ABC Of AIX

Welcome to the World of AIX learning!!!

Posts Tagged ‘sticky bit

User Administration Concept – III

leave a comment »

This post will discuss about the STICKY BIT concept.

Last post, we discussed about how to set permissions for the users in a group to access a common directory.

This post will cover how to change the group of users U1 and U2 from default STAFF to ABCD.

If you are logged in as admin, use sudo command to login as user U1 and create a folder f3 under directory dir1 and check the file attributes:

# su – U1

# pwd

# cd /dir1

# touch f3

# ls –l f3

This will give the complete information about file f3 which will have attributes listed as below:

-rw-rw-r– 1 U1 staff f3

Which means it’s a file, owners has read and write permissions (value 6), group members has read/write permissions (value 6) and others have only read permissions (value 4), U1 is the owner belonging to staff group and file name is f3.

We need to change the group name for U1 from STAFF to ABCD.

A user is given default group as STAFF. So this needs to be changed to ABCD group. Command used to bring this change is:

# chmod g+s /dir1

This command should be run by admin and not the user.

Once this command is run, admin can login as user and create a file under directory dir1 to check whether the user belong to staff or ABCD group.

Surely after running the above command, user gets mapped to ABCD group as the output looks like:

-rw-rw-r– 1 U1 ABCD f3

STICKY BIT:

Now if the admin wants user U1 can create a file f4 but does not want user U2 who belongs to the same group (ABCD) as U1 and have access to common directory should not be able to delete the file f4 created by user U1, admin needs to apply the logic of sticky bit then.

A sticky bit will prevent any other user from the same group have same permissions as that of the owner in the common directory to execute commands on file created by the owners.

Login as admin and run the following command:

# chmod o+t /dir1

And then check the attributes of dir1:

# ls –ld /dir1

This will give the following output:

drwxrws—T 2 root ABCD /dir1

this can be verified by following these steps:

sudo login as user U1 and create file f4 under dir1:

# su – U1

# pwd

# cd /dir1

# touch f4

# ls –l f4

Output will be:

-rw-rw-r– 1 U1 ABCD f4

# exit

Login as user U2:

# su – U2

# pwd

# cd /dir1

# ls –l

This will list file f4 as:

-rw-rw-r– 1 U1 ABCD f4

Now try deleting the file by running the below command:

# rm –rf f4

OR

# rm –r f4

Error message will appear on screen stating access to delete file f4 is denied because of sticky bit.

So you see, user U2 who belonged to group ABCD and have same permissions as that of owner to access common directory dir1 is still not able to modify/delete the file created by user U1 because of sticky bit.

This sticky bit lasts as long as the session lasts.

With this, I come to the competition of User Administration Concepts.

I hope you had a nice time understanding it.

All thoughts and reflections are welcomed.

Till then,

Happy Learning!

Written by RA

March 6, 2012 at 5:40 am