HPE Community
Operating System - HP-UX
1849998 Members
2716 Online
104049 Solutions
New Discussion

Re: Sticky bit

 
Don Bowne
Occasional Advisor

‎12-13-2000 12:32 PM

‎12-13-2000 12:32 PM

Sticky bit

A software vendor reciently requested a sticky bit on an nfs exported directory be changed to 2655 from 777 . Is this going to open a security hole? . The oner of the directory is a power user.
0 Kudos
Reply
3 REPLIES 3
James R. Ferguson
Acclaimed Contributor

‎12-13-2000 01:50 PM

‎12-13-2000 01:50 PM

Re: Sticky bit

Don:

The current permissions are 0777 (rwxrwxrwx) without any setuid, setgid or sticky bit set.

By migrating to 2655 you are setting the SETGID bit on the directory to force files created in that directory to inherit the group id of the parent directory rather than the user who creates them. Based on the contents and the usage of this directory, you can decide how this impacts your security needs.

If the sticky bit were set on the directory, then users could only remove files for which they had explicit write permission.

See the man pages for 'chmod'.

...JRF...
0 Kudos
Reply
Dan Hetzel
Honored Contributor

‎12-13-2000 10:00 PM

‎12-13-2000 10:00 PM

Re: Sticky bit

Hi Don,

The permissions you're showing are unrelated to the STICKY BIT.

Here is a short list:
4xxx SETUID
2xxx SETGID
1xxx STICKY BIT

They add-up, so 6xxx is SETUID and SETGID

A filesystem with a STICKY BIT set, would prevent a user to delete a file for which he doesn't have write permission.

A 'man chmod' will tell you that, and a lot more...

Best regards,

Dan
Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
0 Kudos
Reply
John Waller
Esteemed Contributor

‎12-14-2000 12:38 AM

‎12-14-2000 12:38 AM

Re: Sticky bit

If anything this is going to close a security hole. at 777 anybody can create delete stuff in the directory 2655 removes the write permission for group and other so only the owner of the directory can create new files. By setting a sticky bit on the group bit I suspect that the directory has been modified to a different group ID from the default group of the owner , eg User root and group data rather than group sys.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.