UNIX directory access permissions say that if a user has write permission on a directory, she can rename or remove files there–even files that don't belong to her (see article 22.11). Many newer versions of UNIX have a way to stop that. The owner of a directory can set its sticky bit ( 1000). The only people who can rename or remove any file in that directory are the file's owner, the directory's owner, and the superuser.
Here's an example: the user jerry makes a world-writable
directory and sets the sticky bit (shown as
chmod 1777 sharejerry%
ls -ld sharedrwxrwxrwt 2 jerry ora 32 Nov 19 10:31 share
Other people create files in it. When jennifer tries to remove a file that belongs to ellie, she can't:
ls -ltotal 2 -rw-r--r-- 1 ellie ora 120 Nov 19 11:32 data.ellie -rw-r--r-- 1 jennifer ora 3421 Nov 19 15:34 data.jennifer -rw-r--r-- 1 peter ora 728 Nov 20 12:29 data.peter jennifer%
rm data.elliedata.ellie: 644 mode ?
yrm: data.ellie not removed. Permission denied
|22.5 Group Permissions in a Directory with the setgid Bit||22.7 Using chmod to Change File Permission|