1

I've got a CentOS server that performs a few dedicated tasks, where different processes/users need to full access to each others files. As these files are temporary in nature, they are stored in the /tmp directory.

The /tmp directory has the sticky bit set by default. So for my scenario, I disable the sticky bit, otherwise process/user B cannot delete the file created by process/user A - and it should be able to do that, because A merely provides B and only after B is finished, the file can be deleted.

chmod -t /tmp

So far so good! However, every time I reboot the machine, it automatically sets the sticky bit again, and I have the remove it once more.

I've been thinking about creating another directory for these files, but that does not seem quite necessary to me, since, as I said, the server performs a few dedicated tasks, ie. there's not much going on besides A and B doing their jobs.

But in what way can I remove the sticky bit and let it be persistent? If it cannot be done with chmod then how?

Improve this question

2 Answers 2

Reset to default
6

Use a different directory, not /tmp.

The sticky bit will always be added to /tmp at boot by systemd, which recreates the directory every boot.

It's unwise to remove the sticky bit, because that prevents anything else from using /tmp. And many other things do use /tmp, even though their use may not be obvious, and even though you may have very little running on the server. Having the sticky bit removed will come back to bite you, sooner or later.

All you really need is for B to be able to delete a file that A creates. Because being able to delete a file is controlled by the write permissions of the containing directory, all you need to do is to create a directory that both A and B can write to. You could do this with ACLs or group membership.

Improve this answer
2
  • 'The sticky bit will always be added to /tmp at boot by systemd' This was the info I couldn't quite find, thanks. Yes, then it makes more sense to create a different directory for these files. I've been using this process for years though without issue.
    – kasimir
    Commented Dec 10, 2018 at 15:05
  • 1
    You can also look into systemd's tmpfiles.d functionality to automatically create a temporary directory for you every time the system boots.
    – Michael Hampton
    Commented Dec 10, 2018 at 16:30
0

On RHEL and CentOS, /etc/cron.daily/tmpwatch is triggered daily to cleanup and fixup /tmp. If you really want to override the default permissions on /tmp, you can do so by modifying the content of that file.

Rather modify /tmp directly or its configuration/setup, create a sub-directory and apply appropriate permissions to that using a combination of groups and group permissions. If the data is not sensitive and you are not risk averse, you can open up the permissions to permit anyone to delete the files.

Improve this answer
3
  • '/etc/cron.daily/tmpwatch is triggered daily to cleanup and fixup /tmp' Either this is not running or does not 'fix' the sticky bit, because it only happens on reboot. Good idea though, creating a subdirectory within /tmp.
    – kasimir
    Commented Dec 10, 2018 at 15:01
  • 1
    You must be on CentOS 7 then. I know this comment is way late but the configuration for /tmp is located here: $ cat /usr/lib/tmpfiles.d/tmp.conf # Clear tmp directories separately, to make them easier to override v /tmp 1777 root root 10d v /var/tmp 1777 root root 30d
    – Iyad K
    Commented Aug 18, 2019 at 0:54
  • Thanks for the tip, @lyad K! I still have the same setup (takes a bit of effort to rearrange, and it has no real priority...) and once in a while have to reset the sticky bit, so this is still quite useful!
    – kasimir
    Commented Aug 21, 2019 at 19:15

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .