By design, when you add a new user to Ubuntu , the adduser utility creates a brand new home directory for the account usually in the /home/ followed by the username. The default profile for all new users are modeled after the content in /etc/skel directory.
One thing that most people don’t know or don’t care about is that all new users that are created in Ubuntu can read each other’s profile folder by default. User home folders or directories are created with world read/execute permissions, which give everyone rights to read all content in your home directory.
If you’re concern about security, you may want to change the permissions so that no one is able to read the content in your home directory.
You don’t have to do this if you’re not concern about security. You only want to implement this if you want to ensure confidentiality. It may be wise to use in a server environment.
Run the commands below to view your home directory permissions. Replace username with your account name.
ls -ld /home/username
If it comes back with the line below, then your profile is world readable. If you use a shared machine, anyone with account will be able to browse and read your content.
drwxr-xr-x 17 richard richard 4096 Sep 21 20:28 /home/richard
To change that so no one is able to view your content, run the commands below. Replace username with your account name.
sudo chmod 0750 /home/username
The commands above to make sure no one is able to view your content. When a user without permissions tries, he/she will get access denied.
To ensure all future users are created without world readable home folder, edit /etc/adduser.conf file and change DIR_MODE to 0750.
DIR_MODE=0750
Hope this helps.
Enjoy!
Protect yourself and your devices with the most trusted internet security software availabe.
Invest in some screen real estate with a new big screen, backlit monitor availabe in five different sizes and price points.
I always doing this then setting up VPSes for hosting multiple web sites, why this is not default in Ubuntu Server?
Another problem with Linux is that you need always make backups if you use default ext4 file system. I don’t know if is there any Recycle Bin driver for ext4, but anyway installing it will slow down hosting perfomance, so I’m looking for other approach like moving MySQL and Redis data to home folder and make home folder as separate ext4 partition. Moving Redis data is very easy, but MySQL harder and seems you can’t create another partition on XEN/KVM guest VPS? I’m also using Git to make backups of code, excluding data.