Linux / UNIX Find All World-Writable Directories Have Sticky Bits Set

by on February 24, 2009 · 1 comment· last updated at February 24, 2009

How do I find out all world writable directories have sticky bits set under CentOS Linux server?

If sticky bit is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may remove any file in the directory. Setting the sticky bit prevents users from removing each other’s files. /tmp directory always set with stick bit on.

You can easily locate all directories which are world-writable and do not have their sticky bits set. The following command will discover and print these for /webroot directory:
# find /webroot -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
If above command produces any output, fix each reported directory /dir using the chmod command (be careful with the following command):
# find /webroot -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print0| xargs -0 chmod +t
OR better solution is review each directory and set permission as per requirements:
# chmod +t /path/to/dir
Personally, I prefer to remove permission from all such directories except required directories such as /tmp. Also some application requires world writable directories. So, if a directory is used by a particular application, consult that application’s documentation instead of blindly changing modes using xargs.



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 1 comment… read it below or add one }

1 EMarsh January 16, 2012 at 5:33 am

Thank you for the tips

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <kbd> <blockquote> <pre> <a href="" title="">

Tagged as: , , , , , , , , , ,

Previous Faq:

Next Faq: