You have heard of the immutable bit and want to know how it is different from the sticky bit. What is the immutable bit versus the sticky bit? What are the differences between the two?
We like the term "immutable flag" as opposed to "immutable bit" to help distinguish the two. We have three parts to explain this.
Part 1: What is the immutable flag?
If you have a file called foobar, run this command:
You should see something like this:
Now set the immutable flag:
sudo chattr +i foobar
List the attributes again by running this:
You will now see something like this:
The immutable flag keeps even the root user from deleting a file. Any
rm command on foobar will fail -- even with the
sudo before the command. To remove the immutable flag, run this command first:
sudo chattr -i foobar
Now the file foobar can be deleted. Using the
ls -lh command on the files above before and after you set the immutable flag, you will find that the sticky bit is never set or unset. The immutable flag will prevent the file from being modified or deleted. A file having this attribute will also be hidden from
ls -lh command results.
Part 2: What is the sticky bit?
It can describe a quality called a "restricted deletion directory" (as The Linux Bible does on page 268). To learn how it works, run this command on a given file (where foobar is the name of the file):
ls -lh foobar
You will see permissions like this:
Now set the sticky bit with this command:
chmod o+t foobar
Run this command on a given file (where foobar is the name of the file):
ls -lh foobar
You will see the permissions look like this:
Now remove the sticky bit with this command:
chmod o-t foobar
lsattr in between setting and unsetting the sticky bit, you will see no change to the immutable flag.
While the sticky bit is set and the directory is in a directory not owned by the user you are logged in as, you will not be able to delete the directory unless you are root. The sticky bit is ideal if you log in as root or manage other users on the Linux server and want a directory to never be deleted. If you want users to be able to troubleshoot but they cannot delete a file and know how to use
ls -lh but may not be inclined to use
lsattr commands, the sticky bit can be ideal.
The sticky bit can be known as "the saved-text bit" (according to page 300 of The Linux Programming Interface).
Part 3: Contrasting the two
The sticky bit, to be effective, depends on the permissions of the parent directory -- otherwise the file can be deleted by a user. To circumvent the immutable flag, one must use the chattr flag -- otherwise the file cannot be deleted. For preserving a file from deletion, the stronger method would be using the immutable flag. There are times when the sticky bit is more practical for a systems administrator's needs.