By design, when you add a new user to Ubuntu , the adduser utility creates a brand new home directory for the account usually in the /home/ followed by the username. The default profile for all new users are modeled after the content in /etc/skel directory.

One thing that most people don’t know or don’t care about is that all new users that are created in Ubuntu can read each other’s profile folder by default. User home folders or directories are created with world read/execute permissions, which give everyone rights to read all content in your home directory.

If you’re concern about security, you may want to change the permissions so that no one is able to read the content in your home directory.

You don’t have to do this if you’re not concern about security. You only want to implement this if you want to ensure confidentiality. It may be wise to use in a server environment.

Run the commands below to view your home directory permissions. Replace username with your account name.

ls -ld /home/username

 

If it comes back with the line below, then your profile is world readable. If you use a shared machine, anyone with account will be able to browse and read your content.

drwxr-xr-x 17 richard richard 4096 Sep 21 20:28 /home/richard

 

ubuntu-permission-security

 

To change that so no one is able to view your content, run the commands below. Replace username with your account name.

sudo chmod 0750 /home/username

 

The commands above to make sure no one is able to view your content. When a user without permissions tries, he/she will get access denied.

 

ubuntu-permission-security-1

 

To ensure all future users are created without world readable home folder, edit /etc/adduser.conf file and change DIR_MODE to 0750.

DIR_MODE=0750

 

Hope this helps.

Enjoy!