Cybersecurity Triage

Find Writable Directories Missing the Sticky Bit

You need to find directories that any user can write to, but where users can also rename or delete each other's files.

Command

find fixtures/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort

What changed

Nothing changes. The command lists world-writable directories that lack sticky-bit protection.

Danger

safe

When to use it

Use during permission audits when shared write paths may have been opened too broadly.

When not to use it

Do not assume every result is exploitable without checking service users and directory purpose.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Mode, owner, group, and path for writable directories missing the sticky bit.

demo script

Disposable terminal steps

find fixtures/perm-audit -type d -perm -0002 -printf '%m %u:%g %p\n' | sort
find fixtures/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort

Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel

::fixture-ready::
$ find fixtures/perm-audit -type d -perm -0002 -printf '%m %u:%g %p\n' | sort
777 root:root fixtures/perm-audit/releases/2026-06-25/storage/logs
::exit-code::0
$ find fixtures/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort
777 root:root fixtures/perm-audit/releases/2026-06-25/storage/logs
::exit-code::0

YouTube Short

Find unsafe writable dirs.

World-writable directories deserve a second look. Filter for paths missing the sticky bit so the audit starts with the risky ones.

experiments

A/B tests to run

Metric: save_rate

A: Writable is not safely shared.

B: Find unsafe shared dirs.