[ Team LiB ] |
Recipe 7.2 Securing a Shared Directory7.2.1 ProblemYou want a directory in which anybody can create files, but only the file owners can delete or rename them. (For example, /tmp, or an ftp upload directory.) 7.2.2 SolutionSet the sticky bit on a world-writable directory: $ chmod 1777 dirname 7.2.3 DiscussionNormally, anyone can delete or rename files in a world-writable directory, mode 0777. The sticky bit prevents this, permitting only the file owner, the directory owner, and the superuser to delete or rename the files.[1]
The sticky bit has a completely different meaning for files, particularly executable files. It specifies that the file should be retained in swap space after execution. This feature was most useful back in the days when RAM was scarce, but you'll hardly see it nowadays. This has nothing to do with our recipe, just a note of historical interest. 7.2.4 See Alsochmod(1). |
[ Team LiB ] |