William H. Magill on 28 Dec 2004 22:19:09 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] what would cause the sticky bits to be set on files?


On 28 Dec, 2004, at 10:48, George Gallen wrote:
we recently had some write issues on some of the files in /tmp,
When I looked at them, both the sticky and other bit was set (rwt on ls for other).
There were quite a few of them.


I corrected it with chmod -R 777 /tmp, that reset all the files fine.

But I'm concerned how they were set in the first place.

Generally, our system is open internally only. With few people with shell access
so I don't feel someone was playing/hacking.


We are running RH 7.2 currently, upgrading isn't an issue at the moment.
This is something that has never come up before either.

The "sticky" bit on a directory is an abomination foisted upon the Unix world by Sun (Bill Joy) and later adopted by everyone (sigh).


Originally, the sticky bit referred to the fact that certain files were to remain in memory after execution, thereby cutting down on diskIO for loads and speeding response. With "modern" kernels, that (virtual) memory management issue is completely moot. Consequently, the sticky bit set on an individual file is completely meaningless on virtually all operating systems today. (However, if I remember correctly, except on Solaris where it means something else ... but it's been along time since I played with Solaris.)

Today, the "sticky" bit refers to the ability of a directory to restrict files contained within it from being deleted by anyone but their creator. (man sticky)

ANYONE can create a sticky directory, anyplace where they have write access. (Similarly, anyone can set the sticky bit "on" for any file they have write access to, even if it is meaningless.)

The /tmp directory itself is normally found with the sticky bit set, and writeable by everyone to allow anyone to create files in it, but to only permit those files to be deleted by their creator.

All that said ...

Yes, the boot process (/etc/rc file) will normally create "/tmp" (/private/var/tmp or /private/tmp depending on the "unix" variant) and/or set the permissions to 01777 because the OS will perform "unexpectedly" if that is not the mode setting.
[ Typically, "pipes" are created in that directory as are "stuff" relating to CUPS and assorted other IPC (interprocess communications) activities. ]



T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]-Tru64 5.1a # XP1000 [Alpha 21264-3 (EV6) - 256 meg] Open BSD 3.6 # XP1000 [Alpha 21264-A (EV 6.7) - 384 meg] FreeBSD magill@mcgillsociety.org magill@acm.org magill@mac.com whmagill@gmail.com


___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug