Why do mount, ping and su have a sticky bit set?

Question

In /bin most binaries don't have a sticky bit set except for: fusermout, mount, umount, ping, ping6 and su.

Why are these ones not supposed to be deleted or renamed? Is it because they are used in certain critical scripts and if so, does that mean all other binaries aren't vital and the system could work without them?

Answer 1

That's not the sticky bit, that's the setuid bit. A sticky bit usually applies to directories, you can see that in /tmp for example:

$ stat -c '%A %n' /tmp /bin/ping /usr/bin/crontab 
drwxrwxrwt /tmp
-rwsr-xr-x /bin/ping
-rwxr-sr-x /usr/bin/crontab

The t indicates a sticky bit, an s in user modes indicate setuid and an s in group modes indicate setgid.

The setuid bit makes the command be run as the user who owns the file, usually root. This is done because:

• ping and ping6 need root access to use raw sockets. See this Super User post and this Unix & Linux post. As the SU answer notes, some distros now use capabilities instead of setuid — my Arch Linux system doesn't have setuid on ping.
• su needs root access to switch to an arbitrary user
• mount (and umount, etc.) need setuid to mount things that are specified as being mountable by anybody (via users option in /etc/fstab) (see this Unix & Linux answer)

• crontab is setgid, since the crontab files are stored in a location only writable by root and the crontab group:

  $ stat -c '%A' /var/spool/cron/crontabs
  drwx-wx--T
  

  (note: the crontab directory is also sticky.)

Also see:

• What is the first number for in a 4-number chmod argument (such as `chmod 4555`)?