Linux Sticky Bit Explained — chmod 1777 and /tmp Security

What Is the Sticky Bit?

The sticky bit is a special permission bit that restricts file deletion within a directory. When set on a directory, only the following users can rename or delete files within it:

1. The file owner
2. The directory owner
3. The root user

This applies even if other users have write permission on the directory.

The /tmp Example

The most well-known use of the sticky bit is the /tmp directory:

$ ls -ld /tmp
drwxrwxrwt 15 root root 4096 Jan 01 00:00 /tmp

Notice the t at the end of the permissions. This is the sticky bit in action:

• Everyone can create files in /tmp (rwx for all)
• But users can only delete their own files

Without the sticky bit, any user could delete any other user's temporary files, which would break many programs.

Setting the Sticky Bit

# Using symbolic notation
chmod +t /shared/directory
chmod o+t /shared/directory

# Using octal notation (prefix with 1)
chmod 1777 /tmp
chmod 1775 /shared/directory

# Verify
ls -ld /shared/directory
# drwxrwxr-t ...

Sticky Bit Display

In ls -l output, the sticky bit appears in the others execute position:

• t (lowercase): Sticky bit + execute permission for others
• T (uppercase): Sticky bit WITHOUT execute permission for others

Practical Use Cases

# Shared upload directory
mkdir /var/uploads
chmod 1777 /var/uploads

# Shared project temp directory
mkdir /project/tmp
chmod 1770 /project/tmp   # Only group members, with sticky bit

Sticky Bit on Files

On modern Linux, the sticky bit on regular files has no effect. It was historically used on older Unix systems to keep frequently used programs in swap space for faster loading.