What Is The Immutable Bit vs. The Sticky Bit?

Problem scenario
You have heard of the immutable bit and want to know how it is different from the sticky bit. What is the immutable bit versus the sticky bit? What are the differences between the two?

We like the term "immutable flag" as opposed to "immutable bit" to help distinguish the two. We have three parts to explain this.

Part 1: What is the immutable flag?

If you have a file called foobar, run this command: lsattr foobar

You should see something like this: -------------e-- foobar

Now set the immutable flag: sudo chattr +i foobar

List the attributes again by running this: lsattr foobar

You will now see something like this: ----i--------e-- foobar

The immutable flag keeps even the root user from deleting a file. Any rm command on foobar will fail -- even with the sudo before the command. To remove the immutable flag, run this command first:

sudo chattr -i foobar

Now the file foobar can be deleted. Using the ls -lh command on the files above before and after you set the immutable flag, you will find that the sticky bit is never set or unset. The immutable flag will prevent the file from being modified or deleted. A file having this attribute will also be hidden from ls -lh command results.

Part 2: What is the sticky bit?
It can describe a quality called a "restricted deletion directory" (as The Linux Bible does on page 268). To learn how it works, run this command on a given file (where foobar is the name of the file): ls -lh foobar

You will see permissions like this: -rw-rw-r--

Now set the sticky bit with this command: chmod o+t foobar

Run this command on a given file (where foobar is the name of the file): ls -lh foobar

You will see the permissions look like this: -rw-rw-r-T

Now remove the sticky bit with this command: chmod o-t foobar

Using the lsattr in between setting and unsetting the sticky bit, you will see no change to the immutable flag.

While the sticky bit is set and the directory is in a directory not owned by the user you are logged in as, you will not be able to delete the directory unless you are root. The sticky bit is ideal if you log in as root or manage other users on the Linux server and want a directory to never be deleted. If you want users to be able to troubleshoot but they cannot delete a file and know how to use ls -lh but may not be inclined to use lsattr commands, the sticky bit can be ideal.

The sticky bit can be known as "the saved-text bit" (according to page 300 of The Linux Programming Interface).

Part 3: Contrasting the two
The sticky bit, to be effective, depends on the permissions of the parent directory -- otherwise the file can be deleted by a user. To circumvent the immutable flag, one must use the chattr flag -- otherwise the file cannot be deleted. For preserving a file from deletion, the stronger method would be using the immutable flag. There are times when the sticky bit is more practical for a systems administrator's needs.

Leave a comment

Your email address will not be published. Required fields are marked *