What is the Sticky Bit in UNIX File Systems and When to Use It
filesystemslinuxpermissionsunix
What is the sticky bit in a UNIX file system?
As an admin when and how would you use it?
Best Answer
Its original use was to provide a hint to the OS that the executable should be cached in memory so it would load faster. This use has mostly been deprecated as OSes are pretty smart about this sort of thing now. In fact, I think now some OSes use it as a hint that the executable shouldn’t be cached.
The most common use today is to create a directory in which anyone can create a file, but only the owner of a file in that directory can delete it. Traditionally, if you have a directory that anyone can write to, anyone can also delete a file from it. setting the sticky bit on a directory makes it so only the owner of a file can delete the file from a world-writeable directory.
The classic use of this is the /tmp directory:
$ ls -ld /tmp
drwxrwxrwt 29 root root 5120 May 20 09:15 /tmp/
The t in the mode there is the sticky bit. If that wasn’t set, it would be pretty easy for a regular user to cause havoc by deleting everything from /tmp. Since lots of daemons put sockets in /tmp, it would essentially be a local DOS.
For more data on the layout of Linux file-systems, look at the Filesystem Hierarchy Standard (now at version 2.3, with the beta 3.0 version deployed on most recent distros). It does explain some of where the names came from:
/sbin - Where super-binaries are stored. These usually only work with root.
/srv - Stands for "serve". This directory is intended for static files that are served out. /srv/http would be for static websites, /srv/ftp for an FTP server.
/usr - Another directory inherited from the Unixes of old, it stands for "UNIX System Resources". It does not stand for "user" (see the Debian Wiki). This directory should be sharable between hosts, and can be NFS mounted to multiple hosts safely. It can be mounted read-only safely.
/var - Another directory inherited from the Unixes of old, it stands for "variable". This is where system data that varies may be stored. Such things as spool and cache directories may be located here. If a program needs to write to the local file-system and isn't serving that data to someone directly, it'll go here.
/opt vs /usr/local
The rule of thumb I've seen is best described as:
Use /usr/local for things that would normally go into /usr, or are overriding things that are already in /usr. Use /opt for things that install all in one directory, or are otherwise special.
then provide your old and new passphrase (twice) at the prompts. (Use ~/.ssh/id_rsa if you have an RSA key.)
More details from man ssh-keygen:
[...]
SYNOPSIS
ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
[-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
[...]
-f filename
Specifies the filename of the key file.
[...]
-N new_passphrase
Provides the new passphrase.
-P passphrase
Provides the (old) passphrase.
-p Requests changing the passphrase of a private key file instead of
creating a new private key. The program will prompt for the file
containing the private key, for the old passphrase, and twice for
the new passphrase.
[...]
Best Answer
Its original use was to provide a hint to the OS that the executable should be cached in memory so it would load faster. This use has mostly been deprecated as OSes are pretty smart about this sort of thing now. In fact, I think now some OSes use it as a hint that the executable shouldn’t be cached.
The most common use today is to create a directory in which anyone can create a file, but only the owner of a file in that directory can delete it. Traditionally, if you have a directory that anyone can write to, anyone can also delete a file from it. setting the sticky bit on a directory makes it so only the owner of a file can delete the file from a world-writeable directory.
The classic use of this is the
/tmp
directory:The
t
in the mode there is the sticky bit. If that wasn’t set, it would be pretty easy for a regular user to cause havoc by deleting everything from/tmp
. Since lots of daemons put sockets in/tmp
, it would essentially be a local DOS.