6
1
I'm thinking of doing 'chmod 700 -R ~'. Can it be dangerous? What can happen what I don't expect? Also, is there any way to keep all files on $HOME to be -rwx------?
Anon
Posted 2013-10-30T21:50:27.700
Reputation: 61
chmod 700 -R ~ - is it safe?
Answers
6
The main problem I can think of is that that command will set the execute bit on all files, even those that aren’t executable. So, if you have a file called foo, and someday you want to do cat foo or print foo and you accidentally type just foo, the shell will try to execute foo; i.e., interpret it as a shell script. This will probably just explode in your face harmlessly, but if foo contains anything that looks like a shell command, you could get harmful results.
A lesser issue is that if you have a file that you want to preserve, and last year you did a chmod 444 to protect it from yourself, the chmod 700 will restore your write bit, and make it easier for you to clobber the file accidentally.
The solution to both issues is to do chmod go= -R ~ or chmod go-rwx -R ~, which will turn off all bits for group and others, but leave your access alone.
Scott
Posted 2013-10-30T21:50:27.700
Reputation: 17 653
1Could I run chmod 700 /home/* instead of doing recursive. Since access into parent directory's permission is denied, other users' will not able to access their sub-directories. @Scott – alper – 2018-06-03T18:47:04.233
0
Kind of old now but you can chmod 700 for folders and chmod 600 files and it would solve the issue of adding the execute bit on all regular files (you need execute on folders to ls).
find ~ -type d -print0 | xargs -0 chmod 700
find ~ -type f -print0 | xargs -0 chmod 600
Brendan Stennett
Posted 2013-10-30T21:50:27.700
Reputation: 1
3This GNU coreutils command has the same effect: chmod -R ~ go-rwx,u+rwX. It first removes group and world permissions, then adds read and write to the user and execute to directories. Warning: some files are expected to have an execute bit (like those in ~/bin/ or node_modules/bin/). – Lekensteyn – 2014-06-20T13:42:37.580
1You don't have to do a recursive
chmod.chmod 700 ~will keep all prying eyes out of your home directory. – mtak – 2014-06-20T14:51:33.953@mtak: Ummm, Did you read the existing comments? – Scott – 2014-06-20T15:31:05.207
How about doing
chmod 700 /home/*instead of doing recursive. Since if access into parent directory's permission is denied, other users' will not able to access their sub-directories. If recursion is required after a new folder created under home~we have to change its permission. It might be difficult to keep track of all the new folders and update their permission. @Scott – alper – 2018-06-03T18:50:57.3803Why not just
chmod go-rx ~? No need to recurse. (FWIW, some systems might not like it, e.g. when users publish web sites using~/Sitesor~/wwwor something like that -- then the http server needs access to~-- but you'd know it if you did that). – Daniel Beck – 2013-10-30T22:05:49.773Of course, if somebody made a copy of one of Anon’s world-readable files yesterday, there’s no way of recovering it. But what if somebody made a hard link to one of his files?
chmoding the home directory won’t affect that; he needs recursion to make the linked file private. – Scott – 2013-10-30T22:33:12.513