What is the sticky bit's purpose? Added: 08/23/01
A 't' or 'T' as the last character of the "ls -l" mode characters
indicates that the "sticky" (save text image) bit is set. See ls(1) for
an explanation the distinction between 't' and 'T'.
The sticky bit has a different meaning, depending on the type of file it
is set on...
sticky bit on directories
=========================
[From chmod(2)]
If the mode bit S_ISVTX (sticky bit) is set on a directory, files
inside the directory may be renamed or removed only by the owner of
the file, the owner of the directory, or the superuser (even if the
modes of the directory would otherwise allow such an operation).
[Example]
drwxrwxrwt 104 bin bin 14336 Jun 7 00:59 /tmp
sticky bit on regular files
===========================
[From chmod(2)]
If an executable file is prepared for sharing, mode bit S_ISVTX prevents
the system from abandoning the swap-space image of the program-text
portion of the file when its last user terminates. Then, when the next
user of the file executes it, the text need not be read from the file
system but can simply be swapped in, thus saving time.
[From HP-UX Kernel Tuning and Performance Guide]
Local paging. When applications are located remotely, set the "sticky
bit"
on the applications binaries, using the chmod +t command. This tells the
system to page the text to the local disk. Otherwise, it is "retrieved"
across the network. Of course, this would only apply when there is actual
paging occurring. More recently, there is a kernel parameter,
page_text_to_local, which when set to 1, will tell the kernel to page all
NFS executable text pages to local swap space.
[Example]
-r-xr-xr-t 6 bin bin 24111111111664 Nov 14 2000
/usr/bin/vi
sticky bit on symlinks
======================
In HP-UX 10.0 and later, a symbolic link that has its sticky bit set is
called a transition link (i.e. links to ease the transition to the new
SVR4 filesystem layout). Transition links are a bit faster, because the
linked-to filename is stored in the inode itself, instead of using an
allocation unit to store the link. For more info on the purpose for
transition links, see the tlinstall(update_aid) manpage.
In order to set the sticky bit on a symlink, one must use the
undocumented
lchmod system call (i.e. lchmod("/bin", 041777)).
[Example]
lr-xr-xr-t 1 root sys 8 Jun 7 01:00 /bin ->
/usr/bin
------------------------------
5.1.10 Does HP-UX have a /dev/random, /dev/urandom, or similar device?
Updated: 09/12/03
Yes, at least for 11.11.
The Strong Random Number Generator provides a secure, non-reproducible
source of true random numbers for applications with strong security
requirements, such as for generating encryption keys. The /dev/random
and /dev/urandom files created by this product allow the read(2) system
call to retrieve strong random binary sequences of up to 256 bytes.
This interface is compatible with that provided by the Linux /dev/random
and /dev/urandom special files. The Strong RNG can be downloaded for free
from:
o
http://software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=KRNG11I
A technical white paper on the Strong RNG is available at:
o http://newfdawg.com/SSHpart5.htm
There are a few alternatives for other versions of HP-UX...
For limited purposes, one can always use the POSIX shell's $RANDOM to
receive a random integer between 0 and 32768.
Another option is a daemon from Lutz Jaenicke that can act as a
replacement for a true random device:
o
<http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html>
Additionally, there is a hardware crypto accelerator card that also has
it's own random device. At least through the bundled APIs, this device
should be usable by applications. HP order numbers are as follows:
o Praesidium Public Key Cryptography (PKC) Accelerator Card HSC Format
for K Class - A5484A
o Praesidium Public Key Cryptography (PKC) Accelerator Card HSC Format
for D and R Class - A5485A
o Praesidium Public Key Cryptography (PKC) Accelerator Card PCI Format
for K Class - A5486A
This card purchase is subject to U.S. munitions laws. The card is is
available for shipment in the U.S. and Canada. Application for
restricted
worldwide shipment pending with the U.S. government.
The card is a Rainbow Swift, manufactured by Rainbow Technologies
(<http://www.rainbow.com/cryptoswift/>), aka IVEA, which also has a
UK subsidiary.
| Home | FAQ |
XML Feeds