6
1
I'm thinking of doing 'chmod 700 -R ~'. Can it be dangerous? What can happen what I don't expect? Also, is there any way to keep all files on $HOME to be -rwx------?
6
1
I'm thinking of doing 'chmod 700 -R ~'. Can it be dangerous? What can happen what I don't expect? Also, is there any way to keep all files on $HOME to be -rwx------?
6
The main problem I can think of is that that command will set the execute bit on all files, even those that aren’t executable. So, if you have a file called foo
, and someday you want to do cat foo
or print foo
and you accidentally type just foo
, the shell will try to execute foo
; i.e., interpret it as a shell script. This will probably just explode in your face harmlessly, but if foo
contains anything that looks like a shell command, you could get harmful results.
A lesser issue is that if you have a file that you want to preserve, and last year you did a chmod 444
to protect it from yourself, the chmod 700
will restore your write bit, and make it easier for you to clobber the file accidentally.
The solution to both issues is to do chmod go= -R ~
or chmod go-rwx -R ~
, which will turn off all bits for group and others, but leave your access alone.
1Could I run chmod 700 /home/*
instead of doing recursive. Since access into parent directory's permission is denied, other users' will not able to access their sub-directories. @Scott – alper – 2018-06-03T18:47:04.233
0
Kind of old now but you can chmod 700
for folders and chmod 600
files and it would solve the issue of adding the execute bit on all regular files (you need execute on folders to ls
).
find ~ -type d -print0 | xargs -0 chmod 700
find ~ -type f -print0 | xargs -0 chmod 600
3This GNU coreutils command has the same effect: chmod -R ~ go-rwx,u+rwX
. It first removes group and world permissions, then adds read and write to the user and execute to directories. Warning: some files are expected to have an execute bit (like those in ~/bin/
or node_modules/bin/
). – Lekensteyn – 2014-06-20T13:42:37.580
1You don't have to do a recursive
chmod
.chmod 700 ~
will keep all prying eyes out of your home directory. – mtak – 2014-06-20T14:51:33.953@mtak: Ummm, Did you read the existing comments? – Scott – 2014-06-20T15:31:05.207
How about doing
chmod 700 /home/*
instead of doing recursive. Since if access into parent directory's permission is denied, other users' will not able to access their sub-directories. If recursion is required after a new folder created under home~
we have to change its permission. It might be difficult to keep track of all the new folders and update their permission. @Scott – alper – 2018-06-03T18:50:57.3803Why not just
chmod go-rx ~
? No need to recurse. (FWIW, some systems might not like it, e.g. when users publish web sites using~/Sites
or~/www
or something like that -- then the http server needs access to~
-- but you'd know it if you did that). – Daniel Beck – 2013-10-30T22:05:49.773Of course, if somebody made a copy of one of Anon’s world-readable files yesterday, there’s no way of recovering it. But what if somebody made a hard link to one of his files?
chmod
ing the home directory won’t affect that; he needs recursion to make the linked file private. – Scott – 2013-10-30T22:33:12.513