[Linux] Difference between /tmp and /var/tmp
- When a program writes temporary files in /tmp, don’t expect to find it at the launch of another program..
- Indeed this directory can be cleaned out anytime. In the vast majority of distributions, this directory is cleaned at each reboot.
However, the files written to /var/tmp will be kept after restart.
– The sticky bit is primarily used on shared directories.
– It is useful for shared directories such as /var/tmp and /tmp because users can create files, read and execute files owned by other users, but are not allowed to remove files owned by other users.
– For example if user bob creates a file named /tmp/bob, other user tom can not delete this file even when the /tmp directory has permission of 777. If sticky bit is not set then tom can delete /tmp/bob, as the /tmp/bob file inherits the parent directory permissions.
– root user (Off course!) and owner of the files can remove their own files.
Example of sticky bit :
# ls -ld /var/tmp drwxrwxrwt 2 sys sys 512 Jan 26 11:02 /var/tmp
- T refers to when the execute permissions are off. - t refers to when the execute permissions are on.
How to set sticky bit permission?
# chmod +t [path_to_directory] or # chmod 1777 [path_to_directory]
What is Sticky Bit?
Sticky Bit is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.
Learn Sticky Bit with examples:
Example: Create a project(A folder) where people will try to dump files for sharing, but they should not delete the files created by other users.
How can I setup Sticky Bit for a Folder?
Sticky Bit can be set in two ways
- Symbolic way (t,represents sticky bit)
- Numerical/octal way (1, Sticky Bit bit as value 1)
Use chmod command to set Sticky Bit on Folder: /opt/dump/
chmod o+t /opt/dump/
chmod +t /opt/dump/
Let me explain above command, We are setting Sticky Bit(+t) to folder /opt/dump by using chmod command.
chmod 1757 /opt/dump/
Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.
Checking if a folder is set with Sticky Bit or not?
Use ls –l to check if the x in others permissions field is replaced by t or T
For example: /opt/dump/ listing before and after Sticky Bit set
Before Sticky Bit set:
-rwxr-xrwx 1 xyz xyzgroup 148 Dec 22 03:46 /opt/dump/
After Sticky Bit set:
-rwxr-xrwt 1 xyz xyzgroup 148 Dec 22 03:46 /opt/dump/
Some FAQ’s related to Sticky Bit:
Now sticky bit is set, lets check if user “temp” can delete this folder which is created xyz user.
$ rm -rf /opt/dump
rm: cannot remove `/opt/dump’: Operation not permitted
$ ls -l /opt
drwxrwxrwt 4 xyz xyzgroup 4096 2012-01-01 17:37 dump
if you observe other user is unable to delete the folder /opt/dump. And now content in this folder such as files and folders can be deleted by their respective owners who created them. No one can delete other users data in this folder though they have full permissions.
I am seeing “T” ie Capital s in the file permissions, what’s that?
After setting Sticky Bit to a file/folder, if you see ‘T’ in the file permission area that indicates the file/folder does not have executable permissions for all users on that particular file/folder.
Sticky bit without Executable permissions:
so if you want executable permissions, Apply executable permissions to the file.
chmod o+x /opt/dump/
ls -l command output:
-rwxr-xrwt 1 xyz xyzgroup 0 Dec 5 11:24 /opt/dump/
Sticky bit with Executable permissions:
you should see a smaller ‘t’ in the executable permission position.
How can I find all the Sticky Bit set files in Linux/Unix.
find / -perm +1000
The above find command will check all the files which is set with Sticky Bit bit(1000).
Can I set Sticky Bit for files?
Yes, but most of the time it’s not required.
How can I remove Sticky Bit bit on a file/folder?
chmod o-t /opt/dump/