22.6 Protecting Files with the Sticky BitUNIX directory access permissions say that if a user has write permission on a directory, she can rename or remove files there–even files that don't belong to her (see article 22.11 ). Many newer versions of UNIX have a way to stop that. The owner of a directory can set its sticky bit (mode (1.23 ) 1000). The only people who can rename or remove any file in that directory are the file's owner, the directory's owner, and the superuser. Here's an example: the user jerry
makes a world-writable
directory and sets the sticky bit (shown as jerry% Other people create files in it. When jennifer tries to remove a file that belongs to ellie , she can't: jennifer% - |
|