit is set the text will already be available (either in a swap area or in memory) when the next user of the file executes it, thus making execution faster.

Examples

The sticky bit can be set using the chmod command and can be set using its octal mode 1000 or by its symbol t (s is already used by the setuid bit). For example, to add the bit on the directory /usr/local/tmp, one would type chmod +t /usr/local/tmp. Or, to make sure that directory has standard tmp permissions, one could also type chmod 1777 /usr/local/tmp.

To clear it, use chmod -t /usr/local/tmp or chmod 0777 /usr/local/tmp (the latter will also reset the tmp directory to standard permissions).

In Unix symbolic file system permission notation, the sticky bit is represented either by the letter t or T in the final character-place depending on whether the execution bit for the others category is set or unset, respectively. For instance, on Solaris 8, the /tmp directory, which by default has both the others execute bit and the sticky-bit set, shows up as:

$ ls-ld/tmp drwxrwxrwt   4 root     sys          485 Nov 10 06:01 /tmp

If the sticky-bit is set on a file or directory without the execution bit set for the others category (non-user-owner and non-group-owner), it is indicated with a capital T (replacing what would otherwise be -):

# ls-ltest-rw-r--r--   1 root     anygroup          0 Nov 10 12:57 test# chmod+ttest;ls-ltest-rw-r--r-T   1 root     anygroup          0 Nov 10 12:57 test

Related Research Articles

In Unix and Unix-like operating systems, chmod is the command and system call used to change the access permissions and the special mode flags of file system objects. Collectively these were originally called its modes, and the name chmod was chosen as an abbreviation of change mode.

Disk partitioning or disk slicing is the creation of one or more regions on secondary storage, so that each region can be managed separately. These regions are called partitions. It is typically the first step of preparing a newly installed disk, before any file system is created. The disk stores the information about the partitions' locations and sizes in an area known as the partition table that the operating system reads before any other part of the disk. Each partition then appears to the operating system as a distinct "logical" disk that uses part of the actual disk. System administrators use a program called a partition editor to create, resize, delete, and manipulate the partitions. Partitioning allows the use of different filesystems to be installed for different kinds of files. Separating user data from system data can prevent the system partition from becoming full and rendering the system unusable. Partitioning can also make backing up easier. A disadvantage is that it can be difficult to properly size partitions, resulting in having one partition with too much free space and another nearly totally allocated.

In computing, ls is a command to list computer files and directories in Unix and Unix-like operating systems. It is specified by POSIX and the Single UNIX Specification.

In computing, a symbolic link is a file whose purpose is to point to a file or directory by specifying a path thereto.

Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.

The Filesystem Hierarchy Standard (FHS) is a reference describing the conventions used for the layout of Unix-like systems. It has been made popular by its use in Linux distributions, but it is used by other Unix-like systems as well. It is maintained by the Linux Foundation. The latest version is 3.0, released on 3 June 2015.

tmpfs is a temporary file storage paradigm implemented in many Unix-like operating systems. It is intended to appear as a mounted file system, but data is stored in volatile memory instead of a persistent storage device. A similar construction is a RAM disk, which appears as a virtual disk drive and hosts a disk file system.

fstab is a system file commonly found in the directory /etc on Unix and Unix-like computer systems. In Linux, it is part of the util-linux package. The fstab file typically lists all available disk partitions and other types of file systems and data sources that may not necessarily be disk-based, and indicates how they are to be initialized or otherwise integrated into the larger file system structure.

stat is a Unix system call that returns file attributes about an inode. The semantics of stat vary between operating systems. As an example, Unix command ls uses this system call to retrieve information on files that includes:

In computing, umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files. It may also affect how the file permissions are changed explicitly. umask is also a function that sets the mask, or it may refer to the mask itself, which is formally known as the file mode creation mask. The mask is a grouping of bits, each of which restricts how its corresponding permission is set for newly created files. The bits in the mask may be changed by invoking the umask command.

The Unix and Linux access rights flags setuid and setgid allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

Most file systems include attributes of files and directories that control the ability of users to read, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made visible or hidden depending on a user's permission level; this kind of user interface is referred to as permission-driven.

The seven standard Unix file types are regular, directory, symbolic link, FIFO special, block special, character special, and socket as defined by POSIX. Different OS-specific implementations allow more types than what POSIX requires. A file's type can be identified by the ls -l command, which displays the type in the first character of the file-system permissions field.

Unix-like operating systems identify a user by a value called a user identifier, often abbreviated to user ID or UID. The UID, along with the group identifier (GID) and other access control criteria, is used to determine which system resources a user can access. The password file maps textual user names to UIDs. UIDs are stored in the inodes of the Unix file system, running processes, tar archives, and the now-obsolete Network Information Service. In POSIX-compliant environments, the shell command id gives the current user's UID, as well as more information such as the user name, primary user group and group identifier (GID).

In Unix-like and some other operating systems, find is a command-line utility that locates files based on some user-specified criteria and either prints the pathname of each matched object or, if another action is requested, performs that action on each matched object.

rm is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.

The proc filesystem (procfs) is a special filesystem in Unix-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, providing a more convenient and standardized method for dynamically accessing process data held in the kernel than traditional tracing methods or direct access to kernel memory. Typically, it is mapped to a mount point named /proc at boot time. The proc file system acts as an interface to internal data structures about running processes in the kernel. In Linux, it can also be used to obtain information about the kernel and to change certain kernel parameters at runtime (sysctl).

File attributes are a type of meta-data that describe and may modify how files and/or directories in a filesystem behave. Typical file attributes may, for example, indicate or specify whether a file is visible, modifiable, compressed, or encrypted. The availability of most file attributes depends on support by the underlying filesystem where attribute data must be stored along with other control structures. Each attribute can have one of two states: set and cleared. Attributes are considered distinct from other metadata, such as dates and times, filename extensions or file system permissions. In addition to files, folders, volumes and other file system objects may have attributes.

chattr is the command in Linux that allows a user to set certain attributes of a file. lsattr is the command that displays the attributes of a file.

Toybox is a free and open-source software implementation of over 200 Unix command line utilities such as ls, cp, and mv. The Toybox project was started in 2006, and became a 0BSD licensed BusyBox alternative. Toybox is used for most of Android's command-line tools in all currently supported Android versions, and is also used to build Android on Linux and macOS. All of the tools are tested on Linux, and many of them also work on BSD and macOS.

References

↑ Zintz, Walter (February 1984). "The Unix Connection: What is a sticky bit?". HARDCOPY . p. 130.
↑ Steinhauser, Martin Oliver (2012). Computer Simulation in Physics and Engineering. De Gruyter. ISBN 978-3-1102-5590-4.
↑ "Archived copy of chmod man page under AIX 5.2". Archived from the original on 2005-01-18. Retrieved 2009-01-19.
↑ "Synopsis - man pages section 2: System Calls". Docs.oracle.com. 2011-11-01. Retrieved 2014-04-10.
↑ "HPUX chmod[2]". Archived from the original on November 20, 2007. Retrieved February 29, 2008.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
↑ "chmod(1) - Linux manual page". Man7.org. Retrieved 2014-04-10.
↑ "proc(5) - Linux manual page". Man7.org. Retrieved 2022-03-04.
↑ "chmod - FreeBSD". Nixdoc.net. 1993-06-04. Retrieved 2014-04-10.
↑ "chmod - IRIX/standard/". Nixdoc.net. Retrieved 2014-04-10.
↑ "Mac Developer Library". Developer.apple.com. Retrieved 2014-04-10.
↑ "sticky.7 - NetBSD Manual Pages". Netbsd.gw.com. 2021-05-16. Retrieved 2021-05-16.
↑ "Manual Pages: sticky". Openbsd.org. 2014-02-14. Retrieved 2018-02-04.
↑ "chmod(2)". Uw714doc.sco.com. 2004-04-25. Retrieved 2014-04-10.

External links

Unix File and Directory Permissions, 2010, by Wayne Pollock, archived from the original on February 3, 2012

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Zintz, Walter (February 1984). "The Unix Connection: What is a sticky bit?". HARDCOPY . p. 130.

[2] Steinhauser, Martin Oliver (2012). Computer Simulation in Physics and Engineering. De Gruyter. ISBN 978-3-1102-5590-4.

[3] "Archived copy of chmod man page under AIX 5.2". Archived from the original on 2005-01-18. Retrieved 2009-01-19.

[4] "Synopsis - man pages section 2: System Calls". Docs.oracle.com. 2011-11-01. Retrieved 2014-04-10.

[5] "HPUX chmod[2]". Archived from the original on November 20, 2007. Retrieved February 29, 2008.{{cite web}}: CS1 maint: bot: original URL status unknown (link)

[6] "chmod(1) - Linux manual page". Man7.org. Retrieved 2014-04-10.

[7] "proc(5) - Linux manual page". Man7.org. Retrieved 2022-03-04.

[8] "chmod - FreeBSD". Nixdoc.net. 1993-06-04. Retrieved 2014-04-10.

[9] "chmod - IRIX/standard/". Nixdoc.net. Retrieved 2014-04-10.

[10] "Mac Developer Library". Developer.apple.com. Retrieved 2014-04-10.

[11] "sticky.7 - NetBSD Manual Pages". Netbsd.gw.com. 2021-05-16. Retrieved 2021-05-16.

[12] "Manual Pages: sticky". Openbsd.org. 2014-02-14. Retrieved 2018-02-04.

[13] "chmod(2)". Uw714doc.sco.com. 2004-04-25. Retrieved 2014-04-10.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]