How to use Sticky Bit to manage files on shared folders in Linux

Since its launch, Linux has been designed to support a multi-user environment. For many users and groups on a working system, it is common to encounter shared folders among users in the same group and problems also arise from file sharing in folders.

In this article, TipsMake.com discusses how you can use sticky bits to fine-tune file access on shared folders.

For illustrative purposes, the article has a system with 3 users - john1, john2 and john3 , all of which are members of a common group.

Suppose 'john1' creates a new directory named 'shared-dir' , which is shared among all johns users .

With the ls command, we can view the permissions for 'shared-dir' , which is understood as follows: Only 'john1' can read the content as well as write to the directory. Because we are working with a shared folder, the goal is to make all users of the group write to 'shared-dir'.

To do so, we will modify the permissions using the chmod command. We will add write permissions for all johns users, as shown below.

How to use Sticky Bit to manage files on shared folders in Linux Picture 1

We can see updated permissions for 'shared-dir' as shown below. The yellow underlined section indicates that the johns group has been granted write permissions.

Add files to the shared folder

Now, john1 adds two files ( j1_file1.txt and j1_file2.txt ) to 'shared-dir'.

For ease of understanding, the first two characters of the file name are synonymous with the username.

Similarly, john2 can also be written to the 'shared-dir' directory.

There are currently 4 files in 'shared-dir'.

How to use Sticky Bit to manage files on shared folders in Linux Picture 2

Is there a problem with the current settings?

File j1_file1.txt is created by john1 , the file owner. Now, john2 login and try to delete this file and he will be able to do so.

'john1' is the file owner, but 'john2' can delete it because the write permissions are granted to all members of the johns group .

This scenario is not ideal. We want all users to be able to write to the directory, but only the file owner can delete the file. How can this be achieved?

Introducing sticky bit

Sticky bits are a special permission, which is set on a write permissions folder for the whole group. This bit ensures that all members of the group can write to the directory, but only the file creator, or the file owner, can delete it.

The chmod command with flag - t can be used to place sticky bits on a folder.

Updated rights can be seen below.

How to use Sticky Bit to manage files on shared folders in Linux Picture 3

Now, if 'john2' tries to delete the file 'j1_file2.txt' created by 'john1', that operation will not be allowed.

If you remove the executable rights from others, then the existence of sticky bits in the folder is indicated by a capital letter in the 'others' section of the permission string. The behavior of sticky bits on the folder remains the same.

How to use Sticky Bit to manage files on shared folders in Linux Picture 4

Variant of chmod command

The digital form of the chmod command can also be used to place sticky bits on a folder.

 chmod nxyz 

Inside:

1. n = 1 : Refers to sticky bits. Other values ​​of n refer to other special rights.
2. x : Rights to file owner.
3. y : Permission granted to the group that has access to the file.
4. z : Rights for others

To set sticky bit on 'shared-dir' , use the following command:

 chmod 1755 shared-dir 

The command produces the same result as using + t on existing default permissions.

The use of sticky bits is only suitable for folders and will not make sense when used for files.