STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Solaris 11 SPARC Security Technical Implementation Guide

V-216417

CAT II (Medium)

The sticky bit must be set on all world writable directories.

Rule ID

SV-216417r959010_rule

STIG

Solaris 11 SPARC Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

Files in directories that have had the "sticky bit" enabled can only be deleted by users that have both write permissions for the directory in which the file resides, as well as ownership of the file or directory, or have sufficient privileges. As this prevents users from overwriting each others' files, whether it be accidental or malicious, it is generally appropriate for most world-writable directories (e.g., /tmp).

Check Content

The root role is required.

Identify all world-writable directories without the "sticky bit" set.

# find / \( -fstype nfs -o -fstype cachefs -o -fstype autofs \
   -o -fstype ctfs -o -fstype mntfs -o -fstype objfs \
   -o -fstype proc \) -prune -o -type d \( -perm -0002 \
   -a ! -perm -1000 \) -ls

Output of this command identifies world-writable directories without the "sticky bit" set.  If output is created, this is a finding.

Fix Text

The root role is required.

Ensure that the "sticky bit" is set on any directories identified during the check steps.

# chmod +t [directory name]