January 30th, 2002

torn sky

UNIX lesson for the day

#define S_ISUID 0004000 /* set user id on execution */
#define S_ISGID 0002000 /* set group id on execution */
#define S_ISVTX 0001000 /* save swapped text even after use */

The ISVTX (the sticky bit) indicates to the system which executable files are shareable (the default) and the system maintains the program text of the files in the swap area. The sticky bit may only be set by the super user on shareable executable files.

If mode ISVTX (the `sticky bit') is set on a directory, an unprivileged user may not delete or rename files of other users in that directory. The sticky bit may be set by any user on a directory which the user owns or has appropriate permissions. For more details of the properties of the sticky bit, see sticky(8).

Writing or changing the owner of a file turns off the set-user-id and set-group-id bits unless the user is the super-user. This makes the sys- tem somewhat more secure by protecting set-user-id (set-group-id) files from remaining set-user-id (set-group-id) if they are modified, at the expense of a degree of compatibility.

This goes out to all the people who thought the set UID/GID flags were called the "sticky bit." No. They're not. If someone tells you that, they're lying. Or an ignorant slob who should not be allowed to admin a UNIX machine. The sticky bit is totally independent of the aforementioned two bits, and has a completely different function.

I realize there are probably about two people reading this that have any idea what I'm talking about, but I just needed to bitch a little bit...