I’ve got a CentOS server that performs a few dedicated tasks, where different processes/users need to full access to each others files. As these files are temporary in nature, they are stored in the
/tmp directory has the sticky bit set by default. So for my scenario, I disable the sticky bit, otherwise process/user B cannot delete the file created by process/user A – and it should be able to do that, because A merely provides B and only after B is finished, the file can be deleted.
chmod -t /tmp
So far so good! However, every time I reboot the machine, it automatically sets the sticky bit again, and I have the remove it once more.
I’ve been thinking about creating another directory for these files, but that does not seem quite necessary to me, since, as I said, the server performs a few dedicated tasks, ie. there’s not much going on besides A and B doing their jobs.
But in what way can I remove the sticky bit and let it be persistent? If it cannot be done with
chmod then how?
Use a different directory, not
The sticky bit will always be added to
/tmp at boot by systemd, which recreates the directory every boot.
It’s unwise to remove the sticky bit, because that prevents anything else from using
/tmp. And many other things do use
/tmp, even though their use may not be obvious, and even though you may have very little running on the server. Having the sticky bit removed will come back to bite you, sooner or later.
All you really need is for B to be able to delete a file that A creates. Because being able to delete a file is controlled by the write permissions of the containing directory, all you need to do is to create a directory that both A and B can write to. You could do this with ACLs or group membership.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.