By default every new user account you create on a Linux system, the account home directory is automatically opened to all other users on the system. The user’s home folder and all content in it becomes readable by all.
All users’ content in their home directories will be accessed and read by all. In some environmets, this may not be a great way to manage user’s home directories. this brief tutorial is going to show students and new users how to make sure all users created on a Linux system are created ensuring that their home directories are protected.
One thing to note is although all users may be able to view content in other home directories, they won’t be allowed to edit those content. they can only view but not edit. but still, it’s still a security issue.
Everytime you run the adduser command, the defaults for the user are drawn from the /etc/adduser.conf file. All the configurations settings in that file are applied to all new accounts. if you want to prevent users from viewing each other home folder, you can edit that config file and make the changes there.
So, to prevent world-readable permissions for all new users created on Linux systems, run the commands below to open the default adduser.conf file.
sudo nano /etc/adduser.conf
Then change the line that reads:
# If DIR_MODE is set, directories will be created with the specified # mode. Otherwise the default mode 0755 will be used. DIR_MODE=0755
and change it to the line below
# If DIR_MODE is set, directories will be created with the specified # mode. Otherwise the default mode 0755 will be used. DIR_MODE=0750
Save the file and you’re done.
After making those changes, everytime you run the commands below to create a new account, the new settings will ensure that the user account isn’t readable by all.
sudo adduser johndoe Adding user `johndoe' . Adding new group `johndoe' (1001) . Adding new user `johndoe' (1001) with group `johndoe' . Creating home directory `/home/johndoe' . Copying files from `/etc/skel' . Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for johndoe Enter the new value, or press ENTER for the default Full Name : John Doe Room Number : 101 Work Phone : 123-133-1244 Home Phone : 123-133-1244 Other : Is the information correct? [Y/n] Y
Only the admin or an account with sudo permissions enabled will be able to view content in other home directories.
You may also like the post below: