Correct permission for home directory

[lee]

Paul Smith <phhs80 at gmail.com> writes:

> On Sat, Jul 13, 2013 at 3:47 PM, lee <lee at yun.yagibdah.de> wrote:
>>> chmod 755 /home
>>>
>>> But what about
>>>
>>> /home/psmith
>>
>> It depends on what you want.  There is some tradition that home
>> directories are readable for everyone and writable for their owners
>> only.  It may be a good idea to make them readable for their owners only
>> --- or a bad idea like when you're exporting directories in homes
>> through apache (which I think is a very bad idea).
>>
>> In case you have users in groups that need to access someones home
>> directory, you may want to allow group access.  When you have convoluted
>> requirements, you may want to use ACLs to accomplish what you need ...
>
> Thanks, Lee. I have done the following:

yvw :)

> chmod 755 /home
> chown psmith /home/psmith
> chmod -R u=rwx,g=,o= /home/psmith
>
> I hope those have left my system secure!

I'd be wondering what 'g=,o=' actually does.  You may want

chmod u+rwx,go-rwx /home/psmith

and you probably do *not* want to set all files in /home/psmith to be
executable for their owner like you set them with '-R u=x'.

Be careful with chmod.  About twenty years ago when I had my first Linux
installation, I messed it up with chmod when I wanted to edit some files
and it won't let me.  I decided to re-install because all the
permissions were messed up and some things didn't work anymore.

That has been the only time I actually had to re-install a Linux
distribution, except for when switching from i386 to amd64.  Talk about
reliability ...


BTW, iirc there's also some settings for shells like bash that specify
the default mode to use when creating files which you may want to look
at.


-- 
Fedora release 19 (Schrödinger’s Cat)