Why are all files +r (readable) by others in Linux (Ubuntu)?

2

I don't know if this is an easy one to answer, but I have a VPS and I have noticed a while back that all files created can be read by other users (because files are +r for "others", for some reason).

Why is it like this? I'm using Ubuntu Server edition, is it only like that on Ubuntu?

I think it doesn't respect users' privacy...

Is there a good reason to keep it that way?

If not, how can I change it so all files created by a user in its home folder, for example, is not readable by others?

Pacane

Posted 2011-04-30T00:07:18.600

Reputation: 123

Answers

7

If you're only concerned with files under a home folder, run chmod o-rwx on the relevant directory; taking permission away on the folder blocks access.

The defaults come from /etc/useradd.conf, which is well documented in the comments. The specific value you'll need to change is DIR_MODE.

The default permissions for new files and directories during a shell session are controlled by umask.

This sounds like an odd default, but there may be an assumption by the VPS provider that:

  • home directories will normally be used for website files, so must be readable by apache (which normally runs as nobody), and this reduces their support tickets.
  • than Linux users will change permissions on directories/files they don't want to share.

Phil Lello

Posted 2011-04-30T00:07:18.600

Reputation: 234

4

Reason

The permissions are set very loose by default to allow users to share files with each others. It is safer in general to do this because most users are inexperienced and would find it easier to share their password than to set permissions. The more experienced user can change it rather easily so its just better to do it this way.

Fix

You can change the umask if you would rather have tigher settings. Here is a quick tutorial for how to set it.

Riguez

Posted 2011-04-30T00:07:18.600

Reputation: 3 594

1

You are not required to keep the default permissions for your personal files. Change the umask to set the default permissions.

Xenoactive

Posted 2011-04-30T00:07:18.600

Reputation: 992

Asked: 2011-04-30T00:07:18.600

Viewed: 938 times

Active: 2013-08-26T13:45:24.307