Sticky bit
Encyclopedia
In computing
, the sticky bit is an access-right flag
that can be assigned to files
and directories
on Unix
systems.
of Unix in 1974 for use with pure executable files. When set, it instructed the operating system
to retain the text segment of the program in swap space
after the process
exited. This speeds up subsequent executions by allowing the kernel to make a single operation of moving the program from swap to real memory. Thus, frequently-used programs like editors would load noticeably faster. One notable problem with "stickied" programs was replacing the executable (for instance, during patching
); to do so required removing the sticky bit from the executable, executing the program and exiting to flush the cache, replacing the binary executable, and then restoring the sticky bit.
Currently, this behavior is only operative in HP-UX
, NetBSD
, and UnixWare
. Solaris
appears to have abandoned this in 2005. The 4.4-Lite release of BSD
retained the old sticky bit behavior but it has been subsequently dropped from OpenBSD
(as of release 3.7) and FreeBSD
(as of release 2.2.1); it remains in NetBSD
. No version of Linux
has ever supported the traditional behavior.
can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files. This feature was introduced in 4.3BSD in 1986 and today it is found in most modern Unix systems.
In addition, Solaris (as of Solaris 2.5) defines special behavior when the sticky bit is set on non-executable files: those files, when accessed, will not be cached by the kernel. This is usually set on swap files to prevent access on the file from flushing more important data from the system cache. It is also used occasionally for benchmarking
tests.
The sticky bit is also set by the automounter
to indicate that a file has not been mounted yet. This allows programs like ls to ignore unmounted remote files.
command and can be set using its octal mode 1000 or by its symbol t (s is already used by the setuid
bit). For example, to add the bit on the directory /usr/local/tmp, one would type chmod +t /usr/local/tmp. Or, to make sure that directory has standard tmp permissions, one could also type chmod 1777 /usr/local/tmp.
To clear it, use chmod -t /usr/local/tmp or chmod 0777 /usr/local/tmp (using numeric mode will also change directory tmp to standard permissions).
Note that with the chmod
command, you can set or clear the setuid
and setgid bits with symbolic modes like u+s and g-s. However, with the numeric mode, you can set but not clear the setuid
and setgid bits.
In Unix symbolic file system permission
notation, the sticky bit is represented by the letter t in the final character-place. For instance, on Solaris 8, the /tmp directory, which by default has the sticky-bit set, shows up as:
$ ls -ld /tmp
drwxrwxrwt 4 root sys 485 Nov 10 06:01 /tmp
If the sticky-bit is set on a file or directory without the execution bit set for the others category (non-user-owner and non-group-owner), it is indicated with a capital T:
# ls -l test
-rw-r--r-- 1 root other 0 Nov 10 12:57 test
# chmod +t test; ls -l test
-rw-r--r-T 1 root other 0 Nov 10 12:57 test
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...
, the sticky bit is an access-right flag
Flag (computing)
In computer programming, flag can refer to one or more bits that are used to store a binary value or code that has an assigned meaning, but can refer to uses of other data types...
that can be assigned to files
Computer file
A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
and directories
Directory (file systems)
In computing, a folder, directory, catalog, or drawer, is a virtual container originally derived from an earlier Object-oriented programming concept by the same name within a digital file system, in which groups of computer files and other folders can be kept and organized.A typical file system may...
on Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
systems.
History
The sticky bit was introduced in the Fifth EditionResearch Unix
Research Unix is a term used to refer to versions of the Unix operating system for DEC PDP-7, PDP-11, VAX and Interdata 7/32 and 8/32 computers, developed in the Bell Labs Computing Science Research Center ....
of Unix in 1974 for use with pure executable files. When set, it instructed the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
to retain the text segment of the program in swap space
Virtual memory
In computing, virtual memory is a memory management technique developed for multitasking kernels. This technique virtualizes a computer architecture's various forms of computer data storage , allowing a program to be designed as though there is only one kind of memory, "virtual" memory, which...
after the process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
exited. This speeds up subsequent executions by allowing the kernel to make a single operation of moving the program from swap to real memory. Thus, frequently-used programs like editors would load noticeably faster. One notable problem with "stickied" programs was replacing the executable (for instance, during patching
Patch (computing)
A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance...
); to do so required removing the sticky bit from the executable, executing the program and exiting to flush the cache, replacing the binary executable, and then restoring the sticky bit.
Currently, this behavior is only operative in HP-UX
HP-UX
HP-UX is Hewlett-Packard's proprietary implementation of the Unix operating system, based on UNIX System V and first released in 1984...
, NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
, and UnixWare
UnixWare
UnixWare is a Unix operating system maintained by The SCO Group . UnixWare is typically deployed as a server rather than desktop. Binary distributions of UnixWare are available for x86 architecture computers. It was originally released by Univel, a jointly owned venture of AT&T's Unix System...
. Solaris
Solaris Operating System
Solaris is a Unix operating system originally developed by Sun Microsystems. It superseded their earlier SunOS in 1993. Oracle Solaris, as it is now known, has been owned by Oracle Corporation since Oracle's acquisition of Sun in January 2010....
appears to have abandoned this in 2005. The 4.4-Lite release of BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
retained the old sticky bit behavior but it has been subsequently dropped from OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
(as of release 3.7) and FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
(as of release 2.2.1); it remains in NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
. No version of Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
has ever supported the traditional behavior.
Usage
The most common use of the sticky bit today is on directories. When the sticky bit is set, only the item's owner, the directory's owner, or the superuserSuperuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files. This feature was introduced in 4.3BSD in 1986 and today it is found in most modern Unix systems.
In addition, Solaris (as of Solaris 2.5) defines special behavior when the sticky bit is set on non-executable files: those files, when accessed, will not be cached by the kernel. This is usually set on swap files to prevent access on the file from flushing more important data from the system cache. It is also used occasionally for benchmarking
Benchmark (computing)
In computing, a benchmark is the act of running a computer program, a set of programs, or other operations, in order to assess the relative performance of an object, normally by running a number of standard tests and trials against it...
tests.
The sticky bit is also set by the automounter
Berkeley Automounter
The Berkeley Automounter first appeared in 4.4BSD, and is a computer automounter daemon. The original Berkeley automounter was created by Jan-Simon Pendry in 1989 and was donated to Berkeley...
to indicate that a file has not been mounted yet. This allows programs like ls to ignore unmounted remote files.
| Operating System | Excerpt from Man pages regarding sticky bit on files | Links |
|---|---|---|
| AIX 5.2 | For directories, indicates that only file owners can link or unlink files in the specified directory. For files, sets the save-text attribute. | AIX chmod (2) |
| Solaris 10 | If a regular file is not executable and has S_ISVTX set, the file is assumed to be a swap file. In this case, the system's page cache will not be used to hold the file's data. If the S_ISVTX bit is set on any other file, the results are unspecified. | Solaris chmod(2) |
| HP-UX | [...] prevents the system from abandoning the swap-space image of the program-text portion of the file when its last user terminates. Then, when the next user of the file executes it, the text need not be read from the file system but can simply be swapped in, thus saving time. | hp-ux chmod(2) |
| Linux | [...] the Linux kernel ignores the sticky bit on files. [...] When the sticky bit is set on a directory, files in that directory may only be unlinked or renamed by root or their owner. | Linux chmod(1) (from 2002) |
| FreeBSD | The FreeBSD VM system totally ignores the sticky bit (ISVTX) for executables. | FreeBSD chmod(2) |
| IRIX | If the sticky bit, S_ISVTX, is set on a file that is a dynamic loader for an ELF executable, then when the executable is execed the old process's read only address spaces will be made available to the dynamic loader in the new process. This can improve program start up time considerably. The setting of the sticky bit on any other file has no effect. | IRIX chmod(2) |
| Mac OS X (Leopard) | The ISVTX (the sticky bit) has no effect on executable files. All optimization on whether text images remain resident in memory is handled by the kernel's virtual memory system. A directory whose 'sticky bit' is set becomes an append-only directory, or, more accurately, a directory in which the deletion of files is restricted. A file in a sticky directory may only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the super-user. This feature is usefully applied to directories such as /tmp which must be publicly writable but should deny users the license to arbitrarily delete or rename each others' files. Any user may create a sticky directory. | Mac OS X sticky(8) |
| NetBSD | The sticky bit can be set on files, but without any effect. It is reserved for future use. | NetBSD sticky(8) |
| OpenBSD | The sticky bit can still be set on files, but without any effect. | OpenBSD sticky(8) |
| SCO UnixWare | If a 0410 executable file has the sticky bit (mode bit 01000) set, the operating system will not delete the program text from the swap area when the last user process terminates. If a 0413 or ELF executable file has the sticky bit set, the operating system will not delete the program text from memory when the last user process terminates. In either case, if the sticky bit is set the text will already be available (either in a swap area or in memory) when the next user of the file executes it, thus making execution faster. | Unixware chmod(2) |
Examples
The sticky bit can be set using the chmodChmod
The chmod command is a Unix command that lets a user tell the system how much access it should permit to a file. It changes the file system modes of files and directories. The modes include permissions and special modes...
command and can be set using its octal mode 1000 or by its symbol t (s is already used by the setuid
Setuid
setuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group...
bit). For example, to add the bit on the directory /usr/local/tmp, one would type chmod +t /usr/local/tmp. Or, to make sure that directory has standard tmp permissions, one could also type chmod 1777 /usr/local/tmp.
To clear it, use chmod -t /usr/local/tmp or chmod 0777 /usr/local/tmp (using numeric mode will also change directory tmp to standard permissions).
Note that with the chmod
Chmod
The chmod command is a Unix command that lets a user tell the system how much access it should permit to a file. It changes the file system modes of files and directories. The modes include permissions and special modes...
command, you can set or clear the setuid
Setuid
setuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group...
and setgid bits with symbolic modes like u+s and g-s. However, with the numeric mode, you can set but not clear the setuid
Setuid
setuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group...
and setgid bits.
In Unix symbolic file system permission
File system permissions
Most current file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem....
notation, the sticky bit is represented by the letter t in the final character-place. For instance, on Solaris 8, the /tmp directory, which by default has the sticky-bit set, shows up as:
$ ls -ld /tmp
drwxrwxrwt 4 root sys 485 Nov 10 06:01 /tmp
If the sticky-bit is set on a file or directory without the execution bit set for the others category (non-user-owner and non-group-owner), it is indicated with a capital T:
# ls -l test
-rw-r--r-- 1 root other 0 Nov 10 12:57 test
# chmod +t test; ls -l test
-rw-r--r-T 1 root other 0 Nov 10 12:57 test