13
8
What is a default access mode (e.g. 0755) for users home dirs in Ubuntu (e.g. what is output of ls -ld /home/*)? In other major linux distribs (Debian, RedHat, Gentoo, Arch)?
How can I change this default?
PS: Sorry, but I can't find an ubuntu now and test this myself.
osgx
Posted 2011-06-29T13:34:24.963
Reputation: 5 419
14
When creating a user using useradd --create-home username, the skeleton directory (usually /etc/skel) is copied, including its permissions.
The home directory (/home/username) is subject to the UMASK setting in /etc/login.defs. This is set to 022 by default, so the permissions for /home/username becomes 755.
Relevant excerpt from the Ubuntu manual page of useradd:
The following configuration variables in /etc/login.defs change the behavior of this tool:
[..]
UMASK (number)The file mode creation mask is initialized to this value. If not specified, the mask will be initialized to 022.
useradd and newusers use this mask to set the mode of the home directory they create
Lekensteyn
Posted 2011-06-29T13:34:24.963
Reputation: 5 236
What about redhat/debian? – osgx – 2011-06-29T16:43:18.670
AFAIK it's a standard thing of useradd, if it would be Ubuntu-specific, it should have been mentioned in the manual page. A redhat manual page: http://linux.die.net/man/8/useradd
10
Default permission of user home can be controlled in following places.
-k, --skel SKEL_DIR) of useradd.SKEL value in /etc/adduser.conf that define default skeleton directory.DIR_MODE value in /etc/adduser.conf that define default permissions.Home directory of new users are created using /etc/skel as a template (default behavior).
Default permission of /etc/skel is 0755 (drwxr-xr-x).
Using a custom skeleton directory with correct permissions will allow new home directories to have desired permissions.
Defaults for adduser are defined in /etc/adduser.conf.
Default value of DIR_MODE in /etc/adduser.conf is 0755.
Changing DIR_MODE to correct permissions (DIR_MODE=0750 or similar) will allow new home directories to have desired permissions.
According to Ubuntu documentation, this seems to be the best option.
Already existing user home directories will need to be manually changed.
sudo chmod 0750 /home/username
So its a good idea to change /etc/adduser.conf right after the installation to avoid new users getting 0755 (drwxr-xr-x) type permissions.
Still the very first user created during installation will have 0755 set to its home directory, which should be manually changed.
UMASK in /etc/login.defs is a general setting for files/directories/etc created by users (not only in their home directories). and could get changed depending on USERGROUPS_ENAB in /etc/login.defs.
The official explanation: User Management - User Profile Security
Check other sections of User Management as well.
Related: https://askubuntu.com/questions/46501/why-can-other-users-see-the-files-in-my-home-folder
Sithsu
Posted 2011-06-29T13:34:24.963
Reputation: 205
Setting DIR_MODE in /etc/adduser.conf is definitely the right way to go. – user1338062 – 2016-12-09T05:02:43.717
3Link-only answers are a no-no due to possible future link-rot. Please include pertinent information in your answers. – Ƭᴇcʜιᴇ007 – 2013-07-05T17:16:19.223
@techie007 I know. Would have used a comment if I had enough reps. – Sithsu – 2013-07-06T02:43:09.990
1@techie007 Added more content to the answer – Sithsu – 2013-07-06T04:02:24.027
2
Note : Don't change the UMASK value in /etc/login.defs if you want to change the home directory permissions only. Cause changing the UMASK will affect everything.
I once followed the same and when i installed any package system wide using pip it was not accessible to other users and was constantly throwing permission denied. Since the default UMASK affected the permission of all the package directories that got created after the changes were applied.
The correct way is to modify DIR_MODE in /etc/adduser.conf. Since the /etc/adduser.conf is used in most linux distros so this solution works for most.
Abhishek Meena
Posted 2011-06-29T13:34:24.963
Reputation: 21
1
The default permissions for /home in ubuntu is rwxr-xr-x or 755. For /home/user it is also rwxr-xr-x or 755. At least it is on my installation.
To change the file permissions of the home directory, open a terminal and run something like:
chmod 700 /home/user
Remember to change the 700 to the chmod value that you actually want to set.
If you do not own the directory, you need root privileges to change the permissions. Ubuntu uses sudo for that:
sudo chmod 700 /home/user
When you run this command it will ask for the administrator password.
Rincewind42
Posted 2011-06-29T13:34:24.963
Reputation: 121
2Your second part is incorrect, the home directory is owned by yourself, so you won't need superuser right for that. – Lekensteyn – 2011-06-29T16:01:44.770
Your assuming he only wants to change the rights on his own home dir. I did say "If you do not own the directory." My code will work on the home dir of any user. – Rincewind42 – 2011-06-30T03:25:56.977
I edited your post to make it more correct (hopefully you like it), your original post did not include that at all: http://superuser.com/revisions/303995/1
– Lekensteyn – 2011-06-30T06:58:48.1530
Check the umask man page.
The default umask setting is
0022
Allows group and others read and execute access.
nik
Posted 2011-06-29T13:34:24.963
Reputation: 50 788
No, My question is not about an umask, but about default permissions of user's folder itself (just after user a is created, what will be an output of ls -ld /home/a) – osgx – 2011-06-29T14:48:09.503
I'm not asking about umask, but about
skelandhome-dirs– osgx – 2011-06-29T16:42:41.183Please don't add new information in the comments, but include it in the original question – bbaja42 – 2011-06-29T17:14:01.517
it is not a new info, it is comments about wrong understanding of my question – osgx – 2011-06-29T19:05:53.307