1750
Sticky Bit + 750
1750 combines:
- **Sticky Bit (
1) only owners/root can delete inside directory - Owner:
rwx - Group:
r-x - Others:
--
Effect summary:
Owner full access, group read/execute, others no access, sticky protection against file-deletion inside a directory.
This mode is **rare but potentially useful for internal shared directories where multiple trusted users read/execute but only creators delete their files.
Never appropriate inside WordPress public paths.
Objective
Understand 1750 and its secure application in controlled environments, not in WordPress runtime directories.
Concept Breakdown
Octal structure
| Digit | Meaning |
|---|---|
| 1 | Sticky bit |
| 7 | Owner rwx |
| 5 | Group r-x |
| 0 | Others --- |
Behavior
| Context | Result |
|---|---|
| Directory | Only owners delete own files |
| File (no effect) | Sticky matters only for directories |
Syntax Formula
Apply 1750
chmod 1750 <directory>
Remove sticky bit
chmod -t <directory>
Verify
ls -ld <directory>
Permission Indicator
drwxr-x--T
Or if directory has exec for others (not here) you would see t here it's T.
Key: **T because others have no execute.
Practical Example & Output
Internal shared program dir (read/exec only)
groupadd devshare
mkdir /srv/devshare
chgrp devshare /srv/devshare
chmod 1750 /srv/devshare
ls -ld /srv/devshare
Expected:
drwxr-x--T ... /srv/devshare
WordPress-Relevant Usage
| Scenario | Valid | Notes |
|---|---|---|
| Internal shared tool/asset folder (non-web) | ✅ If controlled | |
| Security staging folder | ✅ With ACL | |
| wp-content/uploads | ❌ Breaks functionality, insecure | |
| wp-content/cache | ❌ Improper for WP | |
| Public HTTP directory | ❌ Never |
WordPress upload/cache directories must not use sticky in production.
Use proper isolation and file ownership instead.
WP Server Scenarios
| Case | Recommendation |
|---|---|
| Controlled internal ops directory | Valid |
| Temporary scratch folder for admins | Valid |
| Any WordPress public dir | Not valid |
| Shared SFTP upload pool | Use 1770 or ACL, not 1750 |
Security Considerations
Advantages
| Benefit | Reason |
|---|---|
| Restricts deletion | Prevents file sabotage |
| Blocks outsiders | No access for others |
Risks
| Risk | Why |
|---|---|
| Misapplied in WP dirs | Upload breaks + attack vector |
| Sticky misunderstood | Doesn’t prevent code execution |
| Manual group handling | Admin overhead |
Audit
find / -type d -perm -1000 2>/dev/null
Remove sticky if misused:
chmod -t <dir>
Best Practices
| Practice | Reason |
|---|---|
| Use only for internal admin paths | No runtime risk |
Prefer /srv or /opt/tools | Not /home/public_html |
| Use ACLs for precision | Modern access control |
| Never apply to WP runtime dirs | Breaks PHP/uploads |
WordPress Audit
Scan WP tree:
find /home -perm -1000
If sticky bit appears inside WordPress path fix:
chmod -t <dir>
chmod 750 <dir>
Then restore normal WP perms.
Go-Live Checklist
| Checklist | ✅ |
|---|---|
| Sticky only in internal dirs | ✅ |
No sticky in /home/*/public_html | ✅ |
| ACL or sudo policy applied | ✅ |
| Audit schedule weekly | ✅ |
Troubleshooting Matrix
| Issue | Cause | Fix |
|---|---|---|
| Team can't delete files | Sticky set | Review perms or remove |
| WP upload fails | Sticky misused | Reset perms |
| Access denied for others | 0 for others | Intended behavior |
Quick Lab
groupadd ops
mkdir /srv/ops-temp
chgrp ops /srv/ops-temp
chmod 1750 /srv/ops-temp
touch /srv/ops-temp/test
List:
ls -ld /srv/ops-temp
Expect:
drwxr-x--T ... /srv/ops-temp
Cheat Sheet
| Command | Purpose |
|---|---|
| chmod 1750 | Sticky + 750 |
| chmod -t | Remove sticky |
| find / -perm -1000 | Audit sticky dirs |
| ls -ld | Check T bit |
Mini-Quiz
| Question | Answer |
|---|---|
| Purpose of sticky bit? | Owner-only delete |
| Safe for WP public dirs? | No |
| Indicator for 1750? | T |
| Better access control alternative? | ACLs |