Friday, October 25, 2013


Sticky bit is a bit set in permission of a file or directory to give special access –rights to user. When we set the sticky bit for any executable file, it will remain in swap space after the process exited. It will help to reduce time of execution in repeatedly used programs. So, we can set this sticky bit for frequently used programs like editors, commands etc. So, execution of them will be faster as compared to without sticky bit.
Main important use of sticky bit is on directory, when we set sticky bit for directory then files reside in the directory can delete or rename by owner only. This is helpful not to give access for renaming or deletion to unauthorized user. When sticky bit is not set for directory then any user having permission to write and execute on directory can rename and delete files inside the directory.

Sticky bit behavior or feature changes as per operating system. Linux Kernel ignores the sticky bit on files, it considers only on directories. In HP-UX work on sticky bit as above mentioned. In AIX, if we set the sticky bit for directory then only owner can link or unlink the directory or files specified in the directory.

How to set Sticky bit on file/directory in Linux?

We will set sticky bit by chmod command. For this purpose, we can use octal mode or by its symbol ‘t’. lets go through the example.

//Check the permissions of directory sticky
redhat@localhost:~/mywork$ ls -l
total 4
drwxr-xr-x 2 redhat adm 4096 2013-10-24 15:36 sticky
redhat@localhost:~/mywork$ ls -l sticky/                            //inside directory permissions
total 8
-rwxr-xr-x 1 redhat adm 57 2013-10-24 15:35 stickybit.sh
-rwxr-xr-x 1 redhat adm 57 2013-10-24 15:36 stickybit.sh_bak
//Adding sticky bit in permission by below syntax ..or use - chmod 1755 sticky
redhat@localhost:~/mywork$ chmod +t sticky/                         
redhat@localhost:~/mywork$ ls -l sticky/
total 8
-rwxr-xr-x 1 redhat adm 57 2013-10-24 15:35 stickybit.sh
-rwxr-xr-x 1 redhat adm 57 2013-10-24 15:36 stickybit.sh_bak
redhat@localhost:~/mywork$ ls -l
total 4
drwxr-xr-t 2 redhat adm 4096 2013-10-24 15:36 sticky
//In above line sticky bit added in permissions
redhat@localhost:~/mywork$


Now we have set the sticky bit to directory. Now we will try to remove file or script inside the directory.

//Changing the user. Sandeep and redhat having same group.
redhat@localhost:~/mywork/sticky$ su - Sandeep
Password:
Sandeep@localhost:~$
Sandeep@localhost:~$ pwd
/home/Sandeep
Sandeep@localhost:~$ cd ../redhat            //Change Directory to that sticky bit directory
Sandeep@localhost:/home/redhat$ ls
mywork
Sandeep@localhost:/home/redhat$ ls -l
total 4
drwxr-xr-x 3 redhat adm 4096 2013-10-24 15:39 mywork
Sandeep@localhost:/home/redhat$ cd mywork/
Sandeep@localhost:/home/redhat/mywork$ ls -l
total 4
drwxr-xr-t 2 redhat adm 4096 2013-10-24 15:36 sticky
Sandeep@localhost:/home/redhat/mywork$
Sandeep@localhost:/home/redhat/mywork$ cd sticky/
Sandeep@localhost:/home/redhat/mywork/sticky$ ls
stickybit.sh  stickybit.sh_bak
//Trying to remove sticky bit set directory content ..getting error permission denied
Sandeep@localhost:/home/redhat/mywork/sticky$ rm stickybit.sh
rm: remove write-protected regular file `stickybit.sh'? y
rm: cannot remove `stickybit.sh': Permission denied
Sandeep@localhost:/home/redhat/mywork/sticky$

Permission denied while removing the file which resides into the directory whose sticky bit has been set already. This is the actual use of sticky bit on directory.

How to remove sticky bit of directory/file ?

We need to login by redhat or root user before removing sticky bit then only we can remove the Sticky bit.

redhat@localhost:~/mywork$ ls –l
total 4
drwxr-xr-t 2 redhat adm 4096 2013-10-24 15:36 sticky
//use below syntax or use – chmod 755 sticky
redhat@localhost:~/mywork$ chmod -t sticky/
redhat@localhost:~/mywork$ ls -l
total 4
drwxr-xr-x 2 redhat adm 4096 2013-10-24 15:36 sticky
redhat@localhost:~/mywork$


Drop an email if you have any query regarding the Linux issue or like our page on Facebook and post a query.
Posted by Machindra Dharmadhikari On 10/25/2013 09:29:00 PM No comments READ FULL POST

Wednesday, October 23, 2013

Sticky bit concept and implementation                                      Check CPU usage of file system

SetUID:

SetUID is a set User ID upon execution. We can identify SetUID bit is set or not in permissions of file by long listing the details of file as below.

[linuxconcepts@localhost test]$ cat > setuid.sh
#!/bin/sh
echo "SET USER ID BIT";
date
[linuxconcepts@localhost test]$
[linuxconcepts@localhost test]$ ls -l setuid.sh
-rw-rw-r--. 1 linuxconcepts linuxconcepts 39 Oct 23 12:08 setuid.sh
[linuxconcepts@localhost test]$ chmod 4755 setuid.sh
[linuxconcepts@localhost test]$ ls -l setuid.sh
-rwsr-xr-x. 1 linuxconcepts linuxconcepts 39 Oct 23 12:08 setuid.sh
[linuxconcepts@localhost test]$
//We can set setUID bit by following method as well
[linuxconcepts@localhost test]$ touch setuid1.sh
[linuxconcepts@localhost test]$ ls -l setuid1.sh
-rw-rw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh
[linuxconcepts@localhost test]$ chmod u+s setuid1.sh
[linuxconcepts@localhost test]$ ls -l setuid1.sh
-rwsrw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh
[linuxconcepts@localhost test]$

We can see ‘s’ letter in permission of a setuid.sh file when we change permissions to 4755. We use 4 before actual permission digit to setUID bit to any file.

Benefit: When we set the setUID bit in linux then that script will execute with its owner’s permission. Means if any user is executing that script who have execution permission then it will execute with owner’s permission.

Generally, setUID bit is disabled in most of unix like operating systems because it is unsecure and it gives full access to execute the script.

We can remove setUID bit as follows:

[linuxconcepts@localhost test]$ chmod u-s setuid1.sh
[linuxconcepts@localhost test]$ ls -l setuid1.sh
-rw-rw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh
[linuxconcepts@localhost test]$
SetGID :

SetGID is a set group ID upon execution. It is same as setUID. But setUID is for user and setGID bit is in linux is for group. It can bet set and remove as follows.

[linuxconcepts@localhost test]$ ls -l setuid1.shroup
-rw-rw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh
[linuxconcepts@localhost test]$
[linuxconcepts@localhost test]$ chmod 2755 setuid1.sh
[linuxconcepts@localhost test]$  ls -l setuid1.sh
-rwxr-sr-x. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh
[linuxconcepts@localhost test]$ chmod u-s setuid1.sh
[linuxconcepts@localhost test]$ ls -l setuid1.sh
-rwxr-sr-x. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh
[linuxconcepts@localhost test]$

Generally SetGID or SetUID bit is set for commands or service commands.

You might be interested in other posts. Have a look on it :

Jinfo command to get details about java process                  Jstat command in Linux
Posted by Machindra Dharmadhikari On 10/23/2013 09:41:00 PM No comments READ FULL POST
  • RSS
  • Delicious
  • Digg
  • Facebook
  • Twitter
  • Linkedin
  • Youtube

    Chitika Ads 2

    Histat

    About

    Enter your email address:

    Delivered by FeedBurner