home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    

UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 22.5 Group Permissions in a Directory with the setgid Bit Chapter 22
File Security, Ownership, and Sharing
Next: 22.7 Using chmod to Change File Permission
 

22.6 Protecting Files with the Sticky Bit

UNIX directory access permissions say that if a user has write permission on a directory, she can rename or remove files there–even files that don't belong to her (see article 22.11 ). Many newer versions of UNIX have a way to stop that. The owner of a directory can set its sticky bit ( mode ( 1.23 ) 1000). The only people who can rename or remove any file in that directory are the file's owner, the directory's owner, and the superuser.

Here's an example: the user jerry makes a world-writable directory and sets the sticky bit (shown as t here):

jerry% 

mkdir share


jerry% 

chmod 1777 share


jerry% 

ls -ld share


drwxrwxrwt   2 jerry    ora           32 Nov 19 10:31 share

Other people create files in it. When jennifer tries to remove a file that belongs to ellie , she can't:

jennifer% 

ls -l


total 2
-rw-r--r--   1 ellie    ora          120 Nov 19 11:32 data.ellie
-rw-r--r--   1 jennifer ora         3421 Nov 19 15:34 data.jennifer
-rw-r--r--   1 peter    ora          728 Nov 20 12:29 data.peter
jennifer% 

rm data.ellie


data.ellie: 644 mode ? 

y


rm: data.ellie not removed.
Permission denied

- JP


Previous: 22.5 Group Permissions in a Directory with the setgid Bit UNIX Power Tools Next: 22.7 Using chmod to Change File Permission
22.5 Group Permissions in a Directory with the setgid Bit Book Index 22.7 Using chmod to Change File Permission

The UNIX CD Bookshelf Navigation The UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System










??????????????@Mail.ru