If your home directory is private, then no one else can access any of your files. In order to access a file, a process needs to have execute permission to all the directories on the path down the tree from the root directory. For example, to allow other users to read /home/martin/public/readme
, the directories /
, /home
, /home/martin
and /home/martin/public
all need to have the permissions d??x??x??x
(it can be drwxr-xr-x
, or drwx--x--x
or some other combination), and additionally the file readme
must be publicly readable (-r??r??r??
).
It is common to have home directories with mode drwxr-xr-x
(755) or at least drwx--x--x
(711). Mode 711 (only execute permission) on a directory allows others to access a file in that directory if they know its name, but not to list the content of the directory. Under that home directory, create public and private subdirectories as desired.
If you never, ever want other people to read any of your files, you can make your home directory drwx------
(700). If you do that, you don't need to protect your files individually. This won't break anything other than the ability of other people to read your file.
One common thing that may break, because it's an instance of other people reading your files, is if you have a directory such as ~/public_html
or ~/www
which contains your web page. Depending on the web server's configuration, this directory may need to be world-readable.
You can change the default permissions for the files you create by setting the umask value in your .profile
. The umask is the complement of the maximal permissions of a file. Common values include 022 (writable only by the owner, readable and executable by everyone), 077 (access only by the owner), and 002 (like 022, but also group-writable). These are maximal permissions: applications can set more restrictive permissions, for example most files end up non-executable because the application that created them didn't set the execute permission bits when creating the file.
You did create a user with a home directory that already exists.
adduser: warning: the home directory already exists.
Not copying any file from skel directory into it.
This isn't an error, it's a warning. Usually, the reason not to create a home directory is for a user whose home directory isn't supposed to exist. Here, it does, which has a high chance of being an error by the system administrator (e.g. a bad copy-paste or a buggy script). Since you really meant to use an existing home directory, ignore this warning.
[root@LinuxAcademy ~]# su Jerry
bash-4.1$ bash: /home/panos/.bashrc: Permission denied
bash-4.1$
You did log in as Jerry. That bash 4.1 is running as Jerry. Jerry doesn't have the permission to read his ~/.bashrc
, either because the file .bashrc
is only readable to panos
(and perhaps to a group that Jerry doesn't belong to), or because the directory /home/panos
itself is not accessible (x
permission) to Jerry. So bash tells you that it can't read its startup file, and it displays its default prompt.
Having multiple users with the same home directory is very unusual (excluding system accounts whose home directory doesn't matter). What you should do about permissions depends what you're trying to achieve by this. You probably do want to at least allow all these users to read their home directory.
Best Answer
One way is to use per-user groups (i.e. one group for each user) and then set the home directory permissions to root:smith, mode 0770.
Another (more hacky) way is to script this: Create a script that inspects all home directories (get them via setpwent()/getpwent()) that reside under /home (e.g. not /root) and make it either warn when there's a discrepancy or change the permissions on the spot.
I've done the latter myself in a multi-user environment in the past and worked for years like a charm.