Site icon New Generation Enterprise Linux

Enforcing Mandatory File Integrity with Sticky Bits

Permissions & Security (Chmod/Chown/ACLs/SELinux/AppArmor)

Enforcing Mandatory File Integrity with Sticky Bits

đź§© The Challenge

You have a shared directory where multiple users need to collaborate, but you want to ensure that users can only delete or rename files they personally own. Standard group write permissions allow any member to delete or overwrite files belonging to others, which is often undesirable for shared workspaces.

đź’ˇ The Fix

Apply the sticky bit to the directory, which restricts the deletion and renaming of files to only the file owner, the directory owner, or the superuser.

chmod +t /path/to/shared/directory

⚙️ Why It Works

The sticky bit, represented by the +t flag, alters the directory’s permission logic so that file removal is governed by ownership rather than just the directory’s write permissions.

🚀 Pro-Tip: You can verify the sticky bit is active by checking if the output of ls -ld ends with a lowercase t in the permissions string.

Linux Tips & Tricks | © ngelinux.com | 7/6/2026

0 0 votes
Article Rating
Exit mobile version