1700
Sticky Bit + 700
1700 combines:
- **Sticky Bit (
1) only file owner/root can delete files in directory - Owner:
rwx - Group:
-- - Others:
--
Effect: Owner-only full access, group and others have zero access, and sticky prevents other users from deleting files if they ever gained write access.
This mode is essentially **private secure directory with sticky protection extremely restrictive.
Typical usage: **private temp/work directory for a privileged service account, not for WordPress runtime folders.
Objective
Learn 1700 behavior, its niche use for isolated secure workspaces, and why it does not belong inside public WordPress paths.
Concept Breakdown
Octal Structure
| Digit | Meaning |
|---|---|
| 1 | Sticky bit |
| 7 | Owner rwx |
| 0 | Group --- |
| 0 | Others --- |
Behavior
| Action | Result |
|---|---|
| Owner | Full control |
| Group | No access |
| Others | No access |
| Deletion | Only owner deletes files |
Syntax Formula
Apply 1700
chmod 1700 <directory>
Remove sticky bit
chmod -t <directory>
Verify
ls -ld <directory>
Permission Indicator
drwx------T
Capital T = sticky bit + no execute for others.
Practical Example
Secure private ops workspace:
mkdir /srv/private-tmp
chmod 1700 /srv/private-tmp
ls -ld /srv/private-tmp
Expected:
drwx------T ... /srv/private-tmp
Only owner can access & delete.
WordPress-Relevant Usage
| Scenario | Valid | Notes |
|---|---|---|
| Private secure admin workspace | ✅ Good internal use | |
| WP public content dirs | ❌ Not allowed | |
| Uploads / cache | ❌ Breaks site | |
| Shared hosting | ❌ Irrelevant pattern | |
| Dedicated privileged scripts dir | ✅ If private & isolated |
WP Production Scenarios
| Case | Recommendation |
|---|---|
| Internal admin scratch folder | Good |
| Private temp for automation account | Valid |
| Any web folder | Never |
| WP-owned dirs | Avoid; use WP standard perms |
Security Considerations
Benefits
| Benefit | Why |
|---|---|
| Private secure directory | Owner-only access |
| Sticky prevents delete by non-root | Added layer |
Risks
| Risk | Why |
|---|---|
| Misuse in WP tree | Site breaks |
| False sense of security | Sticky ≠ malware protection |
| Loss of usability | Only owner sees files |
Audit:
find / -type d -perm -1000 2>/dev/null
Fix:
chmod -t <dir>
chmod 700 <dir>
Best Practices
| Practice | Reason |
|---|---|
| Use only for internal system/admin dirs | Proper isolation |
Do not apply in /home/*/public_html | WP will fail |
| Prefer least-privilege user per site | Stronger security |
| Use ACL for needed shared access | Modern approach |
WordPress Audit
Scan WP tree:
find /home -perm -1000
If seen inside web path:
chmod -t <dir>
chmod 755 <dir> # reset for WP dirs
Go-Live Checklist
| Requirement | ✅ |
|---|---|
| Sticky only on private dirs | ✅ |
| Not inside WordPress folders | ✅ |
| Owner-only workspace confirmed | ✅ |
| ACL policies applied as needed | ✅ |
Troubleshooting Matrix
| Symptom | Cause | Fix |
|---|---|---|
| Other users can't access | Intended | Change perms if needed |
| WP fails to write/upload | Sticky in web path | Reset perms |
| Cannot delete some files | Sticky effect | Remove -t |
Quick Lab
Create a private script staging folder:
useradd ops
mkdir /srv/ops-lab
chown ops:ops /srv/ops-lab
chmod 1700 /srv/ops-lab
Expected:
drwx------T ... /srv/ops-lab
Cheat Sheet
| Command | Purpose |
|---|---|
| chmod 1700 | Sticky + 700 |
| chmod -t | Remove sticky |
| find / -perm -1000 | Audit sticky dirs |
| ls -ld | Check for T |
Mini-Quiz
| Question | Answer |
|---|---|
| Meaning of 1 in 1700? | Sticky bit |
| Who can delete files? | Owner or root |
| Safe in WP path? | No |
| Indicator? | T in permission bits |