Setup Linux User Home Folders without World-readable Permissions

By default every new user account you create on a Linux system, the account home directory is automatically opened to all other users on the system… The user’s home folder and all content in it becomes readable by all…

All users’ content in their home directories will be accessed and read by all… In some environmets, this may not be a great way to manage user’s home directories… this brief tutorial is going to show students and new users how to make sure all users created on a Linux system are created ensuring that their home directories are protected..

One thing to note is although all users may be able to view content in other home directories, they won’t be allowed to edit those content… they can only view but not edit.. but still, it’s still a security issue…

Everytime you run the adduser command, the defaults for the user are drawn from the /etc/adduser.conf  file…. All the configurations settings in that file are applied to all new accounts… if you want to prevent users from viewing each other home folder, you can edit that config file and make the changes there…

So, to prevent world-readable permissions for all new users created on Linux systems, run the commands below to open the default adduser.conf file…

sudo nano /etc/adduser.conf

Then change the line that reads:

# If DIR_MODE is set, directories will be created with the specified
# mode. Otherwise the default mode 0755 will be used.
DIR_MODE=0755

and change it to the line below

# If DIR_MODE is set, directories will be created with the specified
# mode. Otherwise the default mode 0755 will be used.
DIR_MODE=0750

Save the file and you’re done…

After making those changes, everytime you run the commands below to create a new account, the new settings will ensure that the user account isn’t readable by all…

sudo adduser johndoe
Adding user `johndoe' ...
Adding new group `johndoe' (1001) ...
Adding new user `johndoe' (1001) with group `johndoe' ...
Creating home directory `/home/johndoe' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for johndoe
Enter the new value, or press ENTER for the default
	Full Name []: John Doe
	Room Number []: 101
	Work Phone []: 123-133-1244
	Home Phone []: 123-133-1244
	Other []: 
Is the information correct? [Y/n] Y

Only the admin or an account with sudo permissions enabled will be able to view content in other home directories…

That’s it!

Enjoy!

You may also like the post below:

Install Zurmo CRM on Ubuntu 16.04 / 17.10 / 18.04 with Nginx, MariaDB and PHP 7.1 Support

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.