Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!nrl-cmf!ukma!xanth!mcnc!ece-csc!ncrcae!ncrlnk!uunet!mcvax!hp4nl!uva!betty!dik
From: dik@uva.UUCP (Casper H.S. Dik)
Newsgroups: comp.unix.questions
Subject: Re: File Write Permission Rules
Keywords: file write permission rules
Message-ID: <634@uva.UUCP>
Date: 12 Feb 89 16:26:29 GMT
References: <306@wubios.wustl.edu} <249@ibd.BRL.MIL> <1995@lindy.Stanford.EDU> <632@uva.UUCP> <950@philmds.UUCP>
Sender: news@uva.UUCP
Reply-To: dik@uva.UUCP (Casper H.S. Dik)
Organization: Faculteit Wiskunde & Informatica, Universiteit van Amsterdam
Lines: 53

In article <950@philmds.UUCP} leo@philmds.UUCP (Leo de Wit) writes:
}In article <632@uva.UUCP> dik@uva.UUCP (Casper H.S. Dik) writes:
}|If you have 4.3BSD, SunOS 4.x etc the solution is even more obvious:
}|Set the sticky bit on your directory. This prevents people other than
}|the owner of the file or the owner of the directory in which the link
}|resides to unlink or rename the link.
}
}A pity (is it really?) that ordinary users are not allowed to set
}'sticky mode', this makes it hard to use by anyone but root. I fail to
}understand what the possibility of unlinking has to do with sticky bits
}(but then, you can fill me in); I thought that a sticky bit keeps a
}file on the swap disk, once it is loaded.
}

Well it used to be only effective on executables.
But with 4.3BSD(?) came the sticky bit for directories.

Every user can set the sticky bit of a directory.

Apparently someone somewhere noticed an unused bit in the mode word
for directories. (With SunOS 4.x, I understand, you can even make
directories setuid or setgid)

The name sticky still is appropriate because files 'stick' to 
the directory they are in.

This feature is new, so few people know about it (I think).

sticky(8) from SunOS 3.5 says:

     A directory for which the  `sticky  bit'  is  set  restricts
     deletion of files it contains.  A file in a sticky directory
     may only be removed or renamed by a user who has write  per-
     mission on the directory, and either owns the file, owns the
     directory, or is the super-user.  This is useful for  direc-
     tories  such  as  /tmp, which must be publicly writable, but
     which should deny users  access  to  arbitrarily  delete  or
     rename the files of others.

     Any user may create a sticky directory.  Only the super-user
     can set the sticky bit on a non-directory file.




}	Leo.


--cd
----------------------------------------------------------------------------
Casper H.S. Dik
University of Amsterdam     |		      dik@uva.uucp
The Netherlands             |                 ...!uunet!mcvax!uva!dik