UCF STIG Viewer Logo

The sticky bit must be set on all public directories.


Finding ID Version Rule ID IA Controls Severity
V-218067 RHEL-06-000336 SV-218067r505923_rule Low
Failing to set the sticky bit on public directories allows unauthorized users to delete files in the directory structure. The only authorized public directories are those temporary directories supplied with the system, or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system, and by users for temporary file storage - such as /tmp - and for directories requiring global read/write access.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19548r377216_chk )
To find world-writable directories that lack the sticky bit, run the following command for each local partition [PART]:

# find [PART] -xdev -type d -perm -002 \! -perm -1000

If any world-writable directories are missing the sticky bit, this is a finding.
Fix Text (F-19546r377217_fix)
When the so-called 'sticky bit' is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may remove any file in the directory. Setting the sticky bit prevents users from removing each other's files. In cases where there is no reason for a directory to be world-writable, a better solution is to remove that permission rather than to set the sticky bit. However, if a directory is used by a particular application, consult that application's documentation instead of blindly changing modes.
To set the sticky bit on a world-writable directory [DIR], run the following command:

# chmod +t [DIR]