1777
Sticky Bit + 777
1777 means:
- Sticky bit (
1) - Owner
rwx - Group
rwx - Others
rwx
It is **world-writable but with delete protection (only file owner/root can delete).
This mode is used in shared temp directories.
**Critical default example: /tmp
In WordPress hosting, never apply 1777 inside web-accessible directories. It exposes massive risk.
Objective
Understand 1777, why it exists, and safe vs unsafe usage in WordPress VPS.
Concept Breakdown
Octal structure
| Digit | Meaning |
|---|---|
| 1 | Sticky bit |
| 7 | Owner rwx |
| 7 | Group rwx |
| 7 | Others rwx |
Behavior
- Everyone can read/write/execute
- Sticky protects deletion
- Used for temporary storage where multiple users write files
Syntax Formula
Set sticky + 777
chmod 1777 <directory>
Remove sticky bit
chmod -t <directory>
Permission Indicator
ls -ld output:
drwxrwxrwt
t at others' execute slot confirms sticky bit.
Real Example
/tmp default
ls -ld /tmp
Expected:
drwxrwxrwt ... /tmp
Apply to a dir
mkdir /srv/shared-tmp
chmod 1777 /srv/shared-tmp
ls -ld /srv/shared-tmp
WordPress-Relevant Usage
| Scenario | Valid | Notes |
|---|---|---|
System /tmp | ✅ Default & necessary | |
| Custom isolated temp folder | ✅ If outside web root | |
| wp-content/uploads | ❌ Huge security risk | |
| wp-content/cache | ❌ Never | |
| Any public directory | ❌ Vulnerability | |
| Multi-user SFTP scratch zone | ✅ With chroot + ACL |
**Danger: Attackers can write web-executable files if used in WP dirs.
WP Production Scenarios
| Case | Guidance |
|---|---|
| OS tmp files | Accept default 1777 |
| PHP tmp/sessions | System default, do nothing |
| WP uploads/cache | Use 755 or 750, not 1777 |
| Team shared temp path | Only outside /home/*/public_html |
Security Considerations
Risks if misused
| Risk | Why |
|---|---|
| RCE backdoor | World-writable file upload path |
| Symlink attacks | Temp file redirection |
| Privilege persistence | Attacker stores script |
| Arbitrary deletion abuse | Partial protection only |
Audit
find / -type d -perm -1000 2>/dev/null
Fix
chmod -t <path>
chmod 755 <path>
Best Practices
| Practice | Reason |
|---|---|
| Use 1777 only for OS temp dirs | Standard security model |
| Never in WordPress directories | Upload abuse / malware |
| Use per-site user ownership | Hard isolation |
| Prefer ACL or sudo rules | Safer collaboration model |
WordPress Audit
Scan only WP dirs:
find /home -type d -perm -1000
If any directory under WordPress path is listed security issue.
Fix:
chmod -t <dir>
chmod 755 <dir>
Go-Live Checklist
| Checklist | ✅ |
|---|---|
1777 only for /tmp or admin scratch | ✅ |
| No 1777 in wp-content | ✅ |
| ACL model in shared zones | ✅ |
| Temp isolation enforced | ✅ |
| Weekly audit cron | ✅ |
Troubleshooting Matrix
| Symptom | Cause | Fix |
|---|---|---|
| Visitors can upload files anywhere | Directory 1777 set | chmod -t + 755 |
| Malware found in uploads | Wrong temp perms | Reset perms |
| Session hijacking alerts | Sticky mis-applied tmp | Use system tmp |
Quick Lab
Simulate shared tmp:
mkdir /srv/tmp-test
chmod 1777 /srv/tmp-test
touch /srv/tmp-test/userfile
ls -ld /srv/tmp-test
Expected:
drwxrwxrwt ... /srv/tmp-test
Remove:
chmod 755 /srv/tmp-test
Cheat Sheet
| Command | Purpose |
|---|---|
| chmod 1777 | Sticky + 777 |
| chmod -t | Remove sticky |
| find / -perm -1000 | Audit sticky dirs |
| ls -ld | Verify t bit |
Mini-Quiz
| Question | Answer |
|---|---|
| What does 1777 mean? | Sticky + world-writable |
| Safe for wp-content? | No |
| Primary safe use case? | /tmp |
| Indicator? | t on others execute bit |