Ubuntu – the “t” letter in the output of “ls -ld /tmp”

permissionstmp

When running the command ls -ld /tmp, the output would be:

drwxrwxrwt 30 root root 20480 Mar 11 14:17 /tmp

So I have two main questions:

What is the letter t after the permissions?
As far as I know /tmp is used to create temporary files related to
different users in the system, so how come it has permission rwxrwxrwx (777)?

This seems wrong for me. Please I need your help to understand what is going here.

Best Answer

So what is the sticky bit?

A sticky bit is a permission bit that is set on a directory that allows only the owner of the file within that directory, the owner of the directory or the root user to delete or rename the file. No other user has the needed privileges to delete the file created by some other user.

This is a security measure to avoid deletion of critical folders and their content (sub-directories and files), though other users have full permissions.

Why does `/tmp` have the `t` sticky bit?

The /tmp directory can be used by different Linux users to create temporary files. Now, what if an user deletes/rename a file created by some other user in this directory?

Well, to avoid these kind of issues, the concept of sticky bit is used. So for that a 777 is given but preserving the sticky bit is not a bad idea.

How can I setup the sticky bit for a directory?

I'll set a sticky bit on a directory called test on my Desktop.

Symbolic way (t represents the sticky bit):

chmod o+t ~/Desktop/test

chmod +t ~/Desktop/test

Numerical/octal way (1, sticky bit bit as value 1 in the first position)

chmod 1757 ~/Desktop/test

Now let us test the results:

ls -li ~/Desktop/test

1551793 drwxrwxrwt 45 hadi hadi 20485 Mar 11 14:35 ~/Desktop/test

To delete/Remove a sticky bit

chmod o-t ~/Desktop/test

Now let us test the results:

ls -li ~/Desktop/test

1551793 drwxrwxrwx 45 hadi hadi 20485 Mar 11 14:35 ~/Desktop/test

Source: “What is a sticky Bit and how to set it in Linux?” at The Linux Juggernaut

Related Solutions

Ubuntu – How to you know if executing a program requires root

Sometime, it's in the code. For example, midway of hwclock.c, you'll find:

if (getuid() == 0)
            permitted = TRUE;
else {
            /* program is designed to run setuid (in some situations) */
            if (set || systohc || adjust) {
                    warnx(_("Sorry, only the superuser can change "
                            "the Hardware Clock."));
[...]

which will change the behavior of the program if you're root or not.

In most other cases, it's implicit; delegated to the kernel. For example, if the program calls the system call that let you reboot the system, it will work only if you are root. If you are not root, you will have a "permission denied" error that the application (if well written) simply reports to you. Or you are trying to delete a file; if you have the right permission on the file to do it, it will succeed; if not, it depends if you are root or not --- when rm calls unlink() the kernel will check permissions.

So no, in principle you can't say just looking at the permission of the executable if the program requires root privileges or not. A lot of programs will require them only for some operation, so it will be really difficult to do something like that. The case of hwclock is one (anyone can read the clock but only root can set it), but there are hundreds of them (kill, rm, cat... )

Then there is the related and interesting world of setuid programs...