Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

Notes about set-gid and sticky bits for directories

I can never remember how the set-gid and sticky bits work on directories, so I finally spent some time to re-read man (but had to resort to info) about chmod. This is my cheat sheet.

set-gid

Setgid (octal permission 2000) makes new files in the directory owned by the group that owns the directory. This is very useful for teams.

How to set

chmod g+s thisdir
chmod 2770 thisdir

How to clear

chmod g-s thisdir
chmod 00770 thisdir

sticky bit, or restricted deletion

Sticky bit (octal permission 1000) on a directory prevents Bob from deleting a file owned by Alice. Even if the directory is owned by one of Bob's groups and is writable, Bob cannot delete the Alice's files. This is particulary helpful for the /tmp directory. Check it out:

$ ls -lad /tmp
drwxrwxrwt. 4 root root 120 Jan 23 09:40 /tmp

How to set sticky bit

chmod a+t thisdir
chmod 1770 thisdir

How to clear

chmod a-t thisdir
chmod 00770 thisdir

According to info coreutils chapter 27.4, "Directories and the Set-User-ID and Set-Group-ID Bits," gnu chmod needs a 5-digit octal to clear this bit. Basically, if it's worth setting set-gid, you should throw in sticky bit.

chmod 03770 thisdir

Comments