Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 

 
 

Sticky Bit Tips

Linux Tips by Burleson Consulting

The sticky bit is used for shared directories to prevent users from renaming or deleting each others? files.  The only users who can rename or delete files in directories with the sticky bit set are the file owner, the directory owner, or the super-user (root).  The sticky bit is represented by the letter t in the last position of the other permissions display.

SUID

Set user ID, is used on executable files to allow the executable to be run as the file owner of the executable rather than as the user logged into the system.

SUID can also be used on a directory to change the ownership of files created in or moved to that directory to be owned by the directory owner rather than the user who created it.

SGID

Set group ID, used on executable files to allow the file to be run as if logged into the group (like SUID but uses file group permissions).

SGID can also be used on a directory so that every file created in that directory will have the directory group owner rather than the group owner of the user creating the file.

Table 6.3: Special permission mode settings and their descriptions

The following example displays the SUID permission mode that is set on the passwd command, indicated by the letter s in the last position of the user permission display.  Users would like to be able to change their own passwords instead of having to ask the System Administrator to do it for them.  Since changing a password involves updating the /etc/passwd file which is owned by root and protected from modification by any other user, the passwd command must be executed as the root user.

The which command will be used to find the full path name for the passwd command, then the attributes of the passwd command will be listed, showing the SUID permission(s).

The SUID Special Permission Mode

$ which passwd
/usr/bin/passwd
$ ls -l /usr/bin/passwd
-r-s--x--x    1 root     root        17700 Jun 25  2004 /usr/bin/passwd

Here we see not only that the SUID permissions are set up on the passwd command but also that the command is owned by the root user.  These two factors tell us that the passwd command will run with the permissions of root regardless of who executes it.

These special modes can be very helpful on multi-user systems.  To set or unset the sticky bit use the the t option with the chmod command.  When setting the sticky bit we do not have to specify if it is for user, group or other.  In the following example we will make a directory called public which anyone can write to but we'll use the sticky bit to make sure only the file owners can remove their own files.

$ mkdir public
$ chmod 777 public
$ chmod +t public
$ ls -l
total 4
drwxrwxrwt    2 tclark   authors     4096 Sep 14 10:45 public

We see that the last character of the permissions string has a t indicating the sticky bit has been set.  We could also prepend the number 1 to the chmod command using the number to achieve the same results.  The following chmod command will accomplish the same thing as the two chmod commands in the last example:

$ chmod 1777 public
$ ls -l
total 4
drwxrwxrwt    2 tclark   authors      4096 Sep 14 10:45 public

Now let's say we instead want to make a directory which other users can copy files but which we want the files to instantly become owned by our username and group.  This is where the SUID and SGID options come in.

$ mkdir drop_box
$ chmod 777 drop_box
$ chmod u+s,g+s drop_box
$ ls -l
total 4
drwsrwsrwx    2 tclark   authors      4096 Sep 14 10:55 drop_box

Now anyone can move files to this directory but upon creation in drop_box they will become owned by tclark and the group authors.  This example also illustrates how you can change multiple levels of permissions with a single command by separating them with a comma.  Just like with the other permissions this could have been simplified into one command using the SUID and SGID numeric values (4 and 2 respectively.)  Since we are changing both in this case we use 6 as the first value for the chmod command.

$ chmod 6777 drop_box/
$ ls -l
total 4
drwsrwsrwx    2 oracle   users        4096 Sep 14 10:55 drop_box

Chmod and sticky bits

There are a few special permission mode settings that are worthy of noting. Note that the Set UID and Set GID permissions are disabled in some operating systems for security reasons.
 

Mode Description
Sticky bit Used for shared directories to prevent users from renaming or deleting each others? files. The only users who can rename or delete files in directories with the sticky bit set are the file owner, the directory owner, or the super-user (root). The sticky bit is represented by the letter t in the last position of the other permissions display.
SUID Set user ID, used on executable files to allow the executable to be run as the file owner of the executable rather than as the user logged into the system.
SUID can also be used on a directory to change the ownership of files created in or moved to that directory to be owned by the directory owner rather than the user who created it.
SGID Set group ID, used on executable files to allow the file to be run as if logged into the group (like SUID but uses file group permissions).
SGID can also be used on a directory so that every file created in that directory will have the directory group owner rather than the group owner of the user creating the file.

The following example displays the SUID permission mode that is set on the passwd command, indicated by the letter s in the last position of the user permission display. Users would like to be able to change their own passwords instead of having to ask the System Administrator to do it for them. Since changing a password involves updating the /etc/passwd file which is owned by root and protected from modification by any other user, the passwd command must be executed as the root user.

The which command will be used to find the full path name for the passwd command, then the attributes of the passwd command will be listed, showing the SUID permission(s).

$ which passwd
/usr/bin/passwd
$ ls -l /usr/bin/passwd
-r-s?x?x 1 root root 17700 Jun 25 2004 /usr/bin/passwd

Here we see not only that the SUID permissions are set up on the passwd command but also that the command is owned by the root user. These two factors tell us that the passwd command will run with the permissions of root regardless of who executes it.

These special modes can be very helpful on multi-user systems. To set or unset the sticky bit use the the t option with the chmod command. When setting the sticky bit we do not have to specify if it is for user, group or other. In the following example we will make a directory called public which anyone can write to but we?ll use the sticky bit to make sure only the file owners can remove their own files.

$ mkdir public
$ chmod 777 public
$ chmod +t public
$ ls -l
total 4
drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public

We see that the last character of the permissions string has a t indicating the sticky bit has been set. We could also prefix the number 1 to the chmod command using the number to achieve the same results. The following chmod command will accomplish the same thing as the two chmod commands in the last example:

$ chmod 1777 public
$ ls -l
total 4
drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public

Now let?s say we instead want to make a directory which other users can copy files but which we want the files to instantly become owned by our username and group. This is where the SUID and SGID options come in.

$ mkdir drop_box
$ chmod 777 drop_box
$ chmod u+s,g+s drop_box
$ ls -l
total 4
drwsrwsrwx 2 tclark authors 4096 Sep 14 10:55 drop_box

Now anyone can move files to this directory but upon creation in drop_box they will become owned by tclark and the group authors. This example also illustrates how you can change multiple levels of permissions with a single command by separating them with a comma. Just like with the other permissions this could have been simplified into one command using the SUID and SGID numeric values (4 and 2 respectively.) Since we are changing both in this case we use 6 as the first value for the chmod command.

$ chmod 6777 drop_box/
$ ls -l
total 4
drwsrwsrwx 2 oracle users 4096 Sep 14 10:55 drop_box

 

This is an excerpt from "Easy Linux Commands" by Linux guru Jon Emmons.  You can purchase it for only $19.95 (30%-off) at this link.


 

 

??
 
  
 
 
 

 
 
 

Oracle training Excel
 
Oracle performance tuning software 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright ? 1996 -  2014

All rights reserved by Burleson

Oracle ? is the registered trademark of Oracle Corporation.