 |  |
50.4. Protecting Files with the Sticky Bit
Unix directory access permissions specify that a person with write access to the directory can rename or remove files there -- even files that don't belong to the person (see Section 50.9). Many newer versions of Unix have a way to stop that. The owner of a directory can set its sticky bit (mode (Section 1.17) 1000). The only people who can rename or remove any file in that directory are the file's owner, the directory's owner, and the superuser.
Here's an example: the user jerry makes a world-writable directory and sets the sticky bit (shown as t here):
jerry% mkdir share jerry% chmod 1777 share jerry% ls -ld share drwxrwxrwt 2 jerry ora 32 Nov 19 10:31 share
Other people create files in it. When jennifer tries to remove a file that belongs to ellie, she can't:
jennifer% ls -l total 2 -rw-r--r-- 1 ellie ora 120 Nov 19 11:32 data.ellie -rw-r--r-- 1 jennifer ora 3421 Nov 19 15:34 data.jennifer -rw-r--r-- 1 peter ora 728 Nov 20 12:29 data.peter jennifer% rm data.ellie data.ellie: override 644 mode ? y rm: data.ellie not removed. Permission denied
-- JP
|  | |
| 50.3. Who Will Own a New File? |  | 50.5. Using chmod to Change File Permission |
Copyright © 2003 O'Reilly & Associates. All rights reserved.